Section: .. / Last 100 Exploit Files /
| /// File Name: | CORELAN-10-010.txt | Description:
| GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability. | | Author: | MarkoT | | Homepage: | http://www.corelan.be/ | | File Size: | 2801 | | Last Modified: | Feb 8 20:43:57 2010 | | MD5 Checksum: | 0e7f9fafc9f7fcb06b0568d00318a9a8 |
|
| /// File Name: | wsnguestdb-disclose.txt | Description:
| WSN Guest Database appears to suffer from a database disclosure vulnerability. | | Author: | HackXBack | | File Size: | 584 | | Last Modified: | Feb 8 20:43:06 2010 | | MD5 Checksum: | 495339c224d0283cb54de303975d36cf |
|
| /// File Name: | bluedove-sql.txt | Description:
| Blue Dove suffers from a remote SQL injection vulnerability. | | Author: | HackXBack | | File Size: | 1232 | | Last Modified: | Feb 8 20:41:51 2010 | | MD5 Checksum: | 56b8210fea175b0548221b4e893a6f15 |
|
| /// File Name: | as3flexdb-sqldisclose.txt | Description:
| AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities. | | Author: | DungPQ | | File Size: | 2623 | | Last Modified: | Feb 8 20:32:53 2010 | | MD5 Checksum: | 4bd18fda47c39420b7a2025aa50c2299 |
|
| /// File Name: | jdownloader-exec.txt | Description:
| JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included. | | Author: | apoc | | Homepage: | http://apoc.sixserv.org/ | | File Size: | 3673 | | Last Modified: | Feb 8 20:28:00 2010 | | MD5 Checksum: | f02e18d147b9e1dfcc34e8cf5cfa5186 |
|
| /// File Name: | DSECRG-09-065.txt | Description:
| TVUPlayer version 2.4.9beta build 1797 suffers from an Active-X insecure method vulnerability. | | Author: | Evdokimov Dmitriy | | Homepage: | http://www.dsec.ru/ | | File Size: | 2131 | | Last Modified: | Feb 8 20:25:23 2010 | | MD5 Checksum: | bac4aa9259d5374d946f83db9c3ff040 |
|
| /// File Name: | sapone_fc.tar.bz2 | Description:
| Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin. | | Author: | Luigi Auriemma,Peter Osterberg | | Homepage: | http://aluigi.org/ | | Related Exploit: | sapone.zip | | Related File: | sapone.txt | | File Size: | 10569 | | Last Modified: | Feb 8 20:19:54 2010 | | MD5 Checksum: | 32c6cabe1db27fbf0308144890b2d306 |
|
| /// File Name: | uigabp-sqlxss.txt | Description:
| Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities. | | Author: | Sioma Labs | | Homepage: | http://siomalabs.com/ | | File Size: | 1989 | | Last Modified: | Feb 8 20:02:45 2010 | | MD5 Checksum: | 6b84b3615b36518a491863abe6e2f3a1 |
|
| /// File Name: | cve-2010-0453.c | Description:
| This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris. | | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | Related File: | TKADV2010-001.txt | | File Size: | 1671 | | Related CVE(s): | CVE-2010-0453 | | Last Modified: | Feb 8 19:59:42 2010 | | MD5 Checksum: | 2a0447bcfa866c531eb52571f1f41998 |
|
| /// File Name: | exponentcms-sql.txt | Description:
| Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005. | | Author: | T u R c O,TuRcO | | Related Exploit: | exponentCMS.txt | | File Size: | 923 | | Last Modified: | Feb 8 19:57:09 2010 | | MD5 Checksum: | a0cd6f652071516b48622066562eef4d |
|
| /// File Name: | belkatalog-sql.txt | Description:
| Belkatalog CMS suffers from a remote SQL injection vulnerability. | | Author: | Teo Manojlovic | | File Size: | 465 | | Last Modified: | Feb 8 19:51:58 2010 | | MD5 Checksum: | 5887874473c95e0719f82071a28cf6ef |
|
| /// File Name: | zentracking-sql.txt | Description:
| Zen Tracking versions 2.2 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | cr4wl3r | | File Size: | 954 | | Last Modified: | Feb 8 19:48:37 2010 | | MD5 Checksum: | 2a32fa6d979a15dfb5330ad321d9c3ba |
