Section: .. / 0410-exploits /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 60

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	monit402up.c
Description:	Monit 4.2 and below remote root exploit that uses a buffer overflow in the handling of Basic Authentication.
Author:	rtk
Homepage:	http://www.eos-india.net/
File Size:	7385
Last Modified:	Oct 26 04:14:42 2004
MD5 Checksum:	7a4132a84597f6c603af1befbe8be559

/// File Name:	shixxbof.zip
Description:	Proof of concept exploit that makes use of a buffer overflow vulnerability existing in Shixxnote 6.net.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	shixxnote6.txt
File Size:	7121
Last Modified:	Oct 25 00:21:38 2004
MD5 Checksum:	97d686dc8f42aec7293a0fbc4c2a48cb

/// File Name:	101_shixx.cpp
Description:	Remote buffer overflow exploit for ShixxNote 6.net, which, according to the producers site, is "a personal organizer, desktop sticky notes (post-it) program, instant messaging application (LAN messanger) and a communications tool used across a local network (Intranet), Internet and via email. Perfect and ideal tool for your LAN or office communication." The exploit works against Win2k only, it will crash other platforms.
Author:	class101
Homepage:	http://dfind.kd-team.com/
File Size:	8087
Last Modified:	Oct 23 17:16:00 2004
MD5 Checksum:	bfc9fbad540e7cb9c5659b33bb662ecb

/// File Name:	ms04-030_spl.pl
Description:	DoS exploit for Microsoft XML parsing flaw. This is an exploit for the issues described in MS04-30.
Author:	incognito_ergo
File Size:	745
Related OSVDB(s):	10688
Related CVE(s):	CAN-2003-0718
Last Modified:	Oct 20 00:01:00 2004
MD5 Checksum:	0f33d60d1b7d7b70dd4f0022207932b9

/// File Name:	HOD-ms04032-emf-expl2.c
Description:	Exploit that creates crafted metadata files to exploit IE6.0 display of such, as well as Explorer.exe's display of thumbnails of such. Created by houseofdabus. Exploit will connect back to set host/port.
Author:	houseofdabus HOD
File Size:	9057
Related OSVDB(s):	10692
Related CVE(s):	CAN-2004-0209
Last Modified:	Oct 19 23:31:00 2004
MD5 Checksum:	c21900c641c0ce9dfd32a3e3341273c7

/// File Name:	bmon.sh
Description:	This is a simple local exploit for FreeBSD/OpenBSD with bmon < 1.2.1_2 installed. It depends on the fact that bmon doesn't use an absolute path to commands that it calls. This particular exploit uses 'netstat'.
Author:	Idan Nahoum
File Size:	1272
Last Modified:	Oct 16 20:53:00 2004
MD5 Checksum:	24051a401b01dcceae1c193312a62e4a

/// File Name:	proftp-userdisc.c
Description:	Side-channel username verification against ProFTPd. Sends the USER command, and sees how long the server takes to respond, indicating whether the user exists or not. Obviously, this may produce false positives on slow network connections.
Author:	Leon Juranic
Homepage:	http://security.lss.hr/PoC/
File Size:	1338
Last Modified:	Oct 16 13:35:00 2004
MD5 Checksum:	6f26f6bb5284cbaf5f0481ab785e6eae

/// File Name:	cabarc.txt
Description:	Microsoft cabarc suffers from a directory traversal attack.
Author:	Jelmer
File Size:	371
Last Modified:	Oct 13 10:42:09 2004
MD5 Checksum:	20a56be84b1b67938e5b260c392522ac

/// File Name:	101_ypops.cpp
Description:	YahooPOPS version 1.6 and prior SMTP port buffer overflow exploit version 0.1. Binds a shell to port 101.
Author:	class101, Behrang Fouladi
File Size:	5809
Last Modified:	Oct 13 10:09:57 2004
MD5 Checksum:	0d5056eaf4d9cdc2944e37a93bdd4e78

/// File Name:	gosmart.txt
Description:	Multiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.
Author:	Positive Technologies
Homepage:	http://www.ptsecurity.com
File Size:	2097
Last Modified:	Oct 13 09:52:09 2004
MD5 Checksum:	4e91f441bdeec979428455ee684755e9

/// File Name:	turboTraffic.txt
Description:	Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided.
Author:	aCiDBiTS
File Size:	3633
Last Modified:	Oct 13 09:45:48 2004
MD5 Checksum:	543cdce4567d644e22ab3543765d5ba4

/// File Name:	lithsec.zip
Description:	Remote proof of concept exploit for old games developed by Monolith that are susceptible to a buffer overflow which occurs when an attacker sends a secure Gamespy query followed by at least 68 chars.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	oldMonolith.txt
File Size:	7942
Last Modified:	Oct 13 09:02:29 2004
MD5 Checksum:	a29ca3fcb7d4f6e8f9a85fa9d979f1a6

