Section:  .. / 1006-exploits  /

Page 13 of 20
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 >> Files 300 - 325 of 496
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: anecms-sqlxss.txt
Description:
AneCMS versions 1.3 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
Author:High-Tech Bridge SA
Homepage:http://www.htbridge.ch/
File Size:1941
Last Modified:Jun 15 21:27:56 2010
MD5 Checksum:6ecd300a8f3ac276283ba5b51804e1da

 ///  File Name: modxcms-sql.txt
Description:
MODx CMS versions 1.0.3 and below suffer from multiple remote SQL injection vulnerabilities.
Author:High-Tech Bridge SA
Homepage:http://www.htbridge.ch/
File Size:3047
Last Modified:Jun 15 21:26:46 2010
MD5 Checksum:624e07eb57bd85830b51fbc2ee7f4e0e

 ///  File Name: ms10_xxx_helpctr_xss_cmd_exec.rb.tx..>
Description:
Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp". Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to "none" or "player".
Author:Tavis Ormandy
Homepage:http://www.metasploit.com
File Size:11462
Related OSVDB(s):65264
Related CVE(s):CVE-2010-1885
Last Modified:Jun 15 02:48:47 2010
MD5 Checksum:ba1887b3d1c158276960f899e8b51c67

 ///  File Name: windows-browser-adobe_flashplayer_n..>
Description:
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Homepage:http://www.metasploit.com
File Size:12547
Related OSVDB(s):65141
Related CVE(s):CVE-2010-1297
Last Modified:Jun 15 02:40:51 2010
MD5 Checksum:7e72f0d2d13e556c732c0a442e0b075e

 ///  File Name: windows-fileformat-adobe_flashplaye..>
Description:
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Homepage:http://www.metasploit.com
File Size:12450
Related OSVDB(s):65141
Related CVE(s):CVE-2010-1297
Last Modified:Jun 15 02:40:22 2010
MD5 Checksum:42e758030e92a737d73848749544de54

 ///  File Name: evocam_webserver.rb.txt
Description:
This Metasploit module exploits a stack overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
Author:Alexey Sintsov,Paul Harrington
Homepage:http://www.metasploit.com
File Size:3142
Related OSVDB(s):65043
Last Modified:Jun 15 02:39:49 2010
MD5 Checksum:4033ff861ae532841e5dc2e1a0f0188d

 ///  File Name: unreal_ircd_3281_backdoor.rb.txt
Description:
This Metasploit module uses exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:1888
Related OSVDB(s):65445
Last Modified:Jun 15 02:39:26 2010
MD5 Checksum:69fde29e17e4977b4e02870e0764763e

 ///  File Name: ABunreal.py.txt
Description:
Unreal IRCD version 3.2.8.1 remote command execution exploit.
Author:Ac1db1tch3z
File Size:1988
Last Modified:Jun 15 02:32:43 2010
MD5 Checksum:d5bc5911a987498e6eed5dfc31063a29

 ///  File Name: unreal-forreal.txt
Description:
Unreal IRCD version 3.2.8.1 remote downloader / execute trojan.
File Size:1805
Last Modified:Jun 15 02:27:58 2010
MD5 Checksum:bb62715a6cb0bc09af04403b5f5c847f

 ///  File Name: mediawavenew-sql.txt
Description:
MediaWave News suffers from a remote SQL injection vulnerability.
Author:CaSpErHaK
File Size:3179
Last Modified:Jun 14 01:34:59 2010
MD5 Checksum:a61380548a03cab3859f2e31ca430410

 ///  File Name: utstats-sqlxss.txt
Description:
UTStats suffers from cross site scripting, path disclosure and remote SQL injection vulnerabilities.
Author:LuM Member
File Size:547
Last Modified:Jun 14 01:29:42 2010
MD5 Checksum:09a2bf0e001bc96c299d5f97f7e92fd4

 ///  File Name: eyelandstudiogame-sql.txt
Description:
Eyeland Studio suffers from a remote SQL injection vulnerability.
Author:CoBRa_21
File Size:1039
Last Modified:Jun 14 01:24:51 2010
MD5 Checksum:024215280e9c17c2d13151d163c5ab1b

