List of Web Hacking Incidents: Known Vulnerability

	Attack Method	Outcome
WHID 2009-16: Primary schools hit by smut hack	Known Vulnerability	Defacement
WHID 2008-05: Drive-by Pharming in the Wild	Cross Site Request Forgery (CSRF) Drive by Pharming Known Vulnerability	Monetary Loss Leakage of Information
WHID 2007-77: HostGator: cPanel Security Hole Exploited in Mass Hack	Known Vulnerability	Planting of Malware
WHID 2007-76: A large web hosting firm inflicted by mass malware installation	Known Vulnerability	Planting of Malware
WHID 2007-74: Web host breach may have exposed passwords for 6,000 clients	Known Vulnerability	Leakage of Information
WHID 2007-67: The Day My Web Site Was Hacked	Known Vulnerability	Link Spam
WHID 2007-61: Another inconvenient truth: Al Gore's Web site hacked	Known Vulnerability	Link Spam
WHID 2007-60: The blog of a Cambridge University security team hacked	Insufficient Authentication Known Vulnerability SQL Injection	Downtime
WHID 2007-40: County's Web site hacked; no data lost	Known Vulnerability	Defacement
WHID 2007-36: Server hacked through holes in Confixx management software	OS Commanding Known Vulnerability	Downtime
WHID 2005-20: Security gaps found in EPA contracting system	Known Vulnerability	Disclosure Only

Attack Method

Outcome

WHID 2009-16: Primary schools hit by smut hack

Known Vulnerability

Defacement

WHID 2008-05: Drive-by Pharming in the Wild

Cross Site Request Forgery (CSRF)

Drive by Pharming

Known Vulnerability

Monetary Loss

Leakage of Information

WHID 2007-77: HostGator: cPanel Security Hole Exploited in Mass Hack

Known Vulnerability

Planting of Malware

WHID 2007-76: A large web hosting firm inflicted by mass malware installation

Known Vulnerability

Planting of Malware

WHID 2007-74: Web host breach may have exposed passwords for 6,000 clients

Known Vulnerability

Leakage of Information

WHID 2007-67: The Day My Web Site Was Hacked

Known Vulnerability

Link Spam

WHID 2007-61: Another inconvenient truth: Al Gore's Web site hacked

Known Vulnerability

Link Spam

WHID 2007-60: The blog of a Cambridge University security team hacked

Insufficient Authentication

Known Vulnerability

SQL Injection

Downtime

WHID 2007-40: County's Web site hacked; no data lost

Known Vulnerability

Defacement

WHID 2007-36: Server hacked through holes in Confixx management software

OS Commanding

Known Vulnerability

Downtime

WHID 2005-20: Security gaps found in EPA contracting system

Known Vulnerability

Disclosure Only

Latest Stories

WAFs are not perfect, but is any security tool perfect? (Feb 9th 2010)
Forrester estimates the WAF market to be $220M in 2010 (Feb 9th 2010)
ModSecurity exceptions for TYPO3 (Jan 20th 2010)
Presentation about WAFs in the cloud (Jan 15th 2010)
The curse of PCI for WAFs (Jan 11th 2010)
A New Year, a New Acronym (Jan 9th 2010)
A Remote Command Injection Vulnerability Applicure's dotDefender Site Management. (Dec 10th 2009)

Navigation

Subscribe:

Xiom is the place to find information about Web Application Firewalls (WAFs) including reviews, analysis, announcements and research. Tune to the RSS channel to get every bit of information or subscribe to the newsletter to receive only in depth articles.

Xiom also leasd and hosts the Web Hacking Incidents Database, a Web Application Security Consortium project aimed at maintaining a list of web applications related security incidents.

Xiom is a community web site lead by Ofer Shezaf.

WHID

The Web Hacking Incident Database

List of Web Hacking Incidents: Known Vulnerability

The Web Hacking Incidents Database

WAF Resources

Latest Stories

Navigation