Section:  .. / 1002-exploits  /

Page 6 of 16
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 >> Files 125 - 150 of 396
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: joomlaotzivi-lfi.txt
Description:
The Joomla Otzivi component suffers from a local file inclusion vulnerability.
Author:AtT4CKxT3rR0r1ST
File Size:1054
Last Modified:Feb 18 21:21:35 2010
MD5 Checksum:88747c4911ed8a92b94b337bbdc7d6dd

 ///  File Name: joomlascriptegrator-lfi.txt
Description:
Core Design Scriptegrator for Joomla! version 1.5 suffers from a local file inclusion vulnerability.
Author:S2 Crew
File Size:436
Last Modified:Feb 18 20:52:21 2010
MD5 Checksum:642fd89a47b2e01dc8b13921c03b7847

 ///  File Name: gitweb-exec.txt
Description:
gitWeb version 1.x suffers from a remote command execution vulnerability.
Author:S2 Crew
File Size:431
Related CVE(s):CVE-2008-5516, CVE-2008-5517
Last Modified:Feb 18 20:50:54 2010
MD5 Checksum:997ac2f72aedeb75f24449613ad8096f

 ///  File Name: qbik_wingate_wwwproxy.rb.txt
Description:
This Metasploit module exploits a stack overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code.
Author:patrick
Homepage:http://www.metasploit.com
File Size:2336
Related OSVDB(s):26214
Related CVE(s):CVE-2006-2926
Last Modified:Feb 18 20:47:45 2010
MD5 Checksum:3fb1ecfa9922d452cf006b2e79743e07

 ///  File Name: tomcat_mgr_deploy.rb.txt
Description:
This Metasploit module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module.
Author:jduck
Homepage:http://www.metasploit.com
File Size:3822
Related OSVDB(s):60317
Related CVE(s):CVE-2009-3843
Last Modified:Feb 18 20:47:27 2010
MD5 Checksum:d73ec93fdbad878f033e319661b1c7c1

 ///  File Name: PR09-04.txt
Description:
Portwise SSL VPN version 4.6 suffers from a cross site scripting vulnerability.
Author:George Christopoulos,Jan Fry,ProCheckUp
Homepage:http://www.procheckup.com/
File Size:1918
Last Modified:Feb 17 19:35:45 2010
MD5 Checksum:e91363a6467550b7abc72a540fa512d3

 ///  File Name: risingonline-dos.txt
Description:
Rising Online Virus Scanner version 22.0.0.5 Active-X related denial of service exploit.
Author:wirebonder
File Size:827
Last Modified:Feb 17 19:08:07 2010
MD5 Checksum:98618b939ea996d7d5a4c97b0e32607b

 ///  File Name: punbbannuaire-sql.txt
Description:
PunBBAnnuaire versions 0.4 and below suffer from a remote blind SQL injection vulnerability.
Author:Metropolis
File Size:914
Last Modified:Feb 17 19:00:50 2010
MD5 Checksum:01d72028e910bc24d6b72bbb29eba8ea

 ///  File Name: joomlaallvideos31-disclose.txt
Description:
The Joomla AllVideos plugin version 3.1 suffers from a remote file download vulnerability.
Author:Mehul Revankar
Related Exploit:joomlaallvideos-download.txt
File Size:520
Last Modified:Feb 17 18:58:13 2010
MD5 Checksum:db81c2cf3e02fe5df667c57d027a9eb5

 ///  File Name: pixelportal-sql.txt
Description:
Pixel Portal suffers from a remote SQL injection vulnerability.
Author:Pouya Daneshmand
File Size:816
Last Modified:Feb 17 18:56:24 2010
MD5 Checksum:fffe10a909e905071cb3d7ffccbeaa54

 ///  File Name: joomlaacstartseite-sql.txt
Description:
The Joomla ACStartSeite component suffers from a remote SQL injection vulnerability.
Author:AtT4CKxT3rR0r1ST
File Size:976
Last Modified:Feb 17 18:53:30 2010
MD5 Checksum:d49fec76357c4c804dcaa39f29e6bad8

 ///  File Name: bbnew-sql.txt
Description:
bbNew suffers from a remote SQL injection vulnerability.
Author:Easy Laster
File Size:2003
Last Modified:Feb 17 18:52:02 2010
MD5 Checksum:3babc5a2115de137c0859900e0c17bdf

 ///  File Name: joomlaacteammember-sql.txt
Description:
The Joomla ACTeamMember component suffers from a remote SQL injection vulnerability.
Author:altbta
File Size:1080
Last Modified:Feb 17 18:50:45 2010
MD5 Checksum:b9a10aed5a79959cebcc0d0f7178c5f3

