Section:  .. / 0912-exploits  /

Page 2 of 25
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 >> Files 25 - 50 of 600
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: megaadsportal-sql.txt
Description:
 Mega ADS Portal suffers from a remote SQL injection vulnerability.
Author:Hussin X
File Size:867
Last Modified:Dec 31 20:54:18 2009
MD5 Checksum:cca3e852319f0d36fc1b10e3adb46c73

 ///  File Name: multiforums-xss.txt
Description:
 Multi Forums version 1.3.3 suffers from a cross site scripting vulnerability.
Author:indoushka
File Size:3271
Last Modified:Dec 31 20:53:24 2009
MD5 Checksum:8ff552da8684591166b81e5a49e58c61

 ///  File Name: photokorn-xssrfidisclose.txt
Description:
 Photokorn version 1.542 suffers from remote file inclusion, cross site scripting, and phpinfo() disclosure vulnerabilities.
Author:indoushka
File Size:3343
Last Modified:Dec 31 20:52:02 2009
MD5 Checksum:be0611b1dce7177406d492dea4c28d11

 ///  File Name: photopostclassifieds-shell.txt
Description:
 PhotoPost Classifieds version 1.8.2 suffers from a remote shell upload vulnerability.
Author:indoushka
File Size:3291
Last Modified:Dec 31 20:51:00 2009
MD5 Checksum:be971a8c1a64185e3103dc70f7630505

 ///  File Name: myiosoftgal-sql.txt
Description:
 Myiosoft EasyGallery suffers from a remote blind SQL injection vulnerability.
Author:Hussin X
File Size:574
Last Modified:Dec 31 20:49:59 2009
MD5 Checksum:4c902a647ecbd816e6d7e40095d06311

 ///  File Name: ipbbackup-disclose.txt
Description:
 Invision Power Board version 2.0.4 suffers from a backup related vulnerability.
Author:indoushka
File Size:2914
Last Modified:Dec 31 20:47:13 2009
MD5 Checksum:7e4b748aaa1584aa2ecb56788e24a090

 ///  File Name: Drupd0s.sh.txt
Description:
 Drupal versions 6.16 and below and 5.21 and below suffer from a remote denial of service vulnerability.
Author:emgent
File Size:1949
Last Modified:Dec 31 20:46:09 2009
MD5 Checksum:e4c59375ee1f30fdd0ddf576d9023e67

 ///  File Name: phpmysqlquiz-sql.txt
Description:
 PHP-MySQL-Quiz suffers from a remote SQL injection vulnerability.
Author:Hussin X
File Size:560
Last Modified:Dec 31 20:44:33 2009
MD5 Checksum:07a3367857afb0723a2e3d70c5a1511b

 ///  File Name: phpaddressbook315-sql.txt
Description:
 PHP-Addressbook version 3.1.5 suffers from a remote SQL injection vulnerability.
Author:Hussin X
File Size:545
Last Modified:Dec 31 20:43:12 2009
MD5 Checksum:85d8ea28c817124dd142e1602ac2dbcb

 ///  File Name: vlc103-dos.txt
Description:
 VLC version 1.0.3 denial of service exploit.
Author:D3V!L FucK3r
File Size:302
Last Modified:Dec 31 20:42:26 2009
MD5 Checksum:f12b64cad267acde96abdb452eb37293

 ///  File Name: WPd0s.sh.txt
Description:
 Wordpress versions 2.9 and below denial of service exploit.
Author:emgent
File Size:1930
Last Modified:Dec 31 20:41:28 2009
MD5 Checksum:ee2e8f9d18a411cd8ca9e40dd3d2e83c

 ///  File Name: simpleplayer-dos.txt
Description:
 SimplePlayer version 0.2 .wav buffer overflow denial of service exploit.
Author:mr_me
File Size:524
Last Modified:Dec 31 20:40:32 2009
MD5 Checksum:b6ae55ca620a6fe7cb87441b06dae787

 ///  File Name: bbscript-sql.txt
Description:
 bbScript versions 1.1.2.1 and below remote blind SQL injection exploit.
Author:cOndemned
Homepage:http://condemned.r00t.la/
File Size:1825
Last Modified:Dec 31 20:39:38 2009
MD5 Checksum:7a7ad539d2aa073db9af8a6aae7ba129

 ///  File Name: jCd0s.sh.txt
Description:
 Joomla Core versions 1.5.x and below suffer from a denial of service vulnerability.
Author:emgent
File Size:2018
Last Modified:Dec 31 20:37:35 2009
MD5 Checksum:cb403dfd21fc485975ea6ed5d5db6986

 ///  File Name: chrome-obfuscate.txt
Description:
 Google Chrome version 3.0195.38 suffers from a simple status bar obfuscation vulnerability.
Author:599eme Man
File Size:943
Last Modified:Dec 31 20:36:29 2009
MD5 Checksum:d6389e2d89bac2cede5f71b40f7f3215