|
| /// File Name: | baalsystems-sql.txt | Description:
| Baal Systems version 3.8 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | cr4wl3r | | File Size: | 1392 | | Last Modified: | Feb 8 19:31:46 2010 | | MD5 Checksum: | f947c05455d86a4f86719b7aae918251 |
|
| /// File Name: | damailinglist-sqldisclose.txt | Description:
| DA Mailing List version 2 suffers from remote SQL injection and database disclosure vulnerabilities. | | Author: | Phenom | | File Size: | 2943 | | Last Modified: | Feb 8 19:29:55 2010 | | MD5 Checksum: | 788ce3a808958d671ddad91b8303fb9d |
|
| /// File Name: | videodb-xss.txt | Description:
| VideoDB version 3.0.3 suffers from a cross site scripting vulnerability. | | Author: | vr | | File Size: | 271 | | Last Modified: | Feb 8 18:50:37 2010 | | MD5 Checksum: | 5cca8727e1698956e82321f47f812571 |
|
| /// File Name: | safari404mc-dos.txt | Description:
| Safari version 4.0.4 remote denial of service with possible memory corruption exploit. | | Author: | 599eme Man | | File Size: | 381 | | Last Modified: | Feb 8 18:47:36 2010 | | MD5 Checksum: | ab82de50d3845098c93f269eea804f72 |
|
| /// File Name: | seamonkey201-dos.txt | Description:
| SeaMonkey version 2.0.1 remote denial of service with possible memory corruption exploit. | | Author: | 599eme Man | | File Size: | 384 | | Last Modified: | Feb 8 18:46:14 2010 | | MD5 Checksum: | d52e12e25a3c2982fdb9f788c92e83a0 |
|
| /// File Name: | firefox356-dos.txt | Description:
| Firefox version 3.5.6 remote denial of service with possible memory corruption exploit. | | Author: | 599eme Man | | File Size: | 382 | | Last Modified: | Feb 8 18:45:15 2010 | | MD5 Checksum: | b1ac77c1347e7424960fc290202dfbd4 |
|
| /// File Name: | encapscms-rfi.txt | Description:
| EncapsCMS versions 0.3.6 and below suffer from a remote file inclusion vulnerability. | | Author: | cr4wl3r | | File Size: | 484 | | Last Modified: | Feb 8 18:43:44 2010 | | MD5 Checksum: | 1669175dfe3361f28fcd36ee27a8117d |
|
| /// File Name: | rostermain-sql.txt | Description:
| Rostermain versions 1.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | cr4wl3r | | File Size: | 492 | | Last Modified: | Feb 8 18:42:59 2010 | | MD5 Checksum: | 66c4c6e49d707d3ec3081bda67c6721e |
|
| /// File Name: | killmonster-sql.txt | Description:
| Killmonster versions 2.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | cr4wl3r | | File Size: | 813 | | Last Modified: | Feb 8 18:41:59 2010 | | MD5 Checksum: | 5c49aad45bbb226003b00238e13c2c2c |
|
| /// File Name: | tinymce-sqlxss.txt | Description:
| TinyMCE suffers from cross site scripting and SQL injection vulnerabilities. | | Author: | mc2_s3lector | | File Size: | 3808 | | Last Modified: | Feb 8 18:40:13 2010 | | MD5 Checksum: | b070a6c1bde1b062131fc4fd656a5231 |
|
| /// File Name: | joomlaproductbook-sql.txt | Description:
| The Joomla Productbook component suffers from a remote SQL injection vulnerability. | | Author: | Snakespc | | File Size: | 809 | | Last Modified: | Feb 8 18:13:42 2010 | | MD5 Checksum: | db3126785efd50adb62d489742089dbf |
|
| /// File Name: | jaxcms-lfi.txt | Description:
| JaxCMS version 1.0 suffers from a local file inclusion vulnerability. | | Author: | MizoZ | | File Size: | 395 | | Last Modified: | Feb 8 17:50:39 2010 | | MD5 Checksum: | c6fd81a40467587f9b04c1a7b9b0f957 |
|
| /// File Name: | major_rls65.txt | Description:
| A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone. Proof of concept code included. | | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 3058 | | Last Modified: | Feb 8 17:48:39 2010 | | MD5 Checksum: | db4037dc53ce2046e2b0b7e88971bc02 |
