Section: .. / 0511-exploits /

Page 4 of 6
<< 1 2 3 4 5 6 >> Files 75 - 100 of 132

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	ZH200502.txt
Description:	Zone-H Research Center Security Advisory 200502 - phpAdsNew versions 2.0.6 and below suffer from SQL injection flaws. Exploitation details provided.
Author:	Kevin Fernandez aka Siegfried
Homepage:	http://www.zone-h.fr/
File Size:	2227
Last Modified:	Nov 12 04:24:02 2005
MD5 Checksum:	71c2a4b06afc911e71b797fb8e772d20

/// File Name:	moodle16dev.txt
Description:	Moodle versions 1.6dev and below suffer from blind SQL injection, remote command execution, and cross site scripting flaws. Exploitation details provided.
Author:	rgod
Homepage:	http://rgod.altervista.org
File Size:	12628
Last Modified:	Nov 12 04:00:55 2005
MD5 Checksum:	ea87ac16f14f20aaa2e75d08a6957896

/// File Name:	susechfn.sh.txt
Description:	Local root exploit for chfn under SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0, and SuSE Linux Enterprise Server {8,9}.
Author:	Hunger
Related File:	SUSE-SA-2005-064.txt
File Size:	961
Last Modified:	Nov 10 06:43:38 2005
MD5 Checksum:	895756970d08459e693287e6f9526a5a

/// File Name:	fsigk_exp.py.txt
Description:	F-Secure Internet Gatekeeper for Linux local root exploit written in Python.
Author:	xavier
Homepage:	http://xavsec.blogspot.com
File Size:	5726
Last Modified:	Nov 10 06:41:36 2005
MD5 Checksum:	8fd32a41755b781105ed34dc1b1eae28

/// File Name:	sudo168p10.sh.txt
Description:	Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
Author:	breno
Related File:	USN-213-1.txt
File Size:	992
Related CVE(s):	CAN-2005-2959
Last Modified:	Nov 10 06:32:06 2005
MD5 Checksum:	26689850763402295ae09b43b6f7fa81

/// File Name:	0004.txt
Description:	Antville version 1.1 suffers from a cross site scripting flaw.
Homepage:	http://moritz-naumann.com/
File Size:	2407
Related CVE(s):	CVE-2005-3530
Last Modified:	Nov 10 06:26:50 2005
MD5 Checksum:	b892b6dfca7fbf65303b9584f298dfc9

/// File Name:	0003.txt
Description:	TikiWiki versions 1.9.x up to and including 1.9.2 suffer from a cross site scripting vulnerability and possible SQL injection vulnerabilities.
Homepage:	http://moritz-naumann.com/
File Size:	2887
Related CVE(s):	CVE-2005-3528, CVE-2005-3529
Last Modified:	Nov 10 06:25:42 2005
MD5 Checksum:	01326c2f74a0d9a59e9f2daf503b0a9b

/// File Name:	advisory_212005.80.txt
Description:	PHPKIT versions 1.6.1 R2 and below suffer from cross site scripting, SQL injection, information disclosure, password hash disclosure, local file disclosure, and arbitrary code execution flaws. Various sample exploitation details provided.
Author:	Christopher Kunz
Homepage:	http://www.hardened-php.net/advisory_212005.80.html
File Size:	9498
Last Modified:	Nov 9 04:58:23 2005
MD5 Checksum:	71a66055fa428354a04394d231ff23d7

/// File Name:	atutor151pl2.txt
Description:	ATutor versions less than or equal to 1.5.1pl2 SQL Injection and Remote commands execution exploit.
Author:	rgod
Homepage:	http://rgod.altervista.org/atutor151pl2.html
File Size:	11194
Last Modified:	Nov 8 20:52:15 2005
MD5 Checksum:	f6e0ae302cbd497b731ce3dc9d4a61f5

/// File Name:	oste1.0.txt
Description:	The OSTE toplist script v1.0 is vulnerable to remote code execution.
Author:	khc
File Size:	337
Last Modified:	Nov 8 20:01:40 2005
MD5 Checksum:	0e7c053243418a09d49fcafa1f9e835b

/// File Name:	guestbook-2.2.txt
Description:	Guestbook v2.2 is vulnerable to a classic SQL admin bypass vulnerability.
Author:	bhs_team
Homepage:	http://www.Babol-Hackers.com
File Size:	541
Last Modified:	Nov 8 19:57:00 2005
MD5 Checksum:	2e4a2d709870136d7d20ecd20e2c59bc

/// File Name:	SEC-20051107-1.txt
Description:	SEC-CONSULT Security Advisory 20051107-1 - SEC Consult has found that parameters to ActionDefineFunction (ACTIONRECORD 0x9b) in the Macromedia Flash Plugin are not properly sanitized. Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution. This issue is similar to CAN-2005-2628 (as reported by eEye Digital Security on November 4, 2005) but affects a different function. Versions affected: flash.ocx 7.0.19.0 and earlier, libflashplayer.so before 7.0.25.0.
Author:	Bernhard Mueller
Homepage:	http://www.sec-consult.com
File Size:	3098
Last Modified:	Nov 8 17:59:22 2005
MD5 Checksum:	264599e1850c14e2756e29db80b22319

