Section:  .. / 1001-exploits  /

Page 1 of 21
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 >> Files 1 - 25 of 518
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: trendmicrowd-activex.txt
Description:
TrendMicro Web-Deployment Active-X remote execution proof of concept exploit.
Author:superli
File Size:5961493
Last Modified:Jan 18 01:48:45 2010
MD5 Checksum:83582d2b6cc0c3bc07c7e29d32265fc3

 ///  File Name: 1001-exploits.tgz
Description:
This archive contains all of the 517 exploits added to Packet Storm in January, 2010.
Homepage:http://packetstormsecurity.org/
File Size:1544778
Last Modified:Feb 1 20:35:54 2010
MD5 Checksum:9ce7021d4ddb8b08323b548abf612fd4

 ///  File Name: BusinessObj.pdf
Description:
SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.
Author:Richard Brain
Homepage:http://www.procheckup.com/
File Size:333255
Last Modified:Jan 27 13:57:44 2010
MD5 Checksum:b8ff415b2162a6d51559dbe082d71238

 ///  File Name: adobe-activex.txt
Description:
Adobe GetPlus get_atlcom Active-X remote execution proof of concept exploit.
Author:superli
File Size:329102
Last Modified:Jan 18 01:45:59 2010
MD5 Checksum:f7aae43179790a553b5767466d9cd156

 ///  File Name: KiTrap0D.zip
Description:
Microsoft Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0 exploit.
Author:Tavis Ormandy
Related Exploit:mswinnt-pwn.txt
File Size:327475
Related CVE(s):CVE-2010-0232
Last Modified:Jan 20 19:12:04 2010
MD5 Checksum:5c83e900aa45b2181ae0595a6c90eef6

 ///  File Name: CYBSEC-FreePBXdisclose.pdf
Description:
CYBSEC Security Advisory - FreePBX 2.5.x suffers from an administrator password disclosure vulnerability.
Author:Ivan Huertas
Homepage:http://www.cybsec.com/
File Size:101416
Last Modified:Jan 19 20:27:44 2010
MD5 Checksum:31faa220f5de1185e390d5817479cc7a

 ///  File Name: blackboxes.pdf
Description:
This is a brief whitepaper discussing how to own Blackboxes (typical broadband routers such as SB5120s, SMC Connect, D-Link dcm-202s, Toshiba PCX2600s, and a handful of RCA and Linksys modems).
Author:ShadowHatesYou
File Size:59190
Last Modified:Jan 19 20:50:46 2010
MD5 Checksum:24a0d7f9eb060591cb7b32f48b8ea9fe

 ///  File Name: CYBSEC-FreePBXXSS.pdf
Description:
CYBSEC Security Advisory - FreePBX versions 2.5.x and 2.6.0 suffer from a cross site scripting vulnerability.
Author:Ivan Huertas
Homepage:http://www.cybsec.com/
File Size:57390
Last Modified:Jan 19 20:43:48 2010
MD5 Checksum:b43ef03d6406d43f7306b895b7506013

 ///  File Name: xunlei-activex.txt
Description:
Xunlei XPPlayer ActiveX related remote execution proof of concept exploit.
Author:superli
File Size:51613
Last Modified:Jan 18 01:59:19 2010
MD5 Checksum:7f5e49a3cea9a15a43b5183008a66b8f

 ///  File Name: uusee-poc.zip
Description:
UUSee ReliPlayer 2008 Active-X remote execution proof of concept exploit.
Author:superli
File Size:44104
Last Modified:Jan 8 20:28:14 2010
MD5 Checksum:49aa8ed5fc4374c1a0de0f764dfb147b

 ///  File Name: sop-poc.zip
Description:
SopCast SopCore Active-X Control remote execution proof of concept exploit.
Author:superli
File Size:44100
Last Modified:Jan 8 20:17:28 2010
MD5 Checksum:36058b82b3b45c75237ee9588cb55c3b

 ///  File Name: CYBSEC-FreePBXsql.pdf
Description:
CYBSEC Security Advisory - FreePBX version 2.5.1 suffers from a remote SQL injection vulnerability.
Author:Ivan Huertas
Homepage:http://www.cybsec.com/
File Size:39766
Last Modified:Jan 19 22:16:39 2010
MD5 Checksum:0a874444640c3ffb708b63966806c3a5

 ///  File Name: Sony_Ericsson.rar
Description:
Proof of concept denial of service exploit for the total multimedia features in Sony Ericsson phones.
Author:Aodrulez
File Size:28472
Last Modified:Jan 6 22:50:17 2010
MD5 Checksum:5d803a5f828ba1bec3506c0dd0f9b46b

 ///  File Name: log-inject.txt
Description:
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.
Author:Alessandro Tanasi,Francesco Ongaro,Giovanni Pellerano
Homepage:http://www.ush.it/
File Size:17845
Related CVE(s):CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496
Last Modified:Jan 11 17:57:19 2010
MD5 Checksum:e961c5ac151346754ab8fe4a54fa6e8a

 ///  File Name: htmldoc-overflow.c
Description:
HTMLDOC version 1.9.x-r1