Section: .. / 0412-exploits /

Page 3 of 3
<< 1 2 3 >> Files 50 - 74 of 74

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	phpGroupWare.txt
Description:	phpGroupWare version 0.9.16.003 is susceptible to full path disclosure, cross site scripting, and SQL injection attacks. Exploitation provided.
Author:	James Bercegay
Homepage:	http://www.gulftech.org/
File Size:	5975
Last Modified:	Dec 30 08:54:56 2004
MD5 Checksum:	8889f85e8f28423e6ef44a2548455b0c

/// File Name:	firstclass.txt
Description:	OpenText FirstClass version 8.0 httpd /Search remote denial of service exploit that makes use of large requests.
Homepage:	http://milw0rm.com/
File Size:	6607
Last Modified:	Dec 30 08:53:19 2004
MD5 Checksum:	4454a8916856db202a09da2b6e930c89

/// File Name:	isec-0019-scm.txt
Description:	A locally exploitable flaw has been found in the Linux socket layer that allows a local user to hang a vulnerable machine. Kernel version 2.4 up to and including 2.4.28 and 2.6 up to and including 2.6.9 are susceptible. Full exploitation provided.
Author:	Paul Starzetz
Homepage:	http://isec.pl/vulnerabilities/isec-0019-scm.txt
File Size:	4262
Related CVE(s):	CAN-2004-1016
Last Modified:	Dec 30 08:24:55 2004
MD5 Checksum:	8899648b0df449114a9613a0d4f6a051

/// File Name:	isec-0018-igmp.txt
Description:	Multiple bugs both locally and remotely exploitable have been found in the Linux IGMP networking module and the corresponding user API. Full exploit provided. Linux kernels 2.4 up to and include 2.4.28 and 2.6 up to and including 2.6.9 are affected.
Author:	Paul Starzetz
Homepage:	http://isec.pl/vulnerabilities/isec-0018-igmp.txt
File Size:	9640
Related CVE(s):	CAN-2004-1137
Last Modified:	Dec 30 08:22:34 2004
MD5 Checksum:	b7cd630515de8672732c1abcbf16e912

/// File Name:	lithsock.zip
Description:	Remote denial of service proof of concept exploit for the Lithtech game engine that is susceptible to a denial of service attack via a logic error when handling UDP packets with zero bytes.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org/
Related File:	lithsock.txt
File Size:	7789
Last Modified:	Dec 30 07:42:42 2004
MD5 Checksum:	781945faf97839d745ebc389b81f073a

/// File Name:	sugarSales.txt
Description:	Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities include full path disclosure, file inclusion, remote command execution, and SQL injection attacks. Versions up to 2.0.1c are susceptible.
Author:	Daniel Fabian
File Size:	6150
Last Modified:	Dec 30 07:28:17 2004
MD5 Checksum:	6a238c167b455bb722100e71b4d42187

/// File Name:	ubbXSS.txt
Description:	UBBThreads versions 6.2.3 and 6.5 are susceptible to cross site scripting attacks.
File Size:	2042
Last Modified:	Dec 30 07:20:25 2004
MD5 Checksum:	1717de580e10b0b0f2e97c14808ca3b3

/// File Name:	DilAurDimag-Advisory-07-20-12-2004...>
Description:	ChangePassword, YP/Samba/Squid password-changing tool has a local vulnerability which allows attackers to seize control of the computer. Exploit information included.
Author:	Anand Khare
File Size:	1985
Last Modified:	Dec 20 22:44:13 2004
MD5 Checksum:	98bbf911eb59661e2c14ecbc2369c6b1

/// File Name:	phpbbmemorydump.cpp
Description:	phpBB 2.x with PHP <= 4.3.9 Remote unserialize() exploit, in c++. More information available here.
Author:	Overdose
File Size:	21905
Last Modified:	Dec 20 06:47:59 2004
MD5 Checksum:	56830aa54ca1057db8801240d287900e

/// File Name:	secunia.com-advisories-13415.c
Description:	Firstclass v7.1 and 8.0 remote denial of service exploit. More information available here.
Author:	Anand Khare
File Size:	6581
Last Modified:	Dec 19 13:42:44 2004
MD5 Checksum:	858b743a7cb04af9ba6387fc6e299484

/// File Name:	phpbbquoteflaw.txt
Description:	A flaw in phpBB 2.x allows a malicious user the ability to alter how posts are aligned due to mishandling of quotes in posts.
Author:	Matt Benenati
File Size:	1061
Last Modified:	Dec 12 21:19:30 2004
MD5 Checksum:	631b10282d8639800a9bd49df6ef8292

/// File Name:	citadel_fsexp.c
Description:	Remote root exploit for Citadel/UX versions 6.27 and below that makes use of a format string vulnerability. Tested against Slackware 10.0.
Author:	CoKi
Homepage:	http://www.nosystem.com.ar
Related File:	nsg-advisory-09.txt
File Size:	9135
Last Modified:	Dec 12 20:57:44 2004
MD5 Checksum:	90c58521cf1c000af9e84004d8bb79b4