|
| /// File Name: | ldfdf-sql.txt | Description:
| LDF suffers from a remote SQL injection vulnerability. | | Author: | Arash Setayeshi | | File Size: | 274 | | Last Modified: | Feb 8 17:42:59 2010 | | MD5 Checksum: | 49b1f9702aa8977f8615c67dabebe107 |
|
| /// File Name: | httpdx152-dos.txt | Description:
| httpdx version 1.5.2 suffers from a remote pre-authentication denial of service vulnerability. | | Author: | loneferret | | File Size: | 1021 | | Last Modified: | Feb 8 17:41:02 2010 | | MD5 Checksum: | f3f1efcd3bc3fe5bf4ab32eb1de1645e |
|
| /// File Name: | croogo-xsrf.txt | Description:
| Croogo version 1.2.1 suffers from a cross site request forgery vulnerability. | | Author: | Milos Zivanovic | | File Size: | 2460 | | Last Modified: | Feb 8 17:39:40 2010 | | MD5 Checksum: | f52707b51eba2f300845199d785ba7b4 |
|
| /// File Name: | joomlaphotoblog-bsql.txt | Description:
| The Joomla Photoblog component suffers from a remote blind SQL injection vulnerability. | | Author: | altbta | | File Size: | 1286 | | Last Modified: | Feb 8 17:38:01 2010 | | MD5 Checksum: | b9370f253cda53108b4e7a22e95fb285 |
|
| /// File Name: | xlite-wav.py.txt | Description:
| X-Lite SIP version 3 memory corruption heap overflow exploit that creates a malicious .wav file. | | Author: | TecR0c | | File Size: | 1005 | | Last Modified: | Feb 8 17:33:49 2010 | | MD5 Checksum: | 192049c6b120ca1fdc5385359ad2c434 |
|
| /// File Name: | opera3.pl.txt | Description:
| Opera version 10.10 remote denial of service exploit. | | Author: | Dj7xpl,cr4wl3r | | File Size: | 1934 | | Last Modified: | Feb 8 17:32:47 2010 | | MD5 Checksum: | 12967b6a65dd615075519869ea5b637b |
|
| /// File Name: | obb-sql.txt | Description:
| Open Bulletin Board suffers from a remote blind SQL injection vulnerability. | | Author: | AtT4CKxT3rR0r1ST | | File Size: | 1431 | | Last Modified: | Feb 8 17:29:57 2010 | | MD5 Checksum: | 3188bf3bd97fe1af12f8451e533dbcf4 |
|
| /// File Name: | joomlagirls-sql.txt | Description:
| The Joomla Girls component suffers from a remote SQL injection vulnerability. | | Author: | Fl0riX | | File Size: | 799 | | Last Modified: | Feb 8 17:17:34 2010 | | MD5 Checksum: | d8b4034f335f460ae66c03493eb25c54 |
|
| /// File Name: | joomlacommodel-sql.txt | Description:
| The Joomla Model component suffers from a remote SQL injection vulnerability. | | Author: | Fl0riX | | Related Exploit: | joomlamodel-sql.txt | | File Size: | 1191 | | Last Modified: | Feb 8 17:12:56 2010 | | MD5 Checksum: | 3ab784b44d144f6984ef998c42689daf |
|
| /// File Name: | CORE-2010-0121.txt | Description:
| Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided. | | Author: | Core Security Technologies,Dan Crowley | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 16509 | | Last Modified: | Feb 5 20:42:15 2010 | | MD5 Checksum: | 8e5f421a8e3147938908dd4d9a608315 |
|
| /// File Name: | flexmysql-sql.txt | Description:
| Flex MySQL Connector suffers from a remote SQL injection vulnerability. | | Author: | DungPQ | | File Size: | 2314 | | Last Modified: | Feb 5 20:39:49 2010 | | MD5 Checksum: | c0bb97b1a43f90c2381075947dbc7e70 |
|
| /// File Name: | CORE-2010-0104.txt | Description:
| Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS. | | Author: | Adrian Manrique,Aureliano Calvo,Core Security Technologies | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 10300 | | Related CVE(s): | CVE-2010-0368, CVE-2010-0369 | | Last Modified: | Feb 5 19:16:11 2010 | | MD5 Checksum: | 92cacafd80234bf0eb614d89411c5edb |
|
| /// File Name: | mysql_yassl_getname.rb.txt | Description:
