Section: .. / 0501-exploits /

Page 2 of 4
<< 1 2 3 4 >> Files 25 - 50 of 92

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	Gallery134.txt
Description:	Gallery 1.3.4 suffers from remote script inclusion and cross site scripting vulnerabilities.
Author:	Rafel Ivgi
Homepage:	http://theinsider.deep-ice.com
File Size:	6489
Last Modified:	Jan 18 07:30:58 2005
MD5 Checksum:	d37ed0ca9947843db050dfbb5a219d54

/// File Name:	gbook.tgz
Description:	MPM Guestbook Pro remote exploit that performs arbitrary command execution and local file upload.
Author:	Robert Molnar
Related File:	ss11012005.txt
File Size:	8743
Last Modified:	Jan 25 07:47:47 2005
MD5 Checksum:	dcef1c46ec3752ba9327c5965ca5257e

/// File Name:	GHCaws.pl
Description:	AwStats exploit that makes use of a remote command execution vulnerability in versions 6.2 and below.
Author:	GHC
Homepage:	http://www.ghc.ru
File Size:	1937
Last Modified:	Jan 25 08:38:31 2005
MD5 Checksum:	cd4e6e2173c331307cd924b556c45421

/// File Name:	goldenSploit.pl
Description:	Golden FTP server exploit that binds a shell on port 4444 after making use of a buffer overflow using RNTO.
Author:	Barabas
File Size:	2442
Last Modified:	Jan 25 07:59:58 2005
MD5 Checksum:	b897ef652675f3288b9d4d8be0a7a4b8

/// File Name:	H2005-01.txt
Description:	Horde 3.0 contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and stealing authentication tokens.
Author:	Robert Fly
Homepage:	http://www.hyperdose.com
File Size:	1838
Last Modified:	Jan 16 05:48:06 2005
MD5 Checksum:	5c88d3c50f6a156434891b0d602d4bf0

/// File Name:	HOD-ms05002-ani-expl.c
Description:	Proof of concept exploit for the Windows ANI File Parsing vulnerability that works against Microsoft Windows Server 2003, XP SP0/SP1, and all versions of Windows 2000.
Author:	houseofdabus
Related File:	AD_LAB-04005.txt
File Size:	7503
Last Modified:	Jan 25 08:06:23 2005
MD5 Checksum:	9b7991b399daaf8262fdb31bb26b6cd9

/// File Name:	ie_attack.htm
Description:	Pocket IE on a Windows Mobile Pocket PC suffers from Unicode URL obfuscation, local file access, and cross site scripting vulnerabilities.
Author:	Seth Fogie
Homepage:	http://www.airscanner.com
File Size:	5613
Last Modified:	Jan 27 06:26:01 2005
MD5 Checksum:	4a7aa53d0c4f547a8a6702e988be69d5

/// File Name:	ieBarBypass.txt
Description:	Microsoft Internet Explorer 6 is susceptible to a flaw that allows for malicious file download via manipulation of the File Download Information bar functionality.
Author:	Rafel Ivgi
Homepage:	http://theinsider.deep-ice.com
File Size:	3258
Last Modified:	Jan 16 06:03:56 2005
MD5 Checksum:	c11f180df66f4b95df52ac55789a90f1

/// File Name:	IEurlflaw.txt
Description:	This code calls a URL in the browser window but fails to update the address bar in Internet Explorer. It appears that the form submission is suspended with the interrupt of the 'window.alert' call.
Author:	Graeme Stewart
File Size:	1527
Last Modified:	Jan 25 07:55:50 2005
MD5 Checksum:	5786b1d98471a885d0588c08908ee348

/// File Name:	iis_w3who_overflow.pm
Description:	Remote buffer overflow exploit for the w3who.dll in Microsoft Windows 2000. Drops to a command shell.
Author:	H.D. Moore
Homepage:	http://www.metasploit.com/
Related File:	esa-2004-1206.txt
File Size:	4564
Related CVE(s):	CAN-2004-1134
Last Modified:	Jan 12 08:19:09 2005
MD5 Checksum:	b5ac5a1122b0563bf7f3907983af3280

/// File Name:	imd_advisory.txt
Description:	The webmail portion of Infinite Mobile Delivery 2.6 from Captaris, Inc. contains a Cross Site Scripting vulnerability. In addition to the XSS, an even smaller issue exists where a user can determine the installation path of the client and where e-mails are stored.
Author:	Steven
Homepage:	http://www.lovebug.org/
File Size:	1741
Last Modified:	Jan 31 00:02:06 2005
MD5 Checksum:	73bf8815871d7d252113b66d4b21f75e

/// File Name:	InternetExploiter3.2.zip
Description:	InternetExploiter 3, .ANI-file Animation header length stack based buffer overflow exploit for Internet Explorer. Uses Cascading Style Sheets to load a malicious animated cursor. Runs a bindshell on port 28876.
Author:	Berend-Jan Wever
Homepage:	http://www.edup.tudelft.nl/~bjwever/
Related File:	AD_LAB-04005.txt
File Size:	2565
Last Modified:	Jan 15 23:53:42 2005
MD5 Checksum:	466f587227c9ddbf8f3e34710b089c84