 ///  File Name: yamamahphoto-lfi.txt
Description:
Yamamah Photo Gallery version 1.00 suffers from a file disclosure vulnerability.
File Size:539
Last Modified:Jun 14 01:18:57 2010
MD5 Checksum:c533d11a6c5bbacefb71d1ea815cc683

 ///  File Name: yamamahphoto-sql.txt
Description:
Yamamah Photo Gallery version 1.00 suffers from a remote SQL injection vulnerability.
Author:CoBRa_21
File Size:914
Last Modified:Jun 14 01:08:15 2010
MD5 Checksum:1c12acab76c1cf05ceeaadc80ff49c2f

 ///  File Name: infront-sql.txt
Description:
Infront suffers from a remote SQL injection vulnerability.
Author:TheMaster
File Size:956
Last Modified:Jun 14 00:35:00 2010
MD5 Checksum:80c799621eaa277474b6ccceb194a1c4

 ///  File Name: preclassified-sql.txt
Description:
Pre Classified Listing suffers from a remote SQL injection vulnerability.
Author:L0rd CrusAd3r
File Size:2457
Last Modified:Jun 14 00:26:52 2010
MD5 Checksum:c5df51d6af6048c1e0ca0d9f4e3ed86b

 ///  File Name: vuonlinemailing-sql.txt
Description:
VU Online Mailing suffers from a remote SQL injection vulnerability.
Author:L0rd CrusAd3r
File Size:2584
Last Modified:Jun 14 00:24:48 2010
MD5 Checksum:b2492a64f14bc1ea8c5ed12d76c958c1

 ///  File Name: vuwebvisitoranalyst-sql.txt
Description:
VU Web Visitor Analyst suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Author:L0rd CrusAd3r
File Size:3158
Last Modified:Jun 14 00:23:16 2010
MD5 Checksum:e4802a39c509b9b00c85e760c49d96b0

 ///  File Name: vumassmailer-sql.txt
Description:
VU Mass Mailer version 3.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Author:L0rd CrusAd3r
File Size:2739
Last Modified:Jun 14 00:20:53 2010
MD5 Checksum:ed4506fce1d6ee421c01dc6a1f9e8687

 ///  File Name: collabtive-sql.txt
Description:
Collabtive version 0.6.3 remote SQL injection exploit.
Author:DNX
File Size:3831
Last Modified:Jun 14 00:17:42 2010
MD5 Checksum:8c78bd0e0caa75db1acf271161bddf4e

 ///  File Name: brightsuite-sql.txt
Description:
BrightSuite Groupware version 5.4 suffers from a remote SQL injection vulnerability.
Author:L0rd CrusAd3r
File Size:2474
Last Modified:Jun 14 00:15:07 2010
MD5 Checksum:b663b3b64d7ebe061f2ca5704568e2df

 ///  File Name: digitalinterchangelibrary-sql.txt
Description:
Digital Interchange Document Library suffers from a remote SQL injection vulnerability.
Author:L0rd CrusAd3r
File Size:2681
Last Modified:Jun 14 00:14:32 2010
MD5 Checksum:98008d016cf33bf27ec48dc7d5773826

 ///  File Name: eyelandstudio-sql.txt
Description:
Eyeland Studio Inc. version 2.0 suffers from a remote SQL injection vulnerability.
Author:Mr.P3rfekT
File Size:1151
Last Modified:Jun 14 00:14:21 2010
MD5 Checksum:13b57d1b2cc6e8e04e8a8b88614af3ea

 ///  File Name: bdsmistwp-sql.txt
Description:
BDSMIS TraX with Payroll suffers from a remote SQL injection vulnerability.
Author:L0rd CrusAd3r
File Size:2370
Last Modified:Jun 14 00:13:20 2010
MD5 Checksum:ce49ae1f9f0ed24b21bfb3ae10540623

 ///  File Name: dsplci-sql.txt
Description:
Development Site Professional Liberal - Company Institutional suffers from a remote SQL injection vulnerability.
Author:IQ-Spy
File Size:552
Last Modified:Jun 14 00:10:24 2010
MD5 Checksum:28e32d5196ae7107f961579700cfd506