Section: .. / 0403-exploits /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 61

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	invisionPTSL11.txt
Description:	Invision Power Top Site List versions 1.1 and below are susceptible to a SQL injection attack.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	1941
Last Modified:	Mar 22 18:23:00 2004
MD5 Checksum:	89cc01772ab29a9573a722ab0fff2aa0

/// File Name:	invision101PSsql.txt
Description:	Invision Gallery version 1.0.1 fails to properly validate user supplied input allowing for various SQL injection attacks.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	3318
Last Modified:	Mar 22 18:21:00 2004
MD5 Checksum:	c0d1a2d6ef28b6bda7f843d1e973fada

/// File Name:	xinebug.txt
Description:	xine-bugreport suffers from insecure file creation in /tmp that can lead to a symlink attack.
Author:	Shaun Colley aka shaun2k2
File Size:	15624
Last Modified:	Mar 20 17:48:00 2004
MD5 Checksum:	941f872c645d67313e9f207028e0bc2a

/// File Name:	smbprintsymlink.txt
Description:	smbprint insecurely writes to files in /tmp allowing for a symbolic link attack. Full details on exploitation included.
Author:	Shaun Colley aka shaun2k2
File Size:	7843
Last Modified:	Mar 19 20:38:00 2004
MD5 Checksum:	1a280809a3d52ca67bfea0331f678f8c

/// File Name:	eudora603.pl
Description:	Exploit that performs an attachment spoofing demo for Eudora versions 6.0.3 and below.
Author:	Paul Szabo
Homepage:	http://www.maths.usyd.edu.au:8000/u/psz/
File Size:	6838
Last Modified:	Mar 19 18:32:00 2004
MD5 Checksum:	96bdd0de3dd57cdfc53b48e97769538e

/// File Name:	chromeboom.zip
Description:	Remote exploit that causes a server crash in Chrome versions 1.2.0.0 and below.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	chrome1200.txt
File Size:	5882
Last Modified:	Mar 19 17:46:00 2004
MD5 Checksum:	e3db592b13f93de2362dcaac5b365292

/// File Name:	waraxe-2004-SA010.txt
Description:	Multiple vulnerabilities exist in the Error Manager version 2.1 for PhpNuke 6.0. One of them allows for script injection in error logs, forcing an administrator to execute code when viewing the logs.
Author:	Janek Vind aka waraxe
File Size:	4704
Last Modified:	Mar 18 19:56:20 2004
MD5 Checksum:	c5211d7706772572c3d0aa67c167526f

/// File Name:	phpx324.txt
Description:	PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.
Author:	Ryan Wray aka HelloWorld
File Size:	6448
Last Modified:	Mar 17 08:15:34 2004
MD5 Checksum:	09ddcbef76dbf1843ea527f95f6e77ed

/// File Name:	mambo45.txt
Description:	The Mambo Open Source web content management system version 4.5 stable 1.0.3 and earlier suffers from multiple vulnerabilities including cross site scripting, SQL injection, and query tampering.
Author:	JeiAr
Homepage:	http://www.gulftech.org/
File Size:	3435
Last Modified:	Mar 17 08:08:55 2004
MD5 Checksum:	ec2f492becbcac7c65ef593029606aa8

/// File Name:	jelsoftvb.txt
Description:	Jelsoft vBulletin 3.0.0 RC4 and other releases and susceptible to cross site scripting attacks.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	1777
Last Modified:	Mar 17 08:05:44 2004
MD5 Checksum:	4f83992e161d1ddf246913f0c9010c4a

/// File Name:	crafty.zip
Description:	Local exploit for the Crafty game versions 19.3 and below that makes use of a buffer overflow vulnerability. Tested on Red Hat 9.0 and Slackware 8.0.
Author:	Angelo Rosiello
Homepage:	http://www.rosiello.org/
File Size:	1339
Last Modified:	Mar 17 08:03:59 2004
MD5 Checksum:	7f2d5cf53e82ee02aedd5cd104c2625b

/// File Name:	phorum503.txt
Description:	Cross site scripting vulnerabilities exists in Phorum versions 5.0.3 Beta and below.
Author:	JeiAr
File Size:	1885
Last Modified:	Mar 17 07:57:35 2004
MD5 Checksum:	945b7d0d1cd0744b82f57e86647d09ac

/// File Name:	waraxe-2004-SA007.txt
Description:	Both cross site scripting and SQL injection vulnerabilities exist in the 4nGuestbook version 0.92 module for PHP-Nuke versions 6.5 through 6.9.
Author:	Janek Vind aka waraxe
File Size:	3201
Last Modified:	Mar 17 07:49:20 2004
MD5 Checksum:	becce8a2081f9a11e8233b6d1b356fc1

