Section: .. / 0910-exploits /

Page 1 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 1 - 25 of 210

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	0910-exploits.tgz
Description:	This archive contains all of the 209 exploits added to Packet Storm in October, 2009.
Homepage:	http://packetstormsecurity.org/
File Size:	459241
Last Modified:	Nov 2 23:04:25 2009
MD5 Checksum:	bb96040080cf3c39d940b28a2097613c

/// File Name:	psart-sql.txt
Description:	PSArt version 1.2 suffers from a remote SQL injection vulnerability.
Author:	Securitylab Security Research
Homepage:	http://securitylab.ir/
File Size:	724
Last Modified:	Oct 30 16:15:16 2009
MD5 Checksum:	1043e1fc083872e2a574e77e1e1078b9

/// File Name:	CVE-2009-1979.zip
Description:	Proof of concept exploit for Oracle Database versions 10.1.0.5 and 10.2.0.4 that relates to an improper AUTH_SESSKEY parameter length validation.
Author:	Dennis Yurichev
File Size:	36296
Related CVE(s):	CVE-2009-1979
Last Modified:	Oct 30 15:38:16 2009
MD5 Checksum:	660b662ab4b883cfab9655f94f942ca7

/// File Name:	cubecart4-bypass.txt
Description:	CubeCart 4 suffers from a really nasty session management bypass vulnerability.
Author:	Bogdan Calin
Homepage:	http://www.acunetix.com/
File Size:	9130
Last Modified:	Oct 30 15:37:01 2009
MD5 Checksum:	7581bc6c05ca76a7306651bb56bb45f3

/// File Name:	2os.py.txt
Description:	Remote denial of service exploit for 2WIRE routers versions 5.29.52 and below.
Author:	hkm
Related File:	1-003.full.txt
File Size:	1230
Last Modified:	Oct 30 15:18:45 2009
MD5 Checksum:	57287b17aeed0178e00fddfe86c7f912

/// File Name:	tikiwiki_jhot_exec.rb.txt
Description:	TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity. The vulnerability has been reported in Tikiwiki version 1.9.4.
Author:	Matteo Cantoni
File Size:	7407
Related OSVDB(s):	28456
Related CVE(s):	CVE-2006-4602
Last Modified:	Oct 30 14:58:37 2009
MD5 Checksum:	bfe0080ed3f0b35548031d6376c39223

/// File Name:	tikiwiki_graph_formula_exec.rb.txt
Description:	TikiWiki versions 1.9.8 and below contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.
Author:	Matteo Cantoni
File Size:	4921
Related OSVDB(s):	40478
Related CVE(s):	CVE-2007-5423
Last Modified:	Oct 30 14:57:02 2009
MD5 Checksum:	9bb463f184aa6ec072b62cc3720e38e1

/// File Name:	squirrelmail_pgp_plugin.rb.txt
Description:	This Metasploit module exploits a command execution vulnerability in the PGP plugin of SquirrelMail.
Author:	Nicob
File Size:	4117
Related OSVDB(s):	3178
Related CVE(s):	CVE-2003-0990
Last Modified:	Oct 30 14:55:07 2009
MD5 Checksum:	f40d9630123bae27245952521986482e

/// File Name:	sphpblog_file_upload.rb.txt
Description:	This Metasploit module combines three separate issues within The Simple PHP Blog (versions 0.4.0 and below) application to upload arbitrary data and thus execute a shell. The first vulnerability exposes the hash file (password.txt) to unauthenticated users. The second vulnerability lies within the image upload system provided to logged-in users; there is no image validation function in the blogger to prevent an authenticated user from uploading any file type. The third vulnerability occurs within the blog comment functionality, allowing arbitrary files to be deleted.
Author:	Matteo Cantoni
File Size:	6197
Related OSVDB(s):	19012
Related CVE(s):	CVE-2005-2733
Last Modified:	Oct 30 14:53:25 2009
MD5 Checksum:	06420dea2b1236798228c7e9d86f4beb

/// File Name:	phpbb_highlist.rb.txt
Description:	This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().
Author:	Val Smith
File Size:	3369
Related OSVDB(s):	11719,17613
Related CVE(s):	CVE-2005-2086, CVE-2004-1315
Last Modified:	Oct 30 14:51:38 2009
MD5 Checksum:	7a942828f6e1af4e45f98f4bc41785f9

/// File Name:	php_xmlrpc_eval.rb.txt
Description:	This Metasploit module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.
Author:	H D Moore,cazz
Homepage:	http://www.metasploit.com
File Size:	3354
Related OSVDB(s):	17793
Related CVE(s):	CVE-2005-1921
Last Modified:	Oct 30 14:49:23 2009
MD5 Checksum:	cea4cd1d99b0e5eb14b3f425347482c5

/// File Name:	php_wordpress_lastpost.rb.txt
Description:	This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.
Author:	str0ke
File Size:	2704
Related OSVDB(s):	18672
Related CVE(s):	CVE-2005-2612
Last Modified:	Oct 30 14:47:48 2009
MD5 Checksum:	f0c5a85b146ef22ce67312366495cb42

