Section:  .. / 0401-exploits  /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 67
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: tinyServer1.1.txt
Description:
Tiny HTTP Server versions 1.1 and 1.0.5 are vulnerable to directory traversal, denial of service, and cross site scripting bugs. Examples provided.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:2210
Last Modified:Jan 26 13:01:00 2004
MD5 Checksum:b316b1333453be0f368f92c3fc403ec4

 ///  File Name: finjanSurfinGate.txt
Description:
When running in proxy mode, properly crafted requests sent to Finjan SurfinGate versions 6 and 7 can mimic control commands. Known vulnerabilities include viewing log data and causing the service to restart, potentially resulting in a DoS situation. The architecture for this application suggests there is a potential for modifying the filtering policy as well. The vendor has ignored the problem for over a year.
Author:David Byrne
File Size:4385
Last Modified:Jan 23 12:04:00 2004
MD5 Checksum:a70f0608854315d2b3d5d6fbf8a2c19f

 ///  File Name: novellNetware.txt
Description:
Novell Netware Enterprise web server versions 5.1 and 6.0 are vulnerable to various cross site scripting, path dislosure, and directory listing attacks.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:4912
Last Modified:Jan 23 11:35:00 2004
MD5 Checksum:d40561da198da58da8e3bcd2c83aa6a5

 ///  File Name: netbusWeb.txt
Description:
The NetBus web server that comes as part of the trojan is susceptible to a directory listing and remote file upload vulnerability when a trailing / or ./ is appended to the URL.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:1789
Last Modified:Jan 23 02:50:00 2004
MD5 Checksum:2624c5acf74b527be57358fb2e4904c5

 ///  File Name: freesco.txt
Description:
Version 2.05 of the Freesco thttpd server is susceptible to a cross site scripting attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2409
Last Modified:Jan 23 02:30:00 2004
MD5 Checksum:5dfe5dcde7f8a611aba17a8b91fe854d

 ///  File Name: geoHTTP.txt
Description:
GeoHttpServer is vulnerable to an authentication bypass and a denial of service attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:4144
Last Modified:Jan 23 02:00:00 2004
MD5 Checksum:01fc35d487f1ab59142f71a326fd8f7b

 ///  File Name: nfshp2cbof.zip
Description:
Need for Speed Hot Pursuit 2 remote exploit that makes use of a vulnerable client that is susceptible to a buffer overflow attack by a hostile server.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related File:nfshp2cbof-adv.txt
File Size:6179
Last Modified:Jan 23 01:46:00 2004
MD5 Checksum:a2533e96a41fae2797422a54576747d5

 ///  File Name: SCSA026.txt
Description:
Security Corporation Security Advisory [SCSA-026]: A vulnerability has been discovered in DUWARE Products, which allows malicious users to become administrators. It affects approximately 15 different products in all.
Author:frog-man
Homepage:http://www.Security-Corp.com
File Size:18506
Last Modified:Jan 21 08:40:00 2004
MD5 Checksum:e0f69730ba6f5ceede94ff8f24ddb128

 ///  File Name: 2WireGateway.txt
Description:
2Wire-Gateway is a router that has a webserver for maintenance. The CGI interface lacks input validation when returning an error with its return variable allowing for a directory traversal attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2256
Last Modified:Jan 21 08:14:00 2004
MD5 Checksum:2f31bde0d85934030ae48ddf5fa67a06

 ///  File Name: OwnServer10.txt
Description:
OwnServer, a web server used for watching security cameras remotely, is susceptible to a directory traversal bug that allows a remote attacker to gain access to files outside of the webroot.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2183
Last Modified:Jan 21 08:09:00 2004
MD5 Checksum:ba80aac48a068d49bc557d404dabc091

 ///  File Name: NETCam.txt
Description:
NETCam webserver running NETCam Viewers 1.0.0.28 and below have a directory traversal bug that allows remote attackers to gain access to files outside of the webroot.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:1883
Last Modified:Jan 21 02:41:00 2004
MD5 Checksum:fff83e96c2919cf0e08bcd43ccb2b6bc

 ///  File Name: goahead2.txt
Description:
The Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. The server has an internal problem where it will accept improper HTTP requests that allow a remote attacker to view source for CGI related files.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:3505
Last Modified:Jan 20 03:51:00 2004
MD5 Checksum:c3c9b58c5d94300aea7ebd8debfaa90b

 ///  File Name: goahead.txt
Description:
The Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. A flaw exists where an attacker can get the webserver to consume all of the server's resources by using the POST method with a specific number set for the Content-Length parameter.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:2883
Last Modified:Jan 20 03:50:00 2004
MD5 Checksum:bd70f9008e11a6ee7aee95e19b4bb985

