Section:  .. / 1002-exploits  /

Page 14 of 16
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 >> Files 325 - 350 of 396
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: opera3.pl.txt
Description:
Opera version 10.10 remote denial of service exploit.
Author:Dj7xpl,cr4wl3r
File Size:1934
Last Modified:Feb 8 17:32:47 2010
MD5 Checksum:12967b6a65dd615075519869ea5b637b

 ///  File Name: obb-sql.txt
Description:
Open Bulletin Board suffers from a remote blind SQL injection vulnerability.
Author:AtT4CKxT3rR0r1ST
File Size:1431
Last Modified:Feb 8 17:29:57 2010
MD5 Checksum:3188bf3bd97fe1af12f8451e533dbcf4

 ///  File Name: joomlagirls-sql.txt
Description:
The Joomla Girls component suffers from a remote SQL injection vulnerability.
Author:Fl0riX
File Size:799
Last Modified:Feb 8 17:17:34 2010
MD5 Checksum:d8b4034f335f460ae66c03493eb25c54

 ///  File Name: joomlacommodel-sql.txt
Description:
The Joomla Model component suffers from a remote SQL injection vulnerability.
Author:Fl0riX
Related Exploit:joomlamodel-sql.txt
File Size:1191
Last Modified:Feb 8 17:12:56 2010
MD5 Checksum:3ab784b44d144f6984ef998c42689daf

 ///  File Name: CORE-2010-0121.txt
Description:
Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.
Author:Core Security Technologies,Dan Crowley
Homepage:http://www.coresecurity.com/corelabs/
File Size:16509
Last Modified:Feb 5 20:42:15 2010
MD5 Checksum:8e5f421a8e3147938908dd4d9a608315

 ///  File Name: flexmysql-sql.txt
Description:
Flex MySQL Connector suffers from a remote SQL injection vulnerability.
Author:DungPQ
File Size:2314
Last Modified:Feb 5 20:39:49 2010
MD5 Checksum:c0bb97b1a43f90c2381075947dbc7e70

 ///  File Name: CORE-2010-0104.txt
Description:
Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
Author:Adrian Manrique,Aureliano Calvo,Core Security Technologies
Homepage:http://www.coresecurity.com/corelabs/
File Size:10300
Related CVE(s):CVE-2010-0368, CVE-2010-0369
Last Modified:Feb 5 19:16:11 2010
MD5 Checksum:92cacafd80234bf0eb614d89411c5edb

 ///  File Name: mysql_yassl_getname.rb.txt
Description:
This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL.
Author:jduck
Homepage:http://www.metasploit.com
File Size:5840
Related OSVDB(s):61956
Last Modified:Feb 5 19:07:12 2010
MD5 Checksum:d029c6a4e1e757e8e1f838fe13930102

 ///  File Name: novelliprint_datetime.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing a specially crafted date/time string via certain parameters to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in order to reach this vulnerability.
Author:jduck
Homepage:http://www.metasploit.com
File Size:3605
Related OSVDB(s):60804
Related CVE(s):CVE-2009-1569
Last Modified:Feb 5 19:05:53 2010
MD5 Checksum:1baa5f1892dc7e563aacd2917138431b

 ///  File Name: novelliprint_target-frame.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing an overly long string via the "target-frame" parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in order to reach this vulnerability.
Author:jduck
Homepage:http://www.metasploit.com
File Size:3666
Related OSVDB(s):60803
Related CVE(s):CVE-2009-1568
Last Modified:Feb 5 19:05:37 2010
MD5 Checksum:ed7494832b423837a82986e57fc24d46

 ///  File Name: deepburner_path.rb.txt
Description:
This Metasploit module exploits a stack-based buffer overflow in versions 1.9.0.228, 1.8.0, and possibly other versions of AstonSoft's DeepBurner (Pro, Lite, etc). An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded DBR file within a browser, since the DBR extension is registered to DeepBurner.
Author:Expanders,fl0 fl0w
Homepage:http://www.metasploit.com
File Size:3874
Related OSVDB(s):32356
Related CVE(s):CVE-2006-6665
Last Modified:Feb 5 18:58:19 2010
MD5 Checksum:35c9773dc0a7fa04a697d0a53ee89484

 ///  File Name: audiotran_pls.rb.txt
Description:
This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Audiotran. This functionality has not been tested in this module.
Author:Sebastien Duquette,dookie
Homepage:http://www.metasploit.com
File Size:2037
Related OSVDB(s):55424
Related CVE(s):CVE-2009-0476
Last Modified:Feb 5 18:57:35 2010
MD5 Checksum:1c48cbe8f3969646ca1f174aeeac87e9

