Section:  .. / 0509-exploits  /

Page 2 of 4
<< 1 2 3 4 >> Files 25 - 50 of 78
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: OS2A_1003.txt
Description:
Hesk versions 0.93 and prior are vulnerable to authentication bypass and path disclosure vulnerabilities caused due to improper validation of the HTTP header. This vulnerability can be exploited to bypass authentication mechanism, and also made to reveal system specific information.
Author:Rajesh Sethumadhavan, Rahul Mohandas, Jayesh K.S
File Size:3080
Last Modified:Sep 23 07:20:11 2005
MD5 Checksum:54b5909937e6613e9be199a944bd444c

 ///  File Name: HYA-2005-008-alstrasoft-epay-pro.tx..>
Description:
Alstrasoft Epay Pro versions 2.0 and below suffer from a directory traversal vulnerability. Exploitation details provided.
Author:GeMe-GeMeS
Homepage:http://www.h4cky0u.org
File Size:1693
Last Modified:Sep 22 08:52:57 2005
MD5 Checksum:5ecd27e84eb62f836a70722f165d85bd

 ///  File Name: 20050917-vbulletin-3.0.8.txt
Description:
vBulletin versions 3.0.9 and below suffer from multiple SQL injection, cross site scripting, and arbitrary file upload vulnerabilities. Detailed exploitation provided.
Author:deluxe, Thomas Waldegger
File Size:6137
Last Modified:Sep 22 08:50:47 2005
MD5 Checksum:a55c483d1d473d27f073633e4bc8d781

 ///  File Name: cutenxpl.php.txt
Description:
CuteNews version 1.4.0 remote code execution exploit. Earlier versions may also be susceptible. Flaw makes use of a lack of user input sanitization.
Author:rgod
Homepage:http://rgod.altervista.org/
File Size:10303
Last Modified:Sep 22 08:47:34 2005
MD5 Checksum:7847b9e293a7818da7fa661313f9ec6e

 ///  File Name: cirt-37-advisory.pdf
Description:
TAC Vista version 3.0 is susceptible to a directory traversal vulnerability. Exploitation details provided.
Author:Dennis Rand
Homepage:http://www.cirt.dk/
File Size:268783
Last Modified:Sep 22 08:44:26 2005
MD5 Checksum:0d5c93a833de403288cd99c2d07eafff

 ///  File Name: phpSession.txt
Description:
PHP Session versions 3.x and 4.x are susceptible to a user login bypass vulnerability due to sharing session id information in the same location for multiple instances.
Author:unknow, adam_i
Homepage:http://www.uw-team.org
File Size:3011
Last Modified:Sep 22 08:40:43 2005
MD5 Checksum:5a147f9756ac66bbbec602abe3266a52

 ///  File Name: dscribe14.txt
Description:
Digital Scribe version 1.4 is susceptible to login bypass, SQL injection, and remote code execution attacks. Exploitation details provided.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:1136
Last Modified:Sep 22 07:51:33 2005
MD5 Checksum:c63d5f2b1a2f1b12dbceb514c02f086b

 ///  File Name: PTL_advisory_050825.txt
Description:
HP LaserJet printers have an extensive administrative user interface that is provided over SNMP. Pinion has discovered that HP LaserJet printers store information regarding recently printed documents. Information such as document name, title, number of pages, document size, user who has printed the document and the machine name where the print job was initiated can all be extracted via SNMP. Exploit provided. HP LaserJet 2430 is verified vulnerable.
Author:George Hedfors
Homepage:http://www.pinion.se
File Size:6173
Last Modified:Sep 22 07:49:16 2005
MD5 Checksum:b376f6008757846aea028cf6ad623110

 ///  File Name: httpXSS.txt
Description:
Orion 1.3.8, 1.4.5, and CompaqHTTPServer 2.1 all fail to sanitize user supplied data when providing a 404 response with the information, allowing for cross site scripting attacks.
Author:Josh Zlatin-Amishav
File Size:260
Last Modified:Sep 22 07:36:47 2005
MD5 Checksum:dbaf85767533b85956050aa8316b63b3

 ///  File Name: noahSQLXSS.txt
Description:
Noah's Classifieds are vulnerable to SQL injection and cross site scripting attacks. Flaws have been tested against version 1.3, others are possibly susceptible.
Author:trueend5
File Size:2198
Last Modified:Sep 22 07:35:16 2005
MD5 Checksum:57eb733a6a38d31506bc9cd201c588a8

 ///  File Name: mivaXSS.txt
Description:
A vulnerability has been reported in MIVA Merchant, which can be exploited by malicious people to conduct cross-site scripting attacks.
File Size:855
Last Modified:Sep 22 07:24:14 2005
MD5 Checksum:7e8e6abcab582f5b254e3e1a7dce5a8b