/// File Name:	SEC-20051107-0.txt
Description:	SEC-CONSULT Security Advisory 20051107-0 - toendaCMS allows for theft of CMS usernames and passwords (XML database mode), session theft (XML database mode), directory traversal attacks (XML database mode), and arbitrary file uploads. Versions below 0.6.2 are affected.
Author:	Bernhard Mueller
Homepage:	http://www.sec-consult.com
File Size:	3223
Last Modified:	Nov 8 17:56:56 2005
MD5 Checksum:	6844189f4d71a6ff5a7e18d4ca8b49b4

/// File Name:	namesXSS.txt
Description:	names.co.uk, an English registrar and web hosting company, has an cross site scripting vulnerability allowing injection of arbitrary Javascript.
Author:	reuben.31
File Size:	601
Last Modified:	Nov 8 17:50:57 2005
MD5 Checksum:	8a4a5966f0874e223608846ea8dcc14a

/// File Name:	twiki20030201.pl.txt
Description:	TWiki 20030201 VIEW string remote command execution exploit.
Author:	rUnViRuS
Homepage:	http://www.worlddefacers.net
File Size:	3144
Last Modified:	Nov 8 17:49:44 2005
MD5 Checksum:	704505f7f84b2632546beef86fb51138

/// File Name:	phpfm.txt
Description:	PHPFM is susceptible to a remote command execution vulnerability.
Author:	rUnViRuS
Homepage:	http://www.worlddefacers.net
File Size:	361
Last Modified:	Nov 8 17:45:54 2005
MD5 Checksum:	6bd7f4cfdd0c2619d2f9f11e44fbe969

/// File Name:	200511-asterisk.txt
Description:	A vulnerability in the voicemail retrieval system for the Asterisk PBX software allows an authenticated user to download any .wav/.WAV file from the system, including other users' voicemail messages. Versions affected: Asterisk versions 1.0.9 and below, Asterisk Beta versions 1.2.0-beta1 and below, Asterisk @ Home versions 1.5 and below, and Asterisk @ Home Beta versions 2.0 Beta 4 and below.
Author:	Adam Pointon
Homepage:	http://www.assurance.com.au/
File Size:	3541
Last Modified:	Nov 8 17:44:44 2005
MD5 Checksum:	75dd48e0ad893411c13943121f634111

/// File Name:	prdelka-vs-BSD-ptrace.tar.gz
Description:	NetBSD versions 2.1 and below ptrace() local root exploit.
Author:	prdelka
Homepage:	http://prdelka.blackart.org.uk/
File Size:	1706
Last Modified:	Nov 8 17:41:19 2005
MD5 Checksum:	58fd50723dee56fbe36eb241e3a24a3e

/// File Name:	ipb.2.1-english.txt
Description:	Invision Power Board version 2.1 is susceptible to javascript injection and cross site scripting attacks. English version of this advisory translated by Jerome Athias. Exploitation details provided.
Author:	benjilenoob
Homepage:	http://www.redkod.org/
File Size:	2874
Last Modified:	Nov 8 16:51:41 2005
MD5 Checksum:	ff9ecbf8c1b28e47c93b281cd1d1ebd9

/// File Name:	x_dtsuids.pl.txt
Description:	Solaris 10 DtPrintinfo/Session exploit for x86.
Author:	core
File Size:	2103
Last Modified:	Nov 8 16:05:18 2005
MD5 Checksum:	3eac0baa42e886142249fb50bf8cc94b

/// File Name:	ibProArcade.txt
Description:	The ibProArcade module versions 2.x that are commonly used in vBulletin and Invision Power board software are susceptible to SQL injection flaws. Details provided.
Author:	bhfh01
File Size:	608
Last Modified:	Nov 8 15:53:25 2005
MD5 Checksum:	7915f9ca08502f0a0f2bfd7e7f7f1d9a

/// File Name:	zoomblogJS.txt
Description:	Zoomblog is prone to javascript injection attacks due to a lack of properly sanitized IMG tags.
Author:	sikikmail
File Size:	524
Last Modified:	Nov 8 15:51:13 2005
MD5 Checksum:	c1ab7220e53d2e5be996d5b682f3f2b9

/// File Name:	phpWebThings144.txt
Description:	phpWebThings versions 1.4.4 is susceptible to cross site scripting and SQL injection attacks. Detail provided.
Author:	Linux_Drox
Homepage:	http://www.lezr.com/
File Size:	574
Last Modified:	Nov 8 15:44:39 2005
MD5 Checksum:	b52c299a14be835cde0470c85ac330ba

/// File Name:	lnxFTPDssl_warez.c
Description:	linux-ftpd-ssl version 0.17 remote root exploit.
Author:	kcope
File Size:	10885
Last Modified:	Nov 8 15:43:10 2005
MD5 Checksum:	dfca0fc230c74c2aa44559b28c6104b5

/// File Name:	xmbforums.txt
Description:	XMB Forums is susceptible to cross site scripting attacks in u2u.php.
Author:	HACKERS PAL
File Size:	225
Last Modified:	Nov 8 15:38:52 2005
MD5 Checksum:	90e820139f850f7fc8b8517b07067090