 ///  File Name: wireshark_lwres_getaddrbyname.rb.tx..>
Description:
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue.
Author:babi,jduck
Homepage:http://www.metasploit.com
File Size:7491
Related OSVDB(s):61987
Related CVE(s):CVE-2010-0304
Last Modified:Feb 5 18:57:03 2010
MD5 Checksum:40cfc04732b379ed5f4261da9cf95bf6

 ///  File Name: java_signed_applet.rb.txt
Description:
This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR.
Author:natron
Homepage:http://www.metasploit.com
File Size:13877
Last Modified:Feb 5 18:56:35 2010
MD5 Checksum:582aae1c0eff51e3f30d79add62758eb

 ///  File Name: interspire-sqlxss.txt
Description:
Interspire Knowledgebase Manager versions 5.1.3 and below suffer from information disclosure, cross site scripting and remote SQL injection vulnerabilities.
Author:Cory Marsh
File Size:7753
Last Modified:Feb 5 18:40:13 2010
MD5 Checksum:a58dc78da859dbf0769a7973b8610540

 ///  File Name: aflam-sql.txt
Description:
Aflam Online version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Author:alnjm33
File Size:1009
Last Modified:Feb 5 18:34:22 2010
MD5 Checksum:189cdc3a5e5811ae6245617fcac4cbf0

 ///  File Name: corelan-10-009-ipswitch-imail.txt
Description:
Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability.
Author:sinn3r
File Size:6623
Last Modified:Feb 5 18:28:00 2010
MD5 Checksum:c0af0f3102545f2df46f09690d825db9

 ///  File Name: corelan-10-008-evalmsi.txt
Description:
Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities.
Author:corelanc0d3r
File Size:4546
Last Modified:Feb 5 18:25:42 2010
MD5 Checksum:4e7f78c58e5eef2a0cf77410c4835a99

 ///  File Name: odlican-upload.txt
Description:
Odlican CMS version 1.5 suffers from an arbitrary remote file upload vulnerability.
Author:Teo Manojlovic
File Size:1051
Last Modified:Feb 5 18:11:10 2010
MD5 Checksum:8b04948082ee3c90b93ac13439e518cb

 ///  File Name: uplusftp1_7-buffer-overflow.txt
Description:
UplusFtp Server version 1.7.0.12 remote buffer overflow exploit that launches calc.exe.
Author:b0telh0
File Size:2169
Last Modified:Feb 5 18:07:30 2010
MD5 Checksum:66a6bda2a906927eaad0b763ae5113bd

 ///  File Name: joomlasexy-sql.txt
Description:
The Joomla Sexy component suffers from a remote SQL injection vulnerability.
Author:Fl0riX
File Size:1453
Last Modified:Feb 5 18:04:17 2010
MD5 Checksum:7fa84ca48f5a089d73c7aa16ee5774f7

 ///  File Name: audistats-sql.txt
Description:
Audistats version 1.3 suffers from a remote SQL injection vulnerability.
Author:kaMtiEz
Homepage:http://www.indonesiancoder.com/
File Size:1960
Last Modified:Feb 5 18:03:14 2010
MD5 Checksum:de7abca7ab6a7497f0b1e539f4044816

 ///  File Name: FoxPlayer.pl.txt
Description:
FoxPlayer version 1.7.0 local buffer overflow proof of concept exploit that creates a malicious .m3u.
Author:cr4wl3r
File Size:1703
Last Modified:Feb 5 18:01:52 2010
MD5 Checksum:f87e9400e731772c8f847a6ab154c946

 ///  File Name: major_rls64.txt
Description:
A remotely exploitable denial of service vulnerability has been found in the JavaScript Engine of the Apple Safari Browser (based on Webkit Engine). Versions 4.0.4 and below are affected.
Author:David "Aesthetico" Vieira-Kurz
Homepage:http://www.majorsecurity.de
File Size:2696
Last Modified:Feb 5 18:00:03 2010
MD5 Checksum:a2d703466bd6c7e58b572371698bdb82

 ///  File Name: JAHx102.txt
Description:
Huski CMS suffers from a local file inclusion vulnerability.
Homepage:http://www.justanotherhacker.com/
File Size:2130
Last Modified:Feb 5 17:58:56 2010
MD5 Checksum:f9bb584d8fabdd6a981eeb33bb50d02a