 ///  File Name: atutor-151.txt
Description:
ATutor 1.5.1 is susceptible to SQL injection, credential disclosure, user impersonation, and remote code execution attacks.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:4705
Last Modified:Sep 15 05:30:49 2005
MD5 Checksum:3fb019435285fba2fabf0dcd960c1594

 ///  File Name: commbankXSS.txt
Description:
A cross site scripting flaw exists in the Commonwealth Bank of Australia's web site.
Author:Calum Power
File Size:3995
Last Modified:Sep 14 09:01:49 2005
MD5 Checksum:2896835c00a1efef82aba36e33f51662

 ///  File Name: subpro204409P.txt
Description:
Subscribe Me Pro versions 2.044.09P and below are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter.
Author:ShoCK FX, h4cky0u
Homepage:http://www.h4cky0u.org
File Size:5546
Last Modified:Sep 14 08:48:06 2005
MD5 Checksum:d219768d5e7915ef946e4bbbcaea8e1c

 ///  File Name: azdg.html
Description:
AzDGDatingLite version 2.1.3 suffers from a remote code execution flaw due to a directory traversal.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:19312
Last Modified:Sep 13 10:46:42 2005
MD5 Checksum:240dc062a583983bde341cf9a5bff488

 ///  File Name: cjXSS.txt
Description:
CjTagBoard 3.0, CjLinkOut 1.0, and CjWeb2Mail 3.0 all suffer from an excessive amount of cross site scripting flaws. Example exploitation provided.
Author:Psymera
File Size:5357
Last Modified:Sep 13 09:40:16 2005
MD5 Checksum:7d1b9d785f7d758fb684fbace584702b

 ///  File Name: PHPNuke78.txt
Description:
PHPNuke 7.8 is susceptible to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Author:onkel_fisch
File Size:2515
Last Modified:Sep 13 09:06:22 2005
MD5 Checksum:47bf31b52e5b98f242d45a4a740813bc

 ///  File Name: snortrigger.c
Description:
Snort versions 2.4.0 and below remote proof of concept exploit that creates a malformed TCP/IP packet that will trigger a vulnerability in the PrintTcpOptions() function from log.c.
Author:nitrous
File Size:5119
Last Modified:Sep 13 08:54:52 2005
MD5 Checksum:993ecdbce275e7849475e0e39000105e

 ///  File Name: mailitnow.html
Description:
The contact.php code from Mail-it Now! version 1.5 is susceptible to a remote code execution flaw. Exploit included.
Author:rgod
Homepage:http://rgod.altervista.org
File Size:9660
Last Modified:Sep 13 08:51:07 2005
MD5 Checksum:8a4541ed8f9025712b62efe9c1989d31

 ///  File Name: spymac-web-os-40-variable-xss.txt
Description:
Spymac Web Os 4.0 is susceptible to cross site scripting attacks due to a lack of variable sanitization.
Author:Lostmon
File Size:1995
Last Modified:Sep 13 08:48:54 2005
MD5 Checksum:55718523f27cf8aceed4a6203201f981

 ///  File Name: mkZebedeeDoS.c
Description:
Zebedee 2.4.1 is susceptible to a denial of service attack when receiving a zero as a port number in the protocol option header. Sample exploit is provided.
Author:Mitsuaki Shiraishi, Tomoki Sanaki, Mutallip Ablimit
File Size:2154
Last Modified:Sep 13 08:39:48 2005
MD5 Checksum:602aabf1e44b2c2568c22b1b45e58eac

 ///  File Name: class1.html
Description:
Class-1 Forum version 0.24.4 SQL injection and remote code execution proof of concept exploit.
Author:rgod
Homepage:http://rgod.altervista.org/
File Size:17670
Last Modified:Sep 8 09:46:26 2005
MD5 Checksum:f905604086859d4e72ea47fb9568dbaa

 ///  File Name: pblang465.php.txt
Description:
PBLang 4.65 and below remote command execution exploit. Written in PHP.
Author:Pengo
Homepage:http://rst.void.ru
File Size:4237
Last Modified:Sep 8 09:43:13 2005
MD5 Checksum:71ccc7f98383698fd3bb92a718f29fce

 ///  File Name: stylemotion.txt
Description:
Stylemotion WEB//NEWS 1.4 is susceptible to SQL injection attacks.
Author:Robin 'onkel_fisch' Verton
Homepage:http://www.it-security23.net
File Size:1292
Last Modified:Sep 8 09:28:43 2005
MD5 Checksum:481c54926e3c6d506cd38053c7db8890

 ///  File Name: MyBBPR2.txt
Description:
SQL injection exploit for MyBB PR2
Author:stranger-killer
File Size:404
Last Modified:Sep 8 05:32:15 2005
MD5 Checksum:cd9f735b64bb72ddccd074a3c0ff4aa2