Section:  .. / 0509-exploits  /

Page 3 of 4
<< 1 2 3 4 >> Files 50 - 75 of 77
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: OS2A_1003.txt
Description:
Hesk versions 0.93 and prior are vulnerable to authentication bypass and path disclosure vulnerabilities caused due to improper validation of the HTTP header. This vulnerability can be exploited to bypass authentication mechanism, and also made to reveal system specific information.
Author:Rajesh Sethumadhavan, Rahul Mohandas, Jayesh K.S
File Size:3080
Last Modified:Sep 23 07:20:11 2005
MD5 Checksum:54b5909937e6613e9be199a944bd444c

 ///  File Name: OSG_Advisory_13.txt
Description:
RealPlayer and Helix Player remote format string exploit. This flaw makes use of the .rp and .rt file formats. Code tested on Debian 3.1 against RealPlayer 10 Gold's latest version.
Author:c0ntex
Homepage:http://www.open-security.org
File Size:10720
Last Modified:Sep 28 00:38:20 2005
MD5 Checksum:b753c5e729eb9c6216cb72df318e125c

 ///  File Name: pblang465.php.txt
Description:
PBLang 4.65 and below remote command execution exploit. Written in PHP.
Author:Pengo
Homepage:http://rst.void.ru
File Size:4237
Last Modified:Sep 8 09:43:13 2005
MD5 Checksum:71ccc7f98383698fd3bb92a718f29fce

 ///  File Name: pblang465.txt
Description:
PBLang 4.65 and possibly prior versions suffers from remote code execution, administrative credentials disclosure, system information disclosure, cross site scripting and path disclosure vulnerabilities.
Author:rgod
Homepage:http://rgod.altervista.org/pblang465.html
File Size:9064
Last Modified:Sep 7 09:02:45 2005
MD5 Checksum:51be931553378c61f187b04af3948651

 ///  File Name: phorum5x.txt
Description:
Phorum versions 5.0.17a and below suffer from multiple vulnerabilities. These include cross site scripting, session hijacking, and insecure creation of client cookies.
Author:Scott Dewey
File Size:7619
Last Modified:Sep 5 08:53:55 2005
MD5 Checksum:71806d1f033150bf32f3846613dcd53b

 ///  File Name: phpcal.txt
Description:
phpCommunityCalendar 4.0.3 suffers from login bypass, SQL injection, and cross site scripting vulnerabilities. Full exploitation details are provided.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:2438
Last Modified:Sep 7 09:09:59 2005
MD5 Checksum:45e9b6694028deb005356f830802fa90

 ///  File Name: phpfusion600109.txt
Description:
Exploit for PHP-Fusion v6.00.109 SQL Injection and admin credentials disclosure vulnerability.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:8361
Last Modified:Sep 29 05:43:30 2005
MD5 Checksum:fb1f0fefc75ecddc016cd57da6a28642

 ///  File Name: phpLDAPadmin.pl.txt
Description:
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 Remote Command Execution exploit written in perl.
Author:Johnnie Walker
Related Exploit:phpldap.html"
File Size:1899
Last Modified:Sep 1 04:57:30 2005
MD5 Checksum:a6a8f190f8ce2d3360461aaa7be7bc65

 ///  File Name: phpmyfuck151.html
Description:
PhpMyFaq version 1.5.1 is susceptible to SQL injection, board takeover, user information disclosure, and remote code execution flaws. Detailed exploitation provided. Earlier versions are also possibly vulnerable.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:13868
Last Modified:Sep 23 09:41:09 2005
MD5 Checksum:7e4688c40fe3f1047e4d60351226021d

 ///  File Name: PHPNuke78.txt
Description:
PHPNuke 7.8 is susceptible to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Author:onkel_fisch
File Size:2515
Last Modified:Sep 13 09:06:22 2005
MD5 Checksum:47bf31b52e5b98f242d45a4a740813bc

 ///  File Name: phpnukeXSS.txt
Description:
The modules.php script in PHP-Nuke is susceptible to cross site scripting attacks via the query variable.
Author:bhfh
File Size:468
Last Modified:Sep 7 09:16:38 2005
MD5 Checksum:8591a54f60962364fb91114dad6fc937

 ///  File Name: phpSession.txt
Description:
PHP Session versions 3.x and 4.x are susceptible to a user login bypass vulnerability due to sharing session id information in the same location for multiple instances.
Author:unknow, adam_i
Homepage:http://www.uw-team.org
File Size:3011
Last Modified:Sep 22 08:40:43 2005
MD5 Checksum:5a147f9756ac66bbbec602abe3266a52

