Section:  .. / 0503-exploits  /

Page 2 of 6
<< 1 2 3 4 5 6 >> Files 25 - 50 of 142
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: AspApp.txt
Description:
Multiple SQL injection and cross site scripting vulnerabilities have been discovered in AspApp. Sample exploitation provided.
Author:Diabolic Crab
Homepage:http://www.hackerscenter.com/
File Size:6473
Last Modified:Mar 29 08:14:13 2005
MD5 Checksum:ae23a77026d9b3bedf11cebcfb6cda1d

 ///  File Name: awstats_shell.c
Description:
Awstats remote exploit that allows for remote command execution on the host with privileges of the httpd process. Versions 5.7 through 6.2 are affected.
Author:omin0us
Homepage:http://dtors.ath.cx
Related File:01.17.05-AW.txt
File Size:6123
Last Modified:Mar 3 21:08:53 2005
MD5 Checksum:013f1d4f9dea1eb5306233d718365dc9

 ///  File Name: phpSysInfo23.txt
Description:
phpSysInfo 2.3 is susceptible to cross site scripting flaws.
Author:Maksymilian Arciemowicz
Homepage:http://securityreason.com/
File Size:6010
Last Modified:Mar 24 07:08:20 2005
MD5 Checksum:d952f283fd4795f279524d09e05ef9dc

 ///  File Name: postnukeSQL0760-2.txt
Description:
PostNuke 0.760-RC2 is susceptible to addtional SQL injection attacks via the download module. Full detailed exploitation provided.
Author:Maksymilian Arciemowicz
File Size:5987
Last Modified:Mar 1 22:56:45 2005
MD5 Checksum:97124f8e82fd5373015fb12687b31755

 ///  File Name: calicclnt_getconfig.pm
Description:
This module exploits a vulnerability in the CA License Client service. This exploit will only work if your IP address will resolve to the target system. This can be accomplished on a local network by running the nmbd service that comes with Samba. If you are running this exploit from Windows and do not filter udp port 137, this should not be a problem (if the target is on the same network segment). Due to the bugginess of the software, you are only allowed one connection to the agent port before it starts ignoring you. If it was not for this issue, it would be possible to repeatedly exploit this bug.
Author:Thor Doomen
Related Exploit:calicserv_getconfig.pm"
File Size:5887
Related CVE(s):CAN-2005-0581
Last Modified:Mar 5 09:11:21 2005
MD5 Checksum:5f30efcc5644f136b804b24acf550c1c

 ///  File Name: trackercam_phparg_overflow.pm
Description:
This module exploits a simple stack overflow in the TrackerCam web server. All current versions of this software are vulnerable to a large number of security issues. This module abuses the directory traversal flaw to gain information about the system and then uses the PHP overflow to execute arbitrary code.
Author:H.D. Moore
Related File:tcambof.txt
File Size:5760
Related CVE(s):CAN-2005-0478
Last Modified:Mar 5 09:02:38 2005
MD5 Checksum:d1d59e296d7230da0e457966cb682f6d

 ///  File Name: paFileDB31.txt
Description:
paFileDB versions 3.1 and below suffer from cross site scripting and path disclosure flaws.
Author:sp3x
File Size:5730
Last Modified:Mar 15 06:13:30 2005
MD5 Checksum:b5dec74179f24061018b880f2bc2f335

 ///  File Name: calicserv_getconfig.pm
Description:
This module exploits an vulnerability in the CA License Server network service. This is a simple stack overflow and just one of many serious problems with this software.
Author:Thor Doomen
Related Exploit:calicclnt_getconfig.pm"
File Size:5698
Related CVE(s):CAN-2005-0581
Last Modified:Mar 5 09:14:20 2005
MD5 Checksum:5d5717adee8004068faf13819201da0d

 ///  File Name: browserDisclose.txt
Description:
Multiple browsers suffer from a sensitive information disclosure flaw. Proof of concept exploitation included.
Author:bitlance winter, Mr. Upken
Homepage:http://xxx.upken.jp/report/ieup/
File Size:5286
Last Modified:Mar 7 07:32:01 2005
MD5 Checksum:5c1f473f56be5c55cffdfb88d30db573

 ///  File Name: panews.txt
Description:
paNews version 2.0b4 is susceptible to SQL injection and remote code execution attacks. Written in Spanish. Detailed exploitation provided.
Author:FraMe
Homepage:http://www.kernelpanik.org
File Size:5232
Last Modified:Mar 1 23:11:27 2005
MD5 Checksum:36960591e314e91ab210afc48367ac1b

 ///  File Name: portalApp.txt
Description:
Multiple SQL injection and cross site scripting vulnerabilities have been discovered in PortalApp. Sample exploitation provided.
Author:Diabolic Crab
Homepage:http://www.hackerscenter.com/
File Size:5199
Last Modified:Mar 29 08:13:38 2005
MD5 Checksum:bceb796bebe444666bac3de88067f3e6

 ///  File Name: dcrab-estore.txt
Description:
E-Store Kit-2 PayPal Edition is susceptible to file include and cross site scripting vulnerabilities.
Author:Dcrab
Homepage:http://icis.digitalparadox.org/~dcrab
File Size:5072
Last Modified:Mar 26 00:41:06 2005
MD5 Checksum:fedf099104a5e7b7f2ff5b77d763ee35