 ///  File Name: auktionshaus-sql.txt
Description:
Auktionshaus version 4 suffers from a remote SQL injection vulnerability.
Author:Easy Laster
File Size:1932
Last Modified:Feb 17 18:49:35 2010
MD5 Checksum:6f3811fb3689fe111062d1e532041033

 ///  File Name: itunespls-overflow.txt
Description:
iTunes file handling local buffer overflow exploit that creates a malicious .pls file. Affects version 9.0 on Mac OS X.
Author:S2 Crew
File Size:1227
Related CVE(s):CVE-2009-2817
Last Modified:Feb 17 18:48:05 2010
MD5 Checksum:0a4b0f2d9d0193d1fb1dc261334d1bc4

 ///  File Name: phpids-rfi.txt
Description:
PHPIDS version 0.4 suffers from a remote file inclusion vulnerability.
Author:eidelweiss
File Size:1475
Last Modified:Feb 17 18:46:01 2010
MD5 Checksum:2d588bb3c839b05992aed904f4b0560e

 ///  File Name: lprng_format_string.rb.txt
Description:
This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".
Author:jduck
Homepage:http://www.metasploit.com
File Size:4942
Related OSVDB(s):421
Related CVE(s):CVE-2000-0917
Last Modified:Feb 17 18:45:41 2010
MD5 Checksum:6d35b4aae06d6486bf87ed8f10cfbfb4

 ///  File Name: hplip_hpssd_exec.rb.txt
Description:
This Metasploit module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This Metasploit module was written and tested using the Fedora 6 Linux distribution. On the test system, the daemon listens on localhost only and runs with root privileges. Although the configuration shows the daemon is to listen on port 2207, it actually listens on a dynamic port. NOTE: If the target system does not have a 'sendmail' command installed, this vulnerability cannot be exploited.
Author:jduck
Homepage:http://www.metasploit.com
File Size:2806
Related OSVDB(s):41693
Related CVE(s):CVE-2007-5208
Last Modified:Feb 17 18:43:54 2010
MD5 Checksum:4619e503f656a7ac14ba62f0c9ddb880

 ///  File Name: auktionshausgelb-sql.txt
Description:
Auktionshaus Gelb version 3 suffers from a remote SQL injection vulnerability in news.php.
Author:Easy Laster
File Size:1852
Last Modified:Feb 17 18:42:44 2010
MD5 Checksum:fbd8145f709cc417f43f72a5808d418d

 ///  File Name: dxstudio_player_exec.rb.txt
Description:
This Metasploit module exploits a command execution vulnerability within the DX Studio Player from Worldweaver. The player is a browser plugin for IE (ActiveX) and Firefox (dll). When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an attacker can execute arbitrary commands. Testing was conducted using plugin version 3.0.29.0 for Firefox 2.0.0.20 and IE 6 on Windows XP SP3. In IE, the user will be prompted if they wish to allow the plug-in to access local files. This prompt appears to occur only once per server host. NOTE: This exploit uses additionally dangerous script features to write to local files!
Author:jduck
Homepage:http://www.metasploit.com
File Size:3980
Related OSVDB(s):54969
Related CVE(s):CVE-2009-2011
Last Modified:Feb 17 18:42:40 2010
MD5 Checksum:a5e34c10bb1819af3e1f8e7223de5072

 ///  File Name: cmdweb.rb.txt
Description:
This Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.
Author:bannedit
Homepage:http://www.metasploit.com
File Size:1449
Last Modified:Feb 17 18:41:45 2010
MD5 Checksum:ada76d6bfbb9d95a55fb2653d4f77994

 ///  File Name: erotik-sql.txt
Description:
Erotik Auktionshaus suffers from a remote SQL injection vulnerability in news.php.
Author:Easy Laster
File Size:1850
Last Modified:Feb 17 18:41:38 2010
MD5 Checksum:94087ebe60fa48351fe09e9951e127de

 ///  File Name: usermap_script.rb.txt
Description:
This Metasploit module exploits a command execution vulnerability in Samba versions 3.0.0 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
Author:jduck
Homepage:http://www.metasploit.com
File Size:2304
Related OSVDB(s):34700
Related CVE(s):CVE-2007-2447
Last Modified:Feb 17 18:41:21 2010
MD5 Checksum:46bfc03e288419f9bc5b3e7317a34c3b

 ///  File Name: uground-sql.txt
Description:
uGround versions 1.0b and below suffer from a remote SQL injection vulnerability.
Author:Easy Laster
File Size:2084
Last Modified:Feb 17 17:29:14 2010
MD5 Checksum:565e533b143d97c6fcf59a866e40c3c7

 ///  File Name: nabernet-sql.txt
Description:
Nabernet suffers from a remote SQL injection vulnerability.
Author:AtT4CKxT3rR0r1ST
File Size:892
Last Modified:Feb 17 17:27:37 2010
MD5 Checksum:4d081605ed4cc385827fcf58fa47eed2