| This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL. | | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 5840 | | Related OSVDB(s): | 61956 | | Last Modified: | Feb 5 19:07:12 2010 | | MD5 Checksum: | d029c6a4e1e757e8e1f838fe13930102 |
|
| /// File Name: | novelliprint_datetime.rb.txt | Description:
| This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing a specially crafted date/time string via certain parameters to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in order to reach this vulnerability. | | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 3605 | | Related OSVDB(s): | 60804 | | Related CVE(s): | CVE-2009-1569 | | Last Modified: | Feb 5 19:05:53 2010 | | MD5 Checksum: | 1baa5f1892dc7e563aacd2917138431b |
|
| /// File Name: | novelliprint_target-frame.rb.txt | Description:
| This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing an overly long string via the "target-frame" parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in order to reach this vulnerability. | | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 3666 | | Related OSVDB(s): | 60803 | | Related CVE(s): | CVE-2009-1568 | | Last Modified: | Feb 5 19:05:37 2010 | | MD5 Checksum: | ed7494832b423837a82986e57fc24d46 |
|
| /// File Name: | deepburner_path.rb.txt | Description:
| This Metasploit module exploits a stack-based buffer overflow in versions 1.9.0.228, 1.8.0, and possibly other versions of AstonSoft's DeepBurner (Pro, Lite, etc). An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded DBR file within a browser, since the DBR extension is registered to DeepBurner. | | Author: | Expanders,fl0 fl0w | | Homepage: | http://www.metasploit.com | | File Size: | 3874 | | Related OSVDB(s): | 32356 | | Related CVE(s): | CVE-2006-6665 | | Last Modified: | Feb 5 18:58:19 2010 | | MD5 Checksum: | 35c9773dc0a7fa04a697d0a53ee89484 |
|
| /// File Name: | audiotran_pls.rb.txt | Description:
| This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Audiotran. This functionality has not been tested in this module. | | Author: | Sebastien Duquette,dookie | | Homepage: | http://www.metasploit.com | | File Size: | 2037 | | Related OSVDB(s): | 55424 | | Related CVE(s): | CVE-2009-0476 | | Last Modified: | Feb 5 18:57:35 2010 | | MD5 Checksum: | 1c48cbe8f3969646ca1f174aeeac87e9 |
|
| /// File Name: | wireshark_lwres_getaddrbyname.rb.txt | Description:
| The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. | | Author: | babi,jduck | | Homepage: | http://www.metasploit.com | | File Size: | 7491 | | Related OSVDB(s): | 61987 | | Related CVE(s): | CVE-2010-0304 | | Last Modified: | Feb 5 18:57:03 2010 | | MD5 Checksum: | 40cfc04732b379ed5f4261da9cf95bf6 |
|
| /// File Name: | java_signed_applet.rb.txt | Description:
| This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR. | | Author: | natron | | Homepage: | http://www.metasploit.com | | File Size: | 13877 | | Last Modified: | Feb 5 18:56:35 2010 | | MD5 Checksum: | 582aae1c0eff51e3f30d79add62758eb |
|
| /// File Name: | interspire-sqlxss.txt | Description:
| Interspire Knowledgebase Manager versions 5.1.3 and below suffer from information disclosure, cross site scripting and remote SQL injection vulnerabilities. | | Author: | Cory Marsh | | File Size: | 7753 | | Last Modified: | Feb 5 18:40:13 2010 | | MD5 Checksum: | a58dc78da859dbf0769a7973b8610540 |
|
| /// File Name: | aflam-sql.txt | Description:
| Aflam Online version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | alnjm33 | | File Size: | 1009 | | Last Modified: | Feb 5 18:34:22 2010 | | MD5 Checksum: | 189cdc3a5e5811ae6245617fcac4cbf0 |
|