 ///  File Name: paxomatic.c
Description:
PaX double-mirrored VMA munmap local root exploit. This exploit has only been tested on Debian 3.0 running Linux 2.4.29 patched with grsecurity-2.1.1-2.4.29-200501231159.
Author:Christophe Devine
Related File:PaXprivesc.txt
File Size:4942
Last Modified:Mar 15 08:28:33 2005
MD5 Checksum:2145bfb702bc4ea242a0daf8c621bf9a

 ///  File Name: postnukeSQL0760.txt
Description:
PostNuke 0.760-RC2 is susceptible to SQL injection attacks. Full detailed exploitation provided.
Author:Maksymilian Arciemowicz
File Size:4667
Last Modified:Mar 1 22:51:26 2005
MD5 Checksum:e003fb998c26633a214a146b585a02c9

 ///  File Name: silePNEWSxpl_v2.0b4.c
Description:
Exploit for the paNews version 2.0b4 SQL injection flaw.
Author:Silentium of Anacron Group Italy
Homepage:http://www.autistici.org/anacron-group-italy
Related Exploit:panews.txt"
File Size:4563
Last Modified:Mar 15 06:10:31 2005
MD5 Checksum:d2fe47bd4bf93a4712873f5ff52b00ed

 ///  File Name: obsdDoS.c
Description:
OpenBSD 2.0 through 3.6 remote denial of service exploit that makes use of a timestamp flaw that causes the system to crash.
Homepage:http://rst.void.ru
File Size:4201
Last Modified:Mar 15 07:56:41 2005
MD5 Checksum:2a0e7e21417d754e4b88fbea3b9d9775

 ///  File Name: ARGENISS-ADV-030501.txt
Description:
Argeniss Security Advisory - Oracle database servers versions 8i and 9i are susceptible to directory traversal attacks.
Author:Cesar Cerrudo
Homepage:http://www.argeniss.com/
File Size:4058
Last Modified:Mar 15 05:45:02 2005
MD5 Checksum:0e886d91c292cb9b627ca6f50976bdef

 ///  File Name: real-seh.cpp
Description:
Proof of concept exploit for the Realplayer 10 .smil file local buffer overflow vulnerability.
Author:nolimit
File Size:4009
Last Modified:Mar 15 05:23:27 2005
MD5 Checksum:3ce388a1e948134b3f3506daea3cd9ab

 ///  File Name: pafileDB31.txt
Description:
paFileDB versions 3.1 and below are susceptible cross site scripting and SQL injection attacks.
Author:sp3x
Homepage:http://www.securityreason.com
File Size:3968
Last Modified:Mar 17 07:47:30 2005
MD5 Checksum:4cfe80b15c174a8a1d3d9f0972dfb206

 ///  File Name: exp3.pl.txt
Description:
Proof of concept exploit that makes use of functions in libc in order to gain MySQL user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
Author:Stefano Di Paola
Homepage:http://www.wisec.it
Related File:mysqlCreatelibc.txt
File Size:3871
Last Modified:Mar 15 16:32:55 2005
MD5 Checksum:03d076773b4edd27cd71264b66a9ea04

 ///  File Name: smack.c.gz
Description:
Remote root exploit for the preparse_address_1() heap buffer overflow in Smail versions 3.20.120 and below.
Author:infamous41md
Related File:smailHeap.txt
File Size:3840
Last Modified:Mar 29 07:30:58 2005
MD5 Checksum:07ebc36eaafbfaba94becbce88dcec6b

 ///  File Name: serversAlive.txt
Description:
A vulnerability in Servers Alive versions 4.1 and 5.0 allows for local users to gain SYSTEM privileges via launching cmd.exe inside of Notepad.
Author:Michael Starks
File Size:3759
Related CVE(s):CAN-2005-0352
Last Modified:Mar 22 06:48:44 2005
MD5 Checksum:13d55d154f904f1f019f187b3a798265

 ///  File Name: phpbb2013.txt
Description:
phpBB 2.0.13 fails to properly sanitize some variables in the usercp_register.php script.
Author:Paisterist
Homepage:http://neosecurityteam.tk/
File Size:3755
Last Modified:Mar 4 05:48:18 2005
MD5 Checksum:9a3e536fd600d5c387014b661b44afbf

 ///  File Name: cutenews.txt
Description:
Cutenews version 1.3.6 allows for cross site scripting and local code execution attacks. Written in Spanish. Detailed exploitation provided.
Author:FraMe
Homepage:http://www.kernelpanik.org
File Size:3549
Last Modified:Mar 1 23:12:50 2005
MD5 Checksum:a5a371f74cdf229b09e5edbafa1652a8

 ///  File Name: photopostSQLXSS.txt
Description:
Photopost PHP Pro Photo Gallery software is susceptible to multiple cross site scripting and SQL injection attacks. Detailed exploitation provided.
Author:Diabolic Crab
Homepage:http://www.hackerscenter.com/
File Size:3524
Last Modified:Mar 29 07:25:08 2005
MD5 Checksum:2ca859abb7fbc89929c944b1a579a590