/// File Name:	waraxe-2004-SA006.txt
Description:	The 4nalbum module for PHP-Nuke versions 6.5 to 7.0 suffers from path disclosure, cross site scripting, remote file inclusion, and SQL injection vulnerabilities.
Author:	Janek Vind aka waraxe
File Size:	4031
Last Modified:	Mar 17 07:46:24 2004
MD5 Checksum:	369a410f953e7fff7195f32b0c5adfd7

/// File Name:	waraxe-2004-SA005.txt
Description:	PHP-Nuke 7.1.0 is susceptibel to multiple cross site scripting attacks.
Author:	Janek Vind aka waraxe
File Size:	3478
Last Modified:	Mar 17 07:43:35 2004
MD5 Checksum:	5b9ef9a1588d59a6e090331c3ad524ba

/// File Name:	vocaltec8.txt
Description:	VocalTec Gateway version 8 has multiple vulnerabilities. Using an information disclosure vulnerability existant in this server, an attacker can then traverse directories when treating the file as a directory, and gain access to any file normally protected.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	2633
Last Modified:	Mar 16 04:46:46 2004
MD5 Checksum:	f9be12534bb4e693002b5793cad94b9e

/// File Name:	mdaemon-exploit.c
Description:	Remote exploit for MDaemon Mail Server versions 6.52 to 6.85 that makes use of a buffer overflow in its raw message handler. This exploit has only been tested on Windows XP Home and Pro Edition (Dutch) SP1.
Author:	Angelo Rosiello
Homepage:	http://www.rosiello.org
Related File:	mdaemon-raw.txt
File Size:	12476
Last Modified:	Mar 16 04:31:17 2004
MD5 Checksum:	fff65d681162d5d7b7043edf21a4173e

/// File Name:	YaBBXSS.txt
Description:	YaBB 1 Gold and YaBB SE 1.5.1 Final are both susceptible cross site scripting attacks.
Author:	Cheng Peng Su
File Size:	1132
Last Modified:	Mar 15 20:14:58 2004
MD5 Checksum:	fc4ddf38bbe5ac917b5c8be4a87ee02c

/// File Name:	opera723.txt
Description:	Opera version 7.23 on Linux and Windows is susceptible to a denial of service attack.
Author:	d3thstar
Homepage:	http://rootthief.com
File Size:	1041
Last Modified:	Mar 15 20:12:09 2004
MD5 Checksum:	614da594c116c9c6a40fde144c8c89e0

/// File Name:	phpBBXSS206d.txt
Description:	phpBB versions 2.0.6d and below suffer from cross site scripting vulnerabilities.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	4776
Last Modified:	Mar 15 20:06:27 2004
MD5 Checksum:	8f141547555e3e8b5843c2166e6132ba

/// File Name:	Pegasi022.txt
Description:	Pegasi Web Server aka PWS version 0.2.2 is susceptible to cross site scripting and directory traversal attacks due to a lack of input validation.
Author:	Donato Ferrante
Homepage:	http://www.autistici.org/fdonato
File Size:	2629
Last Modified:	Mar 12 02:59:48 2004
MD5 Checksum:	e3efa0b9842af7a8049abc169304ca43

/// File Name:	cpanelroot.txt
Description:	When trying to change a user password in Cpanel 8.x.x, it is possible to execute commands as root. Exploitation included.
Author:	Arab VieruZ
File Size:	455
Last Modified:	Mar 12 02:51:50 2004
MD5 Checksum:	f2839f547ba7c9b3167b5fc8fe293edd

/// File Name:	battlemagy.zip
Description:	Exploit for testing a specific server to see if it is susceptible to a denial of service vulnerability found in Battle Mages versions 1.0 for Windows.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	battlemages-adv.txt
File Size:	5426
Last Modified:	Mar 12 02:44:24 2004
MD5 Checksum:	2779f53ca1344fd9a08b5f551bb0f38c

/// File Name:	unrfs-poc.zip
Description:	Remote exploit for the Unreal game engine for Windows, MacOS, and Linux that makes use of a format string bug. This proof-of-concept is a proxy server able to modify the Unreal packets in real-time allowing the insertion of %n into the class names sent by the client to the server causing the remote crash. Games affected: America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, Tactical Ops, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, and XIII.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	unrealEngine.txt
File Size:	9404
Last Modified:	Mar 11 10:46:50 2004
MD5 Checksum:	8ae15e07d05998dbfc95996a84ebc3fc

/// File Name:	anubisexp.c
Description:	Remote root exploit for GNU Anubis 3.6.2.
Author:	CMN
Related File:	anubisAdv.txt
File Size:	17513
Last Modified:	Mar 11 02:48:33 2004
MD5 Checksum:	b1bb97db6413d3510250b9eed760455f