Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Classification

Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.

Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical

Select criteria for classification "Software":
Apache, Cerberus Helpdesk, Confixx, cPanel, DSL Router, IIS, Linksys WRT54GL, PHP, WordPress

List of incidents for which Software is Confixx
WHID 2007-36: Server hacked through holes in Confixx management software
Reported: 12 August 2007
Occurred: 01 August 2007

Classifications:

  • Attack Method: Known Vulnerability
  • Attack Method: OS Commanding
  • Country: Germany
  • Outcome: Downtime
  • Software: Confixx
  • Vertical: Service Providers

A command injection vulnerability at 1&1, a large German hosting provider, lead to denial of service and possible home page modification at 30 servers and up to 1700 web sites.

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.