Section: .. / 0508-exploits /
| /// File Name: |
lglass20040427.txt |
Description:
|
Exploit for Looking Glass v20040427 arbitrary command execution / cross site scripting vulnerabilities
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 6518 | | Last Modified: | Aug 28 05:31:58 2005 |
| MD5 Checksum: | fc4b3d001799b92df265dce9d88d0b2a |
|
| /// File Name: |
ZipTorrent1.3.7.3.txt |
Description:
|
ZipTorrent stores proxy server information and password in X:\\[Program_Files_Path]\[ZipTorrent_Path]\pref.txt in plain text. A local user can read passwords and others.
| | Author: | Kozan | | Homepage: | http://www.spyinstructors.com | | File Size: | 5118 | | Last Modified: | Aug 24 04:42:57 2005 |
| MD5 Checksum: | 7d908a1cd5539c732f0a038b55e21f92 |
|
| /// File Name: |
x_osh2-9byte.pl.txt |
Description:
|
Operator Shell (osh) 1.7-12 local root exploit. New version of an old exploit. This version has the shellcode trimmed down to 9 bytes thanks to Andrewg.
| | Author: | Charles Stevenson aka core | | File Size: | 4764 | | Last Modified: | Aug 23 20:10:16 2005 |
| MD5 Checksum: | 8f1aa72893779d145383f8a40c25191e |
|
| /// File Name: |
x_osh2.pl.txt |
Description:
|
Operator Shell (osh) 1.7-12 local root exploit. New version of an old exploit.
| | Author: | Charles Stevenson aka core | | File Size: | 4659 | | Last Modified: | Aug 17 01:36:57 2005 |
| MD5 Checksum: | bbc767844763edfbf4e168e6b994939b |
|
| /// File Name: |
HAURItraverse.txt |
Description:
|
Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to write files to arbitrary directories. Affected versions: ViRobot Expert 4.0, ViRobot Advanced Server, ViRobot Linux Server 2.0, HAURI LiveCall.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 4600 | | Last Modified: | Aug 23 20:31:14 2005 |
| MD5 Checksum: | 48852c43d92563bdb5dd75c64b1cdbb1 |
|
| /// File Name: |
multiVulns.txt |
Description:
|
Multiple vulnerabilities have been discovered in various CMS and forum software. e107 suffers from a cross site scripting flaw, Wordpress suffers from a SQL injection flaw, PHPNews suffers from a remote inclusion flaw, phpBB suffers from a SQL injection flaw, Google suffers from a SQL injection flaw, and myspace.com suffers from a user profile defacement flaw. Oh.. and UBB 6.3.2 suffers from a remote code execution flaw.
| | Author: | pacifico, ratboy | | File Size: | 4505 | | Last Modified: | Aug 31 01:15:14 2005 |
| MD5 Checksum: | 0b3cc1bdf7c9bc094938f2cf671a24b5 |
|
| /// File Name: |
WebWizXSS.txt |
Description:
|
The Web Wiz Forum software is susceptible to a cross site scripting flaw.
| | Author: | sirh0t | | File Size: | 4070 | | Last Modified: | Aug 24 00:40:01 2005 |
| MD5 Checksum: | 437ca49aad788bf13576a13327457a35 |
|
| /// File Name: |
HP_OV_NNM_RCE.c |
Description:
|
Remote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.
| | Author: | Lympex | | Homepage: | http://l-bytes.net | | File Size: | 3959 | | Last Modified: | Aug 31 02:26:49 2005 |
| MD5 Checksum: | f52cf58231344c9d88f6eb0cd01adc82 |
|
| /// File Name: |
WinAce2605.txt |
Description:
|
Local exploitation of a buffer overflow vulnerability in WinAce 2.6.0.5 allows attackers to execute arbitrary code. Exploit included.
| | Author: | ATmaCA | | Homepage: | http://www.atmacasoft.com | | File Size: | 3827 | | Last Modified: | Aug 23 21:02:46 2005 |
| MD5 Checksum: | ef03c6d30861cb461ac833057f3168d5 |
|
| /// File Name: |
solaris_lpd_unlink.pm.txt |
Description:
|
This Metasploit module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simple delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
| | Author: | H D Moore, Optyx | | File Size: | 3736 | | Last Modified: | Aug 24 05:33:23 2005 |
| MD5 Checksum: | c354cbe8ad5502700d7c12a89411d670 |
|
| /// File Name: |
SqWebMail.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
| | Author: | Jakob Balle | | Homepage: | http://www.secunia.com | | File Size: | 3694 | | Last Modified: | Aug 31 01:37:12 2005 |
| MD5 Checksum: | 57470dc10cef0798ea3aec873b6095dd |
|
| /// File Name: |
ADSLFR4II.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20050719) - Mentor's ADSL-FR4II router, firmware version 2.00.0111 2004.04.09, is susceptible to unauthenticated administrative access, downloading of configuration files with the system password, and denial of service attacks.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 3572 | | Last Modified: | Aug 17 00:59:01 2005 |
| MD5 Checksum: | f3bbb1c54db3bfc7d745084f66ad82a6 |
|
| /// File Name: |
IE-Msddsdll-0day.txt |
Description:
|
Microsoft Internet Explorer msdds.dll remote code execution exploit. z3r0 d4y. Binds a shell on port 28876. Tested on Microsoft Internet Explorer 6 SP2 (Windows XP SP2).