/// File Name:	php_vbulletin_template.rb.txt
Description:	This Metasploit module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected.
Author:	str0ke
File Size:	2990
Related OSVDB(s):	14047
Related CVE(s):	CVE-2005-0511
Last Modified:	Oct 30 14:45:56 2009
MD5 Checksum:	c83f9da07beaf589f9aa2e8ad6021a4f

/// File Name:	pajax_remote_exec.rb.txt
Description:	RedTeam has identified two security flaws in PAJAX versions 0.5.1 and below. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php".
Author:	Matteo Cantoni
File Size:	2260
Related OSVDB(s):	24618
Related CVE(s):	CVE-2006-1551
Last Modified:	Oct 30 14:40:19 2009
MD5 Checksum:	5c46e5087345be555dac48b809d7b6d6

/// File Name:	openview_connectednodes_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen.
Author:	Valerio Tesei
File Size:	2211
Related OSVDB(s):	19057
Related CVE(s):	CVE-2005-2773
Last Modified:	Oct 30 14:36:15 2009
MD5 Checksum:	70212cc6ee078b781d5e49c11799122c

/// File Name:	nagios3_statuswml_ping.rb.txt
Description:	This Metasploit module abuses a metacharacter injection vulnerability in the Nagios3 statuswml.cgi script. This flaw is triggered when shell metacharacters are present in the parameters to the ping and traceroute commands.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2878
Related OSVDB(s):	55281
Related CVE(s):	CVE-2009-2288
Last Modified:	Oct 30 14:33:33 2009
MD5 Checksum:	8369632633bc7915a367b2218ef452f3

/// File Name:	mambo_cache_lite.rb.txt
Description:	This Metasploit module exploits a remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier.
Author:	MC
File Size:	1983
Related CVE(s):	CVE-2008-2905
Last Modified:	Oct 30 14:31:46 2009
MD5 Checksum:	22e651699eccbe7326a64912218e25e4

/// File Name:	guestbook_ssi_exec.rb.txt
Description:	The Matt Wright guestbook.pl versions 2.3.1 and below CGI script contains a flaw that may allow arbitrary command execution. The vulnerability requires that HTML posting is enabled in the guestbook.pl script, and that the web server must have the Server-Side Include (SSI) script handler enabled for the '.html' file type. By combining the script weakness with non-default server configuration, it is possible to exploit this vulnerability successfully.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2532
Related OSVDB(s):	84
Related CVE(s):	CVE-1999-1053
Last Modified:	Oct 30 14:12:30 2009
MD5 Checksum:	268d892de6ce7926d9ad13cc61ac426e

/// File Name:	joomla_tinybrowser.rb.txt
Description:	This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 1.5.12 of joomla and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
Author:	spinbad
File Size:	5082
Last Modified:	Oct 30 14:10:22 2009
MD5 Checksum:	8bf22f8e32a8a748e30581d85e45e524

/// File Name:	google_proxystylesheet_exec.rb.txt
Description:	This Metasploit module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4327
Related OSVDB(s):	20981
Related CVE(s):	CVE-2005-3757
Last Modified:	Oct 30 14:08:54 2009
MD5 Checksum:	8e61751b74839e299e2e895dbfd1c59f

/// File Name:	dogfood_spell_exec.rb.txt
Description:	This Metasploit module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by LSO and affects version 2.0.10.
Author:	LSO
File Size:	2444
Related OSVDB(s):	54707
Last Modified:	Oct 30 14:06:37 2009
MD5 Checksum:	681a3fad02a7853735d87a2231ee793c

/// File Name:	cacti_graphimage_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.
Author:	David Maciejak
File Size:	2572
Related OSVDB(s):	17539
Last Modified:	Oct 30 14:03:33 2009
MD5 Checksum:	a01ab56d13daa20513d8cad08ab4cadf

/// File Name:	base_qry_common.rb.txt
Description:	This Metasploit module exploits a remote file inclusion vulnerability in the base_qry_common.php file in BASE 1.2.4 and earlier.
Author:	MC
File Size:	1902
Related CVE(s):	CVE-2006-2685
Last Modified:	Oct 30 14:02:08 2009
MD5 Checksum:	cf2955f5f983aae66fb35f221c6cff6c

/// File Name:	barracuda_img_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
Author:	Nicolas Gregoire
File Size:	2507
Related OSVDB(s):	19279
Related CVE(s):	CVE-2005-2847
Last Modified:	Oct 30 14:00:12 2009
MD5 Checksum:	e19faa53d1b2d356c59201c2cddaf94a

/// File Name:	awstats_migrate_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWstats configuration file (non-default).
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	3020
Related OSVDB(s):	25284
Related CVE(s):	CVE-2006-2237
Last Modified:	Oct 30 13:58:36 2009
MD5 Checksum:	d879552f700a6ae226a70d8f51143a4a