| /// File Name: | corelan-10-009-ipswitch-imail.txt | Description:
| Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability. | | Author: | sinn3r | | File Size: | 6623 | | Last Modified: | Feb 5 18:28:00 2010 | | MD5 Checksum: | c0af0f3102545f2df46f09690d825db9 |
|
| /// File Name: | corelan-10-008-evalmsi.txt | Description:
| Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities. | | Author: | corelanc0d3r | | File Size: | 4546 | | Last Modified: | Feb 5 18:25:42 2010 | | MD5 Checksum: | 4e7f78c58e5eef2a0cf77410c4835a99 |
|
| /// File Name: | odlican-upload.txt | Description:
| Odlican CMS version 1.5 suffers from an arbitrary remote file upload vulnerability. | | Author: | Teo Manojlovic | | File Size: | 1051 | | Last Modified: | Feb 5 18:11:10 2010 | | MD5 Checksum: | 8b04948082ee3c90b93ac13439e518cb |
|
| /// File Name: | uplusftp1_7-buffer-overflow.txt | Description:
| UplusFtp Server version 1.7.0.12 remote buffer overflow exploit that launches calc.exe. | | Author: | b0telh0 | | File Size: | 2169 | | Last Modified: | Feb 5 18:07:30 2010 | | MD5 Checksum: | 66a6bda2a906927eaad0b763ae5113bd |
|
| /// File Name: | joomlasexy-sql.txt | Description:
| The Joomla Sexy component suffers from a remote SQL injection vulnerability. | | Author: | Fl0riX | | File Size: | 1453 | | Last Modified: | Feb 5 18:04:17 2010 | | MD5 Checksum: | 7fa84ca48f5a089d73c7aa16ee5774f7 |
|
| /// File Name: | FoxPlayer.pl.txt | Description:
| FoxPlayer version 1.7.0 local buffer overflow proof of concept exploit that creates a malicious .m3u. | | Author: | cr4wl3r | | File Size: | 1703 | | Last Modified: | Feb 5 18:01:52 2010 | | MD5 Checksum: | f87e9400e731772c8f847a6ab154c946 |
|
| /// File Name: | major_rls64.txt | Description:
| A remotely exploitable denial of service vulnerability has been found in the JavaScript Engine of the Apple Safari Browser (based on Webkit Engine). Versions 4.0.4 and below are affected. | | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2696 | | Last Modified: | Feb 5 18:00:03 2010 | | MD5 Checksum: | a2d703466bd6c7e58b572371698bdb82 |
|
| /// File Name: | JAHx102.txt | Description:
| Huski CMS suffers from a local file inclusion vulnerability. | | Homepage: | http://www.justanotherhacker.com/ | | File Size: | 2130 | | Last Modified: | Feb 5 17:58:56 2010 | | MD5 Checksum: | f9bb584d8fabdd6a981eeb33bb50d02a |
|
| /// File Name: | JAHx101.txt | Description:
| Huski Retail suffers from multiple remote SQL injection vulnerabilities. | | Homepage: | http://www.justanotherhacker.com/ | | File Size: | 1652 | | Last Modified: | Feb 5 17:57:24 2010 | | MD5 Checksum: | 7d34ba16705e32a5a07fcff935f9bff7 |
|
| /// File Name: | joomlaerotik-sql.txt | Description:
| The Joomla Erotik component suffers from a remote SQL injection vulnerability. | | Author: | Fl0riX | | File Size: | 1190 | | Last Modified: | Feb 5 17:55:57 2010 | | MD5 Checksum: | ce33f1557e3c3cc8d93c04f94042e555 |
|
| /// File Name: | sterlite-xss.txt | Description:
| The Sterlite SAM300AX ADSL router suffers from a cross site scripting vulnerability. | | Author: | Karn Ganeshen | | File Size: | 3038 | | Last Modified: | Feb 5 17:52:04 2010 | | MD5 Checksum: | fd11bcabddf5e7ce69a97405600ed062 |
|
| /// File Name: | masa2elmc-sql.txt | Description:
| MASA2EL Music City version 1.0 suffers from a remote SQL injection vulnerability. | | Author: | alnjm33 | | File Size: | 1169 | | Last Modified: | Feb 5 17:50:44 2010 | | MD5 Checksum: | 6e77f69f23ecace10d5ecfa7674533a6 |
|
| /// File Name: | arabnetworktech-sql.txt | Description:
