Pequeña lista de Exploits disponibles para varias aplicaciones web y sistemas de gestión de contenidos (CMS), tales como Joomla, Wordpress, Drupal.
El fin de esta entrada es ayudar a los webmasters y administradores de sistemas en la protección de sus sitios web y sistemas contra vulnerabilidades.
JOOMLA EXPLOITS:
- Joomla Enmasse SQL Injection
- Joomla com_agileplmform file upload vulnerability
- Joomla Time Based SQL Injection
- Joomla Discussions Component com_discussions SQL Injection
- Simple File Upload v1.3 Joomla Module Remote Code Execution
- Joomla Component com_dshop SQL Injection Vulnerability
- QContacts 1.0.6 Joomla component SQL injection
WORDPRESS EXPLOITS:
- WordPress <= 3.3.1 Multiple Vulnerabilities
- Wordpress Kish Guest Posting Plugin 1.0 Arbitrary File Upload
- Wordpress uCan Post plugin <= 1.0.09 Stored XSS
- AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload
- Wordpress Age Verification Plugin <= 0.4 Open Redirect
- WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability
- Wordpress Count-per-day plugin Multiple Vulnerabilities
PHPBB EXPLOITS:
- PhpBB MyPage Plugin SQL Injection
- PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting
- PhpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability
- Fully Modded phpBB 2 Remote File Include Exploit
- PHPBB MOD [2.0.19] Invitation Only PassCode Bypass vulnerability
- PHPBB 3.0 0day
- PhpBB3 addon prime_quick_style GetAdmin Vulnerability
SMF EXPLOITS:
- SMF <= 2.0.1 SQL Injection, Privilege Escalation
- Simple Machines forum (SMF) 2.0 session hijacking
- SMF 2.0 RC5 Remote Shell Upload Exploit
- SMF Mod Member Awards 1.0.2 Blind SQL Injection Exploit
VBULLETIN EXPLOITS:
DRUPAL EXPLOITS:
- Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
- Drupal 7.0 Shell Execution Script
- Drupal OG Menu Module XSS Vulnerability
- Drupal Panels Module 6.x PHP Code Execution Vulnerability
- Drupal Privatemsg Module Security Bypass Security Issue
- 0day Drupal <= 6.15 Multiple Permanent XSS
- 0day Drupal DOS <= 6.16 and 5.21
TYPO3 EXPLOITS:
- Typo3 v4.5-4.7 Remote Code Execution RFI/LFI
- Typo3 File Disclosure
- TYPO3 CMS <4.2.14 / 4.3.6 / 4.4.3 XSS, DoS, Privilege escalation
- TYPO3 CMS 4.0 showUid Remote SQL Injection Vulnerability
- TYPO3 < 4.0.12/4.1.10/4.2.6 jumpUrl Remote File Disclosure Exploit
MAGENTO EXPLOITS:
- Magento eCommerce Local File Disclosure
- Magento Multiple Fields Processing Cross Site Scripting Vulnerabilities
- Magento CSRF
VIRTUEMART EXPLOITS:
- Virtuemart <= 1.1.7 Blind time-based SQL Injection MSF
- Virtuemart <= v1.1.7 Blind SQL Injection Exploit
- Joomla Component com_virtuemart Remote File Inclusion Vulnerability
- VirtueMart index.php SQL Injection Vulnerability
- Joomla VirtueMart Module Customers_who_bought... SQL Injection
- Joomla Component com_virtuemart order_status_id SQL Injection
WINDOWS EXPLOITS:
- Windows Service Trusted Path Privilege Escalation
- Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
- Microsoft Office SharePoint Server 2007 Remote Code Execution
- Windows 7 no SP Escalate Task Scheduler XML Privilege Escalation
- Microsoft IIS 6, 7.5 FTP Server Remote Denial Of Service
- Microsoft Windows OLE Object File Handling Remote Code Execution
- Microsoft win2000 IIS MDAC msadcs.dll RDS Remote Command Execution
- Microsoft win2000 IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
- Microsoft IE7 XML Core Services MSXML Uninitialized Memory Corruption
- TFTP Server for Windows 1.4 ST WRQ Buffer Overflow
MAC EXPLOITS:
Saludos.
No hay comentarios:
Publicar un comentario