/// File Name:	flashmsg.zip
Description:	Remote proof of concept exploit that demonstrates a denial of service attack against Flash Messaging versions 5.2.0g and below.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	flash520g.txt
File Size:	10009
Last Modified:	Oct 13 08:50:10 2004
MD5 Checksum:	c2afd2aa414330b3e82bae1e1872fc0a

/// File Name:	tridcomm13.txt
Description:	Tridcomm versions 1.3 and below suffer from both upload and download directory traversal attacks. Exploitation provided.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
File Size:	1669
Last Modified:	Oct 13 07:43:23 2004
MD5 Checksum:	83aeadcfca11fcc4b9de8a470b52d26c

/// File Name:	blackboard.txt
Description:	BlackBoard version 1.5.1 is susceptible to full path disclosure and remote executable code inclusion.
Author:	Cracklove
Homepage:	http://ProxySky.com
File Size:	1532
Last Modified:	Oct 13 06:38:50 2004
MD5 Checksum:	65e781fc819bc6cf64300ef109e3b604

/// File Name:	phplinks2.txt
Description:	Further research into PHP Links shows that it is susceptible to a PHP inclusion flaw along with some SQL injection attacks.
Homepage:	http://security.lss.hr
File Size:	1499
Last Modified:	Oct 13 05:38:50 2004
MD5 Checksum:	5fbdc1927eda766638c56d56304c4870

/// File Name:	NotmuchG.pl.txt
Description:	Perl exploit for IPSwitch WhatsUp Gold version 8.03 that is susceptible to a remote buffer overflow. Tested on Win2k SP4. Successful exploitation binds a shell on port 28876.
Author:	ET
Related File:	08.25.04.txt
File Size:	4559
Last Modified:	Oct 13 05:14:47 2004
MD5 Checksum:	0c39361862f209e73e6107bf06e50093

/// File Name:	vymesbof.zip
Description:	Proof of concept exploit for Vypress Messenger versions 3.5.1 and below.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	vypressmesg.txt
File Size:	6868
Last Modified:	Oct 13 04:56:24 2004
MD5 Checksum:	5b58640a7a4fd1136da8102b46cbd4e6

/// File Name:	adv07-y3dips-2004.txt
Description:	AJ-Fork version 1.67 is susceptible to path disclosure, directory listing, backup directory access, and other flaws that allow access to database files. Exploitation provided.
Author:	y3dips
Homepage:	http://y3dips.echo.or.id/
File Size:	7165
Last Modified:	Oct 7 07:23:43 2004
MD5 Checksum:	1ab0bf1b031e247ea53908f257740974

/// File Name:	coldfusionmx61.txt
Description:	There is a vulnerability in ColdFusion MX 6.1 when a user can create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled.
Author:	Eric Lackey
File Size:	2826
Last Modified:	Oct 7 06:44:53 2004
MD5 Checksum:	1e8c513ba7c2a4621b1aa7faaa220e0d

/// File Name:	iceexec.rar
Description:	Remote proof of concept exploit for Icecast versions 2.0.1 and below on win32 that downloads NCAT from elitehaven.net and spawns a shell on port 9999.
Homepage:	http://www.delikon.de/
Related File:	icecast201.txt
File Size:	24207
Last Modified:	Oct 7 06:18:04 2004
MD5 Checksum:	74024e744247e3a3ed59c66dd5ccd79a

/// File Name:	priv8icecast.pl
Description:	Remote root exploit for Icecast 2.0.1 on Windows. Makes use of an overflow that allows for remote command execution and provides a nice reverse shell.
Author:	wsxz, Luigi Auriemma
Homepage:	http://Priv8security.com
Related File:	icecast201.txt
File Size:	5027
Last Modified:	Oct 7 06:14:49 2004
MD5 Checksum:	2c6ef9142f73396f075b8c3bd9987c02

/// File Name:	silentstorm.txt
Description:	The Silent Storm Portal versions 2.1 and 2.2 suffer from cross site scripting and unauthorized administrative access vulnerabilities due to a lack of variable sanitization.
Homepage:	http://www.CyberSpy.Org
File Size:	3360
Last Modified:	Oct 7 06:01:46 2004
MD5 Checksum:	85efc40646d41c9e25d281ceb0f1c1df

/// File Name:	w-agora.txt
Description:	Multiple vulnerabilities were found in the w-agora forum version 4.1.6a. A remote user can conduct SQL injection, HTTP response splitting and Cross site scripting attacks.
Homepage:	http://www.maxpatrol.com
File Size:	2073
Last Modified:	Oct 7 05:56:46 2004
MD5 Checksum:	262951fbdad40d4513cc706e29e4180a

/// File Name:	abzboom.zip
Description:	Remote denial of service exploit for Alpha Black Zero: Intrepid Protocol versions 1.04 and below, which suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	alphaBlack104.txt
File Size:	7719
Last Modified:	Oct 7 05:38:37 2004
MD5 Checksum:	20969c670e1ce185521d2b593ac46f65