Section:  .. / 1002-exploits  /

Page 1 of 16
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 >> Files 1 - 25 of 396
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: ultraiso.c
Description:
UltraISO version 9.3.6.2750 local buffer overflow exploit.
Author:fl0 fl0w
File Size:707680
Last Modified:Feb 9 17:57:50 2010
MD5 Checksum:ccfdee94e145a442e745eb9612104bb2

 ///  File Name: ultraiso.py.txt
Description:
UltraISO version 9.3.6.2750 local buffer overflow exploit that spawns calc.exe. Written in Python.
Author:Dz_attacker
File Size:334714
Last Modified:Feb 9 19:58:29 2010
MD5 Checksum:c4e941d6591ab57eefc3217efe704485

 ///  File Name: safarichrome-dos.txt
Description:
Apple Safari version 4.0.4 and Google Chrome version 4.0.249 suffer from a stack overflow denial of service vulnerability.
Author:Rad L. Sneak
File Size:227468
Last Modified:Feb 25 01:15:15 2010
MD5 Checksum:82269e14fb958d3fb976e425b9e64c59

 ///  File Name: gomplayer21214846-overflow.txt
Description:
GOM Player version 2.1.21.4846 buffer overflow exploit that creates a malicious .wav file.
Author:cr4wl3r
File Size:77069
Last Modified:Feb 23 02:26:36 2010
MD5 Checksum:40cd3af055f6a9f46ef2f303961d5480

 ///  File Name: osTicket-1.6-RC5-SQLi.pdf
Description:
osTicket version 1.6 RC5 suffers from a remote SQL injection vulnerability.
Author:N. Grisolia
File Size:62268
Last Modified:Feb 9 20:07:07 2010
MD5 Checksum:ec1529f995756f640c70fa6a43bf4af8

 ///  File Name: osTicket-1.6-RC5-ReflectedXSS.pdf
Description:
osTicket version 1.6 RC5 suffers from a reflected cross site scripting vulnerability.
Author:N. Grisolia
File Size:60831
Last Modified:Feb 9 20:06:53 2010
MD5 Checksum:9ac54fb81c95c8a33e75c2502f8895b0

 ///  File Name: Hipergate-4.0.12-ReflectedXSS.pdf
Description:
Hipergate version 4.0.12 suffers from a reflected cross site scripting vulnerability.
Author:N. Grisolia
File Size:60017
Last Modified:Feb 4 01:50:43 2010
MD5 Checksum:c4ae14b95f6b97895fbde7eb9e9d3fa9

 ///  File Name: OCHOA-2010-0209.txt
Description:
Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. Proof of concept exploit included.
Author:Agustin Azubel,Hernan Ochoa
Homepage:http://www.hexale.org/
File Size:59641
Related CVE(s):CVE-2010-0231
Last Modified:Feb 9 20:03:22 2010
MD5 Checksum:bda076f3b77016ef22d44fd963cc382f

 ///  File Name: Hipergate-4.0.12-PermanentXSS.pdf
Description:
Hipergate version 4.0.12 suffers from a permanent cross site scripting vulnerability.
Author:N. Grisolia
File Size:58306
Last Modified:Feb 4 01:49:14 2010
MD5 Checksum:1d2b1c6e1e6be949e7cbd52c92882723

 ///  File Name: Hipergate-4.0.12-SQLCommandExec.pdf
Description:
Hipergate version 4.0.12 suffers from a remote SQL injection vulnerability.
Author:N. Grisolia
File Size:56495
Last Modified:Feb 4 01:52:10 2010
MD5 Checksum:a5cc9759bc347aa210794009247813a5

 ///  File Name: CORE-2009-0625.txt
Description:
Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
Author:Core Security Technologies,Federico Muttis,Jorge Luis Alvarez Medina
Homepage:http://www.coresecurity.com/corelabs/
File Size:18432
Related CVE(s):CVE-2010-0255
Last Modified:Feb 4 02:20:01 2010
MD5 Checksum:36320648119fe6322abfd8ce8887f87e

 ///  File Name: joomlasqlreport-sql.txt
Description:
The Joomla SQL Report component suffers from a remote blind SQL injection vulnerability.
Author:Snakespc
File Size:17317
Last Modified:Feb 23 20:07:24 2010
MD5 Checksum:507e270668c6226a9a3dbc4e12bf1f3c