| Arab Network Tech CMS suffers from a remote SQL injection vulnerability. | | Author: | Tr0y-x | | File Size: | 1186 | | Last Modified: | Feb 5 17:50:04 2010 | | MD5 Checksum: | e7d2814000d417e7e5efdebb87375cf7 |
|
| /// File Name: | yarahosting-sql.txt | Description:
| Yara Hosting suffers from a remote SQL injection vulnerability. | | Author: | Meister,Quimo | | File Size: | 817 | | Last Modified: | Feb 5 17:47:45 2010 | | MD5 Checksum: | ed3098fbc007515fddd6d5bdbc3a4c40 |
|
| /// File Name: | samba-traversal.txt | Description:
| Samba suffers from a remote directory traversal vulnerability. A remote attacker can read, list and retrieve nearly all files on the system remotely. Required is a valid samba account for a share which is writable OR a writable share which is configured to be a guest account share, in this case this is a preauth exploit.Included is a smbclient patch that exploits this vulnerability. | | Author: | Kingcope | | File Size: | 7421 | | Last Modified: | Feb 5 11:15:11 2010 | | MD5 Checksum: | 1a2d221d161a154517117c74712f77de |
|
| /// File Name: | CORE-2009-0625.txt | Description:
| Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker. | | Author: | Core Security Technologies,Federico Muttis,Jorge Luis Alvarez Medina | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 18432 | | Related CVE(s): | CVE-2010-0255 | | Last Modified: | Feb 4 02:20:01 2010 | | MD5 Checksum: | 36320648119fe6322abfd8ce8887f87e |
|
| /// File Name: | oputils_5-xss.txt | Description:
| ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO. | | Author: | Asheesh Kumar Mani Tripathi | | File Size: | 5236 | | Last Modified: | Feb 4 02:10:51 2010 | | MD5 Checksum: | b569e4cd245b6a5868965bb9949c002e |
|
| /// File Name: | oputils_5-sql.txt | Description:
| ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO. | | Author: | Asheesh Kumar Mani Tripathi | | File Size: | 2281 | | Last Modified: | Feb 4 02:09:14 2010 | | MD5 Checksum: | ab4dbe3b908d1e7283e0f2d25720467e |
|
| /// File Name: | ultrabb-xss.txt | Description:
| UltraBB version 1.17 suffers from a cross site scripting vulnerability. | | Author: | s4r4d0 | | File Size: | 542 | | Last Modified: | Feb 4 02:07:25 2010 | | MD5 Checksum: | e70ce312039d9c06cb2a1e98484e24b7 |
|
| /// File Name: | owa-bypass.txt | Description:
| Outlook Web Access (OWA) suffers from a vulnerability that allows direct access to files blocked by policy. | | Author: | Ricardo Martins | | File Size: | 1672 | | Last Modified: | Feb 4 01:54:01 2010 | | MD5 Checksum: | d8f70bc0f1a1bbc62540ee3043f2a50d |
|
| /// File Name: | symantec-exec.txt | Description:
| Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products. | | Author: | Kingcope | | File Size: | 7063 | | Related CVE(s): | CVE-2009-1429 | | Last Modified: | Feb 4 01:43:55 2010 | | MD5 Checksum: | f978f77e5fbeaf14861e8acc2a406f0e |
|
| /// File Name: | facebookfriend-xss.txt | Description:
| The mobile interface of Facebook social network was affected by a cross site scripting vulnerability. | | Author: | Juan Galiana Lara | | File Size: | 2913 | | Last Modified: | Feb 4 01:42:21 2010 | | MD5 Checksum: | 338251d4ffb06072b74d2b1c1c127482 |
|
| /// File Name: | phpcarrental-sql.txt | Description:
| PHP Car Rental Script suffers from a remote SQL injection vulnerability that allows for authentication bypass. | | Author: | MizoZ | | File Size: | 374 | | Last Modified: | Feb 4 01:09:26 2010 | | MD5 Checksum: | 2d12cc041c0ad3d7d5d158a6e7c3741a |
|
| /// File Name: | digitalampmp3-dos.txt | Description:
| Digital Amp MP3 version 3.1 local crash proof of concept exploit. | | Author: | SkuLL-HacKeR | | File Size: | 521 | | Last Modified: | Feb 4 01:06:05 2010 | | MD5 Checksum: | 4f9a3b88e0975b5ba45f99cb81a7b8d3 |