| | File Size: | 3319 | | Last Modified: | Aug 19 00:31:35 2005 |
| MD5 Checksum: | d1fe9fb20e8dc5e0ef6fe7939785ef12 |
|
| /// File Name: |
IMRadio-4.0-expl.txt |
Description:
|
Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows Registry in plain text. A local user can read the values.
| | Author: | Kozan | | Homepage: | http://www.spyinstructors.com | | File Size: | 3019 | | Last Modified: | Aug 24 04:36:19 2005 |
| MD5 Checksum: | 649b6ad97a5ee8a49551e8e28ad2b8b4 |
|
| /// File Name: |
phpAdsNew205.txt |
Description:
|
phpAdsNew and phpPgAds versions 2.0.5 and below suffer from an arbitrary file inclusion flaw. Detailed exploitation provided.
| | Author: | Maksymilian Arciemowicz | | File Size: | 3018 | | Last Modified: | Aug 18 03:23:35 2005 |
| MD5 Checksum: | 1ed20310705df1b100b9b0f847ea67a1 |
|
| /// File Name: |
elmexPoC.c |
Description:
|
Proof of concept exploit for Elm versions 2.5.8 and below that makes use of a buffer overflow during the parsing of the Expires field.
| | Author: | c0ntex | | Related File: | elm-data.tar.gz | | File Size: | 2857 | | Last Modified: | Aug 24 01:17:59 2005 |
| MD5 Checksum: | 30c19e44672429391d6d1363aa6295f6 |
|
| /// File Name: |
phpfreenews140.txt |
Description:
|
PHPFreeNews versions 1.40 and below are susceptible to SQL injection and cross site scripting attacks.
| | Author: | matrix killer, h4cky0u | | Homepage: | http://www.h4cky0u.org | | File Size: | 2808 | | Last Modified: | Aug 18 03:30:54 2005 |
| MD5 Checksum: | 678d0e34a1a7e5546aa2cd24aa7be7dd |
|
| /// File Name: |
zenworks_desktop_agent.pm.txt |
Description:
|
Novell ZENworks 6.5 Desktop/Server Management remote stack overflow exploit.
| | File Size: | 2711 | | Last Modified: | Aug 15 01:13:39 2005 |
| MD5 Checksum: | 678bf1fc3cd9aa603ec1771ffe7855f5 |
|
| /// File Name: |
citibankXSS.txt |
Description:
|
Citibank's website in the UK is susceptible cross site scripting attacks.
| | Author: | Andrew Smith | | File Size: | 2584 | | Last Modified: | Aug 17 01:02:15 2005 |
| MD5 Checksum: | 8e84876372ebab674c0b73a3848af57e |
|
| /// File Name: |
gtchatDoS.txt |
Description:
|
GTChat versions 0.95 Alpha and below remote denial of service exploit.
| | Author: | x97Rang | | File Size: | 2490 | | Last Modified: | Aug 19 01:17:18 2005 |
| MD5 Checksum: | fb94eeadfecd56bcc98ef2ef6565bb53 |
|
| /// File Name: |
mdaemon_imap.pm.txt |
Description:
|
Mdaemon 8.0.3 IMAP CRAM-MD5 authentication remote buffer overflow exploit.
| | File Size: | 2479 | | Last Modified: | Aug 15 01:17:13 2005 |
| MD5 Checksum: | 379e6bb2e530de9238d0c264ea2ef2d8 |
|
| /// File Name: |
fuseXSS.txt |
Description:
|
Fuse version 4.1.0 and possibly earlier versions appear susceptible to cross site scripting attacks.
| | Author: | N.N.P | | File Size: | 2477 | | Last Modified: | Aug 5 03:38:39 2005 |
| MD5 Checksum: | dfef692a0eec1d3be8708d8c4abe013b |
|
| /// File Name: |
FreznoShopSQL.txt |
Description:
|
Versions of FreznoShop below 1.4.1 are vulnerable to SQL injection attacks due to a lack of input validation on parameters used in database queries. Sample exploitation provided.
| | Author: | Mike Shema | | Homepage: | http://www.ntobjectives.com/ | | File Size: | 2363 | | Last Modified: | Aug 11 00:50:07 2005 |
| MD5 Checksum: | 251e4d680f2039a7188789d03c74e266 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