 ///  File Name: yabbSE.txt
Description:
YaBB SE versions 1.54 and 1.53 have the functions welcome and recentTopics which are vulnerable to SQL injection because the parameter ID_MEMBER is not checked against malicious input.
Author:Backspace
File Size:3473
Last Modified:Jan 20 03:06:00 2004
MD5 Checksum:a1234c96000a3e009e5214ac7d067d4c

 ///  File Name: j2ee.pointbase.txt
Description:
Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.
Author:Marc Schoenefeld
Homepage:http://www.illegalaccess.org
File Size:3294
Last Modified:Jan 19 10:25:00 2004
MD5 Checksum:656290e3971e2cf1d90448e0af989f95

 ///  File Name: phpshopProject.txt
Description:
phpShop Project versions 0.6.1-b and earlier are prone to SQL injection attacks, script injection, cross site scripting, and user information disclosure vulnerabilities.
Author:JeiAr
Homepage:http://www.gulftech.org
File Size:5779
Last Modified:Jan 16 10:15:00 2004
MD5 Checksum:076eaaa70fe151462a72ab91f8f525d4

 ///  File Name: TA-150104.txt
Description:
Xtreme ASP Photo Gallery Version 2.0 is prone to a common SQL injection vulnerability. The problem occurs when handling user-supplied username and password data supplied to authentication procedures.
Author:posidron, rushjo
Homepage:http://www.tripbit.org/advisories/TA-150104.txt
File Size:2654
Last Modified:Jan 16 07:58:00 2004
MD5 Checksum:bc52c5d45bb88a8e41a5d418f9d1f68f

 ///  File Name: rapidcache.txt
Description:
RapidCache versions 2.2.6 and below suffer from denial of service and directory traversal bugs.
Author:Peter Winter-Smith
Homepage:http://www.elitehaven.net/rapidcache.txt
File Size:5286
Last Modified:Jan 15 23:17:00 2004
MD5 Checksum:9ec67f2bde13bce339f49f1bd384b38f

 ///  File Name: wwwfilesharepro.txt
Description:
WWW File Share Pro versions 2.42 and below allow for files outside of the webroot to be overwritten due to invalid input validation, a denial of service attack when POSTs are made with large amounts of bytes, and directory authorization bypass.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:4207
Last Modified:Jan 15 03:19:00 2004
MD5 Checksum:5e77a79be109409e5e90b1d986024226

 ///  File Name: susegnome.txt
Description:
Local exploit that makes use of a symlink vulnerability in YaST when using SuSEconfig.gnome-filesystem.
Author:l0om
Homepage:http://www.excluded.org
File Size:2883
Last Modified:Jan 14 05:28:00 2004
MD5 Checksum:0afb41e7b07762223cc3288875dd7751

 ///  File Name: antivir.c
Description:
Local exploit that makes use of a symlink vulnerability that lies in Antivir for Linux version 2.0.9-9.
Author:l0om
Homepage:http://www.excluded.org
File Size:2453
Last Modified:Jan 14 03:37:00 2004
MD5 Checksum:5afdc59fb13c6f0d8baab28cbbbc0772

 ///  File Name: hdsoft.c
Description:
Remote exploit for Windows FTP server version 1.6. Data for original vulnerability discovery made by Peter Winter-Smith here.
Author:mandragore
File Size:4581
Last Modified:Jan 13 19:26:00 2004
MD5 Checksum:630232757bde88f3ee2b10ff364007ee

 ///  File Name: phpGedView.txt
Description:
phpGedView version 2.65 beta 5 is susceptible to SQL injection attacks, path disclosure issues, cross site scripting, and denial of service attacks.
Homepage:http://www.gulftech.org
File Size:5224
Last Modified:Jan 13 07:55:00 2004
MD5 Checksum:95a022a564bc919b1d05e11aff9c4f20

 ///  File Name: DameWeird.c
Description:
DameWare Mini Remote Control versions 3.73 and below remote exploit. Tested against Windows 2000 with versions 3.68 and 3.72.
Author:kralor
Homepage:http://www.coromputer.net
File Size:9141
Last Modified:Jan 11 05:04:00 2004
MD5 Checksum:4cd04d7261c12d9e3fe068c4eb2e2ccc

 ///  File Name: ezcontents.txt
Description:
The ezContents utility allows for arbitrary code execution on the server due to a lack of input validation.
Author:Zero X
Homepage:http://www.lobnan.de
File Size:385
Last Modified:Jan 11 05:01:00 2004
MD5 Checksum:38a3e2b3ad498990ad9d390e8833d549