|
| /// File Name: | 1001-exploits.tgz | Description:
| This archive contains all of the 517 exploits added to Packet Storm in January, 2010. | | Homepage: | http://packetstormsecurity.org/ | | File Size: | 1544746 | | Last Modified: | Feb 4 00:45:43 2010 | | MD5 Checksum: | 7b95540b80dd588d186922b6943bce5e |
|
| /// File Name: | realadmin-sql.txt | Description:
| RealAdmin suffers from a remote blind SQL injection vulnerability. | | Author: | AtT4CKxT3rR0r1ST | | File Size: | 1225 | | Last Modified: | Feb 2 23:22:58 2010 | | MD5 Checksum: | f2fc207d5d972a76418f32c1996dced9 |
|
| /// File Name: | cmsboys-sql.txt | Description:
| CMS Boys suffers from multiple remote SQL injection vulnerabilities. | | Author: | MizoZ | | File Size: | 968 | | Last Modified: | Feb 2 22:59:21 2010 | | MD5 Checksum: | 2f2a3dee514d7a783177a450314e1df9 |
|
| /// File Name: | cityadmin-sql.txt | Description:
| CityAdmin suffers from a remote blind SQL injection vulnerability. | | Author: | AtT4CKxT3rR0r1ST | | File Size: | 1233 | | Last Modified: | Feb 2 22:57:37 2010 | | MD5 Checksum: | d4c0720fce9838447d739b9aadcead38 |
|
| /// File Name: | opencart-xsrf.txt | Description:
| OpenCart suffers from a cross site request forgery vulnerability. | | File Size: | 2054 | | Last Modified: | Feb 2 22:52:47 2010 | | MD5 Checksum: | 7d2db0f41439f8d3d1bc0001942db877 |
|
| /// File Name: | ibibo-xss.txt | Description:
| Ibibo.com, India’s first entertainment and talent based social network, suffers from a cross site scripting vulnerability. | | Author: | Rockey Killer | | File Size: | 779 | | Last Modified: | Feb 2 22:47:32 2010 | | MD5 Checksum: | cf367af94e42f4ae3fc3a651b23283b8 |
|
| /// File Name: | kubelance-xsrf.txt | Description:
| KubeLance version 1.7.6 suffers from a cross site request forgery vulnerability. | | Author: | Milos Zivanovic | | File Size: | 1216 | | Last Modified: | Feb 2 22:45:48 2010 | | MD5 Checksum: | ea7977ead93afcb123e379b772f0ea43 |
|
| /// File Name: | myre-sql.txt | Description:
| MYRE Classified suffers from a remote SQL injection vulnerability. | | Author: | kaMtiEz | | Homepage: | http://www.indonesiancoder.com/ | | File Size: | 2279 | | Last Modified: | Feb 2 22:44:32 2010 | | MD5 Checksum: | 08524e212c8d069fdcdd4922e5702595 |
|
| /// File Name: | dlili-sql.txt | Description:
| Dlili suffers from a remote SQL injection vulnerability. | | Author: | Dr.DaShEr | | File Size: | 1277 | | Last Modified: | Feb 2 22:40:03 2010 | | MD5 Checksum: | 0d9a2fc4d8244d529a4b6de8f75d478c |
|
| /// File Name: | gcp-lfi.txt | Description:
| GCP suffers from a local file inclusion vulnerability. | | Author: | R3VAN_BASTARD | | File Size: | 1317 | | Last Modified: | Feb 2 22:29:33 2010 | | MD5 Checksum: | 53e65f439360c67350ca019a0414609e |
|
| /// File Name: | mybusinessadmin-sql.txt | Description:
| myBusinessAdmin suffers from a remote blind SQL injection vulnerability in content.php. | | Author: | AtT4CKxT3rR0r1ST | | File Size: | 1260 | | Last Modified: | Feb 2 22:27:25 2010 | | MD5 Checksum: | e2fc5c05cfe42ec359728d7e98fc9e1f |
|
| /// File Name: | cmsd_exploit.c | Description:
| AIX RPC.cmsd remote stack buffer overflow proof of concept exploit. | | Author: | Rodrigo Rubira Branco | | Related File: | 10.07.09-1.txt | | File Size: | 2148 | | Last Modified: | Feb 2 22:22:12 2010 | | MD5 Checksum: | 07e89cdb3a2afe27888f80e560197ff5 |
|
| /// File Name: | deepburner.c | Description:
| Deepburner Pro version 1.9.0.228 dbr file universal buffer overflow exploit. | | Author: | fl0 fl0w | | File Size: | 16371 | | Last Modified: | Feb 2 22:19:33 2010 | | MD5 Checksum: | 3947416e25068b90cb387e048c42cebe |