 ///  File Name: CORE-2010-0121.txt
Description:
Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.
Author:Core Security Technologies,Dan Crowley
Homepage:http://www.coresecurity.com/corelabs/
File Size:16509
Last Modified:Feb 5 20:42:15 2010
MD5 Checksum:8e5f421a8e3147938908dd4d9a608315

 ///  File Name: deepburner.c
Description:
Deepburner Pro version 1.9.0.228 dbr file universal buffer overflow exploit.
Author:fl0 fl0w
File Size:16371
Last Modified:Feb 2 22:19:33 2010
MD5 Checksum:3947416e25068b90cb387e048c42cebe

 ///  File Name: java_signed_applet.rb.txt
Description:
This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR.
Author:natron
Homepage:http://www.metasploit.com
File Size:13877
Last Modified:Feb 5 18:56:35 2010
MD5 Checksum:582aae1c0eff51e3f30d79add62758eb

 ///  File Name: mediac.c
Description:
MediaCoder version 0.7.3.4605 local buffer overflow exploit with calc.exe and bindshell shellcode.
Author:fl0 fl0w
File Size:11904
Last Modified:Feb 25 00:03:13 2010
MD5 Checksum:bd212377a0b1b463975331d7928ce0e8

 ///  File Name: radasm-poc.c
Description:
Radasm local buffer overflow proof of concept exploit that creates a malicious .rap file.
Author:fl0 fl0w
File Size:11856
Last Modified:Feb 12 02:03:52 2010
MD5 Checksum:ed77dfa8795bd7067867bc789e7e4aa4

 ///  File Name: TWSL2010-001.txt
Description:
SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
Homepage:http://www.trustwave.com/
File Size:11039
Last Modified:Feb 9 20:59:07 2010
MD5 Checksum:b7a0e2b58df7410038fd965bd2738cc8

 ///  File Name: sapone_fc.tar.bz2
Description:
Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin.
Author:Luigi Auriemma,Peter Osterberg
Homepage:http://aluigi.org/
Related Exploit:sapone.zip
Related File:sapone.txt
File Size:10569
Last Modified:Feb 8 20:19:54 2010
MD5 Checksum:32c6cabe1db27fbf0308144890b2d306

 ///  File Name: CORE-2010-0104.txt
Description:
Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
Author:Adrian Manrique,Aureliano Calvo,Core Security Technologies
Homepage:http://www.coresecurity.com/corelabs/
File Size:10300
Related CVE(s):CVE-2010-0368, CVE-2010-0369
Last Modified:Feb 5 19:16:11 2010
MD5 Checksum:92cacafd80234bf0eb614d89411c5edb

 ///  File Name: orbitalviewer-overflow.txt
Description:
Orbital Viewer version 1.04 local universal SEH overflow exploit that creates a malicious .orb file. Comes complete with calc.exe, reverse shell, and bind shell execution options.
Author:mr_me
File Size:10174
Related CVE(s):CVE-2010-0688
Last Modified:Feb 26 19:05:37 2010
MD5 Checksum:fd49ef64d5a4993d0bb0e61caf30d7fa

 ///  File Name: adobexml-injection.txt
Description:
Security-Assessment.com discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks.
Author:Roberto Suggi Liverani Craig
Homepage:http://www.security-assessment.com/
File Size:10027
Related CVE(s):CVE-2009-3960
Last Modified:Feb 23 02:12:01 2010
MD5 Checksum:65982f51ebc657187bab47ec7286e4f4

 ///  File Name: feedDemon.c
Description:
feedDemon version 3.1.0.9 .opml file local buffer overflow exploit.
Author:fl0 fl0w
File Size:9372
Last Modified:Feb 10 15:48:38 2010
MD5 Checksum:80d40a72966fa0347f4aea4b110284e1

 ///  File Name: ms08_078_xml_corruption.rb.txt
Description:
This Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:9363
Related OSVDB(s):50622
Related CVE(s):CVE-2008-4844
Last Modified:Feb 11 19:19:23 2010
MD5 Checksum:abc1e3d2c68694f5fa52e7d6b0cfd36f

 ///  File Name: wireshark_lwres_getaddrbyname_loop...>
Description:
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. This version loops, sending the packet every X seconds until the job is killed.
Author:babi,jduck
Homepage:http://www.metasploit.com
File Size:8189
Related OSVDB(s):61987
Related CVE(s):CVE-2010-0304
Last Modified:Feb 12 02:22:27 2010
MD5 Checksum:fefa56761067c379f074cba485e83adc