/// File Name:	invisionSQL.txt
Description:	The Invision Community Blog system is susceptible to a SQL injection attack on the eid variable.
Author:	darkhawk matrix
Homepage:	http://www.matrix2k.org
File Size:	584
Last Modified:	Jan 11 02:25:30 2005
MD5 Checksum:	eedcc9e119950fc30714bfedd8be408b

/// File Name:	isec-0021-uselib.txt
Description:	Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected. Exploit included.
Author:	Paul Starzetz
Homepage:
File Size:	22989
Related CVE(s):	CAN-2004-1235
Last Modified:	Jan 7 17:27:00 2005
MD5 Checksum:	b8c1d99e53c3f8082e449457f5765447

/// File Name:	itunesPLS-local.txt
Description:	Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
Author:	nemo
Related File:	01.13.05.txt
File Size:	3611
Last Modified:	Jan 17 00:05:22 2005
MD5 Checksum:	2ec510bd1e7504720e2969ebeccde787

/// File Name:	itunesPLS.txt
Description:	Apple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
Author:	ATmaCA
Homepage:	http://www.atmacasoft.com/
Related File:	01.13.05.txt
File Size:	5447
Last Modified:	Jan 17 00:03:25 2005
MD5 Checksum:	708d91464c8f5f9de07c54ea32e04338

/// File Name:	iWebNegar.c
Description:	iWebNegar version 1.1 remote configuration nullification denial of service exploit.
Author:	c0d3r, hossein asgary
File Size:	2409
Last Modified:	Jan 5 05:37:18 2005
MD5 Checksum:	06b94ca728a3a7b374c2588781694558

/// File Name:	jakarta556_xss.txt
Description:	Apache Jakarta Tomcat version 5.5.6 is susceptible to cross site scripting attacks.
Author:	Oliver Karow
Homepage:	http://www.oliverkarow.de/
File Size:	910
Last Modified:	Jan 7 02:42:07 2005
MD5 Checksum:	8d2da4e59e74ea24a42efaf5451139f6

/// File Name:	kazaaDoS.txt
Description:	Flaws in Kazaa allow for arbitrary code execution and for remote execution of code.
Author:	Rafel Ivgi
Homepage:	http://theinsider.deep-ice.com
File Size:	3280
Last Modified:	Jan 18 07:32:34 2005
MD5 Checksum:	d4de1222dbe0a8a0779c4454dcdffaa0

/// File Name:	LSS-2005-01-03.txt
Description:	LSS Security Advisory #LSS-2005-01-03 - There is a privilege escalation and arbitrary file read vulnerability in ftpfile, the Squirrelmail Vacation plugin. Version 0.15 is affected. Detailed exploitation provided.
Author:	Leon Juranic
Homepage:	http://security.lss.hr
File Size:	2331
Last Modified:	Jan 12 07:24:46 2005
MD5 Checksum:	0f57d6737f94fd0948cf9ce5f8fb3405

/// File Name:	MinisTraverse.txt
Description:	Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
Author:	Madelman
File Size:	3879
Last Modified:	Jan 16 20:13:00 2005
MD5 Checksum:	d3aedc1d21e4c6f53b73e22762727c7d

/// File Name:	mybbSQL.txt
Description:	MyBB is prone to a SQL injection attack within the uid parameter of member.php. The flaw allows for retrieval of the admin password hash. Sample exploit provided.
Author:	scottm
File Size:	1724
Last Modified:	Jan 5 06:09:51 2005
MD5 Checksum:	e6d1d80285c702f9aef7e683bff126fb

/// File Name:	netegrity.txt
Description:	The Netegrity SiteMinder smpwservicescgi.exe is susceptible to a remote data inclusion vulnerability that allows for phishing attacks.
Author:	Marc Ruef
Homepage:	http://www.computec.ch/projekte/atk/
File Size:	2490
Last Modified:	Jan 19 07:19:16 2005
MD5 Checksum:	2d8ada3ab66ec8268d82e552fa2e164c

/// File Name:	nodemgrPOC.cpp
Description:	NodeManager Professional 2.00 buffer overflow exploit that binds a shell to port 2001.
Author:	Tan Chew Keong
Related File:	nodemanager200.txt
File Size:	7972
Last Modified:	Jan 19 07:35:57 2005
MD5 Checksum:	d3ea564e89596c5826d835b8f712e9cc

/// File Name:	OutlookMuteX.txt
Description:	Exploit for Outlook that can press a button to verify it is okay to access protected contact data. Tested against Windows XP SP1. This functionality may be utilized in future worm creation.
Author:	Anand Khare
File Size:	6688
Last Modified:	Jan 28 07:14:47 2005
MD5 Checksum:	55f67af1a82aec066bc16a4846d93360