 ///  File Name: poppassd-freebsd.sh.txt
Description:
FreeBSD Qpopper poppassd latest version local root exploit. Tested on FreeBSD 5.4-RELEASE.
Author:kcope
File Size:1237
Last Modified:Sep 26 07:27:20 2005
MD5 Checksum:162efe574682e6d657e6b9d1c60362f7

 ///  File Name: poppassd-lnx.sh.txt
Description:
Linux Qpopper poppassd latest version local root exploit.
Author:kcope
File Size:1397
Last Modified:Sep 26 07:28:44 2005
MD5 Checksum:880ae69daa8a80e3e1fce451afcb85f6

 ///  File Name: PTL_advisory_050825.txt
Description:
HP LaserJet printers have an extensive administrative user interface that is provided over SNMP. Pinion has discovered that HP LaserJet printers store information regarding recently printed documents. Information such as document name, title, number of pages, document size, user who has printed the document and the machine name where the print job was initiated can all be extracted via SNMP. Exploit provided. HP LaserJet 2430 is verified vulnerable.
Author:George Hedfors
Homepage:http://www.pinion.se
File Size:6173
Last Modified:Sep 22 07:49:16 2005
MD5 Checksum:b376f6008757846aea028cf6ad623110

 ///  File Name: pwnzilla.txt
Description:
PwnZilla 5 - Exploit for the IDN host name heap buffer overrun in Mozilla browsers such as Firefox, Mozilla, and Netscape.
Author:Berend-Jan Wever aka Skylined
File Size:13871
Related CVE(s):CAN-2005-2871
Last Modified:Sep 23 08:51:45 2005
MD5 Checksum:eef9337ee7cdaceb446572f6a20a0ea6

 ///  File Name: realchat_PoC.tgz
Description:
Proof of concept exploit for Realchat version 3.5.1b that allows for user impersonation.
Author:Andreas
Homepage:http://www.bedatec.de/
Related File:bedatecRealchat.txt
File Size:2931
Last Modified:Sep 7 08:21:13 2005
MD5 Checksum:3b28ecb9b72cbfacc956ea5a2c740977

 ///  File Name: riverdarkXSS.txt
Description:
Riverdark RSS Syndicator version 2.17 is susceptible to cross site scripting attacks.
Author:X1NG
File Size:463
Last Modified:Sep 24 04:01:22 2005
MD5 Checksum:a943737ac116052361033701e00a232a

 ///  File Name: smf105.txt
Description:
Simple Machine Forum 1-0-5 and possibly earlier versions suffer from an information disclosure vulnerability allowing a malicious user to monitor forum traffic.
Author:rgod
Homepage:http://rgod.altervista.org/smf105.html
File Size:1683
Last Modified:Sep 1 04:51:05 2005
MD5 Checksum:65251e98f9bce9e3bc4082f7a9ac26f1

 ///  File Name: snortrigger.c
Description:
Snort versions 2.4.0 and below remote proof of concept exploit that creates a malformed TCP/IP packet that will trigger a vulnerability in the PrintTcpOptions() function from log.c.
Author:nitrous
File Size:5119
Last Modified:Sep 13 08:54:52 2005
MD5 Checksum:993ecdbce275e7849475e0e39000105e

 ///  File Name: spymac-web-os-40-variable-xss.txt
Description:
Spymac Web Os 4.0 is susceptible to cross site scripting attacks due to a lack of variable sanitization.
Author:Lostmon
File Size:1995
Last Modified:Sep 13 08:48:54 2005
MD5 Checksum:55718523f27cf8aceed4a6203201f981

 ///  File Name: stylemotion.txt
Description:
Stylemotion WEB//NEWS 1.4 is susceptible to SQL injection attacks.
Author:Robin 'onkel_fisch' Verton
Homepage:http://www.it-security23.net
File Size:1292
Last Modified:Sep 8 09:28:43 2005
MD5 Checksum:481c54926e3c6d506cd38053c7db8890

 ///  File Name: subpro204409P.txt
Description:
Subscribe Me Pro versions 2.044.09P and below are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter.
Author:ShoCK FX, h4cky0u
Homepage:http://www.h4cky0u.org
File Size:5546
Last Modified:Sep 14 08:48:06 2005
MD5 Checksum:d219768d5e7915ef946e4bbbcaea8e1c

 ///  File Name: symantecPassword.txt
Description:
Symantec Anti Virus Corporate Edition version 9.x suffers from a local password disclosure flaw where anyone on a machine can view the LiveUpdate password.
Author:golovast
File Size:2487
Last Modified:Sep 1 08:44:55 2005
MD5 Checksum:1671caf407757f5ecc6b846d70580f7a

 ///  File Name: unb153.html
Description:
UNB 1.5.3 suffers from a cross site scripting vulnerability.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:443
Last Modified:Sep 5 09:17:58 2005
MD5 Checksum:d3f5b4c66c1e4f831f4db71bbd253698