 ///  File Name: apollo-dos.txt
Description:
 Apollo Player version 37.0.0.0 .aap buffer overflow denial of service exploit.
Author:Jacky
File Size:1009
Last Modified:Dec 31 20:35:20 2009
MD5 Checksum:b18f0b6360f14e326e640799a165af37

 ///  File Name: cyrus_pop3d_popsubfolders.rb.txt
Description:
 This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.
Author:bannedit,jduck
Homepage:http://www.metasploit.com
File Size:2688
Related OSVDB(s):25853
Related CVE(s):CVE-2006-2502
Last Modified:Dec 30 22:27:56 2009
MD5 Checksum:1ded0732305630bb2eb948c2bb1027bc

 ///  File Name: ca_arcserve_342.rb.txt
Description:
 This Metasploit module exploits a buffer overflow in Computer Associates BrighStor ARCserve r11.5 (build 3884). By sending a specially crafted RPC request to opcode 0x342, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need set the hostname argument (HNAME).
Author:MC,Nahuel Cayento Riva
Homepage:http://www.metasploit.com
File Size:3337
Related OSVDB(s):49468
Related CVE(s):CVE-2008-4397
Last Modified:Dec 30 22:27:15 2009
MD5 Checksum:919226f787d00935bbbced3153583218

 ///  File Name: ibm_tsm_rca_dicugetidentify.rb.txt
Description:
 This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart.
Author:jduck
Homepage:http://www.metasploit.com
File Size:4082
Related OSVDB(s):54232
Related CVE(s):CVE-2008-4828
Last Modified:Dec 30 22:26:24 2009
MD5 Checksum:fa051c0f07469d1a334bfa7b17bae821

 ///  File Name: hp_recovery_manager_omniinet.rb.txt
Description:
 This Metasploit module exploits a stack-based buffer overflow in HP Application Recovery Manager OmniInet daemon. By sending a specially crafted MSG_PROTOCOL packet, a remote attacker may be able to execute arbitrary code.
Author:EgiX
Homepage:http://www.metasploit.com
File Size:2237
Related OSVDB(s):60852
Related CVE(s):CVE-2009-3844
Last Modified:Dec 30 22:25:35 2009
MD5 Checksum:c14829e4027fcb4f36e80817705967a7

 ///  File Name: eureka_mail_err.rb.txt
Description:
 This Metasploit module exploits a buffer overflow in the Eureka Email 2.2q client that is triggered through an excessively long ERR message. NOTE: this exploit isn't very reliable. Unfortunately reaching the vulnerable code can only be done when manually checking mail (Ctrl-M). Checking at startup will not reach the code targeted here.
Author:Dr_IDE,Francis Provencher,dookie,jduck
Homepage:http://www.metasploit.com
File Size:2853
Related OSVDB(s):59262
Related CVE(s):CVE-2009-3837
Last Modified:Dec 30 22:23:29 2009
MD5 Checksum:6cf9e60c1d3f8e4b11891d6b756b3249

 ///  File Name: ibm_tsm_cad_ping.rb.txt
Description:
 This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart.
Author:jduck
Homepage:http://www.metasploit.com
File Size:2984
Related OSVDB(s):59632
Related CVE(s):CVE-2009-3853
Last Modified:Dec 30 22:22:45 2009
MD5 Checksum:ee24c193eb411fe535df8a3850ee4693

 ///  File Name: timbuktu_plughntcommand_bof.rb.txt
Description:
 This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.
Author:bannedit
Homepage:http://www.metasploit.com
File Size:4156
Related OSVDB(s):55436
Related CVE(s):CVE-2009-1394
Last Modified:Dec 30 22:21:57 2009
MD5 Checksum:df028563116486eee817e5533ceb5895

 ///  File Name: ms06_070_wkssvc.rb.txt
Description:
 This Metasploit module exploits a stack overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify a the name of a valid Windows DOMAIN. It may be possible to satisfy this condition by using a custom dns and ldap setup, however that method is not covered here. Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator credentials are required to reach the vulnerable code. Windows XP SP1 only requires valid user credentials. Also, testing shows that a machine already joined to a domain is not exploitable.
Author:jduck
Homepage:http://www.metasploit.com
File Size:5623
Related OSVDB(s):30263
Related CVE(s):CVE-2006-4691
Last Modified:Dec 30 22:20:56 2009
MD5 Checksum:e76d81bd330174da3b3561db126d28f5

 ///  File Name: persits_xupload_traversal.rb.txt
Description:
 This Metasploit module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing "..\\\\" sequences to the MakeHttpRequest method, an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of multi/handler since a user would have to log for the payload to execute.
Author:jduck
Homepage:http://www.metasploit.com
File Size:3876
Related OSVDB(s):60001
Related CVE(s):CVE-2009-3693
Last Modified:Dec 30 22:20:24 2009
MD5 Checksum:21253126f433fcd26e510a6f0bb90732