|
| /// File Name: | qihoo360-escalate.txt | Description:
| Qihoo 360 Security Guard version 6.1.5.1009 suffers from a local privilege escalation vulnerability. | | File Size: | 3950 | | Last Modified: | Feb 2 16:38:47 2010 | | MD5 Checksum: | 2bcb528c5dbc6138d7e93e57063b4c6c |
|
| /// File Name: | mobpartner-sql.txt | Description:
| MobPartner Chat suffers from multiple remote SQL injection vulnerabilities. | | Author: | AtT4CKxT3rR0r1ST | | File Size: | 2286 | | Last Modified: | Feb 2 16:33:34 2010 | | MD5 Checksum: | 4d54bfe1f20bbc29e8f52fe388e974b8 |
|
| /// File Name: | coreftp.py.txt | Description:
| CoreFTP version 2.1 b1637 password field universal buffer overflow exploit. | | Author: | corelanc0d3r,mr_me | | File Size: | 5472 | | Last Modified: | Feb 2 16:32:02 2010 | | MD5 Checksum: | 41a135ea6e8049a11c9d8ec050efe027 |
|
| /// File Name: | joomlagambling-sql.txt | Description:
| The Joomla Gambling component suffers from a remote SQL injection vulnerability. | | Author: | md.r00t | | File Size: | 777 | | Last Modified: | Feb 1 21:14:45 2010 | | MD5 Checksum: | 9f70bdade337441f6f2bb52db1de9e00 |
|
| /// File Name: | drupalmp3-xss.txt | Description:
| Drupal's MP3 Player module version 6.x-1.0-beta1 suffers from a cross site scripting vulnerability. | | Author: | Martin Barbella | | File Size: | 2290 | | Last Modified: | Feb 1 21:11:09 2010 | | MD5 Checksum: | d3b28361f500d6be7d0313a641e975fd |
|
| /// File Name: | alegrocart-xsrf.txt | Description:
| AlegroCart version 1.1 suffers from a cross site request forgery vulnerability. This example changes the administrator's password. | | Author: | The.Morpheus | | File Size: | 1736 | | Last Modified: | Feb 1 21:09:25 2010 | | MD5 Checksum: | 7dbd307d67582e8b1d8b22af98ce14cc |
|
| /// File Name: | emirateshost-insecure.txt | Description:
| EmiratesHost suffers from an insecure cookie handling vulnerability. | | Author: | jago-dz | | File Size: | 1502 | | Last Modified: | Feb 1 20:55:43 2010 | | MD5 Checksum: | d7cdeb4e2a2a1da07e268c25313b6eae |
|
| /// File Name: | CORE-2010-0106.txt | Description:
| Core Security Technologies Advisory - The Cisco Secure Desktop web application does not sufficiently verify if a well-formed request was provided by the user who submitted the POST request, resulting in a cross-site scripting vulnerability. In order to be able to successfully make the attack, the Secure Desktop application on the Cisco Appliance must be turned on. | | Author: | Core Security Technologies | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7791 | | Related CVE(s): | CVE-2010-0440 | | Last Modified: | Feb 1 20:45:49 2010 | | MD5 Checksum: | 43bf3b5f149665627a5281e53af94e5a |
|
| /// File Name: | joomlayelp-sql.txt | Description:
| The Joomla Yelp component suffers from a remote SQL injection vulnerability. | | Author: | bhunt3r | | File Size: | 1178 | | Last Modified: | Feb 1 20:44:59 2010 | | MD5 Checksum: | 747973e5b35e905579edadd6b43df330 |
|
| /// File Name: | joomlajobcom-sql.txt | Description:
| The Joomla Job component suffers from a remote SQL injection vulnerability. | | Author: | bhunt3r | | File Size: | 1197 | | Last Modified: | Feb 1 20:44:12 2010 | | MD5 Checksum: | d858aaca899006ef828edd3842bfd08e |
|
| /// File Name: | markagrup-xsrf.txt | Description:
| Marka Grup suffers from a cross site request forgery vulnerability. | | Author: | Cyber_945 | | File Size: | 1497 | | Last Modified: | Feb 1 20:17:10 2010 | | MD5 Checksum: | e122d4c73e4ef0ba8bb569970ef28ec7 |
|
|
|
|
|