/// File Name:	wget18x.txt
Description:	wget versions 1.8 and below allow for arbitrary overwriting, creating, and appending to files on the underlying system with the permissions of the user executing the binary. The files to be written to can be anywhere regardless of what the end user has requested. The primary flaw is a failure to sanitize redirection data.
Author:	Jan Minar
File Size:	8366
Last Modified:	Dec 12 20:07:01 2004
MD5 Checksum:	88a6d3d3f49ea2cb29e920e0c504eaf6

/// File Name:	WebLibs10.txt
Description:	WebLibs 1.0 is susceptible to arbitrary file access due to a lack of input validation for a hidden variable. Exploitation details included.
Author:	John Bissell
File Size:	3056
Last Modified:	Dec 12 19:52:09 2004
MD5 Checksum:	9f9c94b9d1b26a97f71ded009e986b66

/// File Name:	bfcboom.zip
Description:	Denial of service exploit for Battlefield 1942 versions 1.6.19 and below and Battlefield Vietnam versions 1.2 and below.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	bfcboom.txt
File Size:	7110
Last Modified:	Dec 12 19:38:53 2004
MD5 Checksum:	0bae9b8ecfb01b57d09c8968c9989cdc

/// File Name:	msnXSS.txt
Description:	A whole slew of cross site scripting flaws have been discovered and are listed here.
Author:	Jamie Fisher
File Size:	19794
Last Modified:	Dec 12 19:33:02 2004
MD5 Checksum:	bdde296e55534bed7cacfd8464b7b495

/// File Name:	adv09-y3dips-2004.txt
Description:	paFileDB 3.1 has a couple vulnerabilities that allow for admin password hash retrieval and full path disclosure.
Author:	y3dips
Homepage:	http://y3dips.echo.or.id/
File Size:	4424
Last Modified:	Dec 12 19:30:26 2004
MD5 Checksum:	8f7a6d93c349ecfa1763b7da8de113bc

/// File Name:	AdobeMac.txt
Description:	Adobe Version Cue, which is setuid root on Mac OS X, allows for local compromise due to using an insecure PATH. Exploitation included.
Author:	Jonathan Bringhurst
File Size:	1751
Last Modified:	Dec 12 19:22:08 2004
MD5 Checksum:	1e3e129e1e8c48a48cbf75b23f9c38b1

/// File Name:	hostingControl.txt
Description:	Hosting Controller web automation tools suffer from a lack of input validation, allowing any remote attacker the ability to browse the hard drive. Versions 6.1 and below are susceptible.
Author:	Mouse, s7az2mm, bl2k
Homepage:	http://Shabgard.org
File Size:	1692
Last Modified:	Dec 12 18:49:21 2004
MD5 Checksum:	34dcdac2baef555dde93ba23d19edc65

/// File Name:	woolchat.txt
Description:	WoolChat IRC client is susceptible to a buffer overflow when a DCC send query is sent with more than 260 bytes.
Author:	White E
Homepage:	http://nogimmick.org/
File Size:	1333
Last Modified:	Dec 12 08:33:54 2004
MD5 Checksum:	6659b1bb546b1aa6aa358bf13ab3af85

/// File Name:	kreedexec.zip
Description:	Remote exploit for Kreed versions 1.05 and below that suffer from format string error, denial of service, and server freeze flaws.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	kreedexec.txt
File Size:	11451
Last Modified:	Dec 12 01:23:53 2004
MD5 Checksum:	b975e09fcf4c5ed1de4d0811c9d44aaa

/// File Name:	blogtorrent.txt
Description:	Blogtorrent, a collection of PHP scripts written to be used in conjunction with bittorrent, fails to properly sanitize input on a variable allowing for directory traversal attacks.
Author:	Steve Kemp
File Size:	1542
Last Modified:	Dec 12 01:17:21 2004
MD5 Checksum:	57317fe60cdb03d48587d1d0639e98d6

/// File Name:	ex_MERCURY2.c
Description:	Universal remote exploit for the buffer overflow vulnerability in Mercury Mail 4.01 (Pegasus) IMAP server. Second version loaded with 14 types of attacks.
Author:	John H.
Homepage:	http://www.secnetops.com
File Size:	7762
Last Modified:	Dec 12 01:05:33 2004
MD5 Checksum:	9aafca56ed08e82a2d67bf3fdd5546a5

/// File Name:	ie6-file-detection.txt
Description:	Internet Explorer 6.0 SP1 + Win2k SP4 (up to date) local file detection advisory and exploit which uses the sysimage:// protocol to allow websites to determine which software is installed. Online demonstration available here.
Author:	Gregory R. Panakkal
File Size:	1554
Last Modified:	Dec 9 09:43:34 2004
MD5 Checksum:	ed420f20aa99e3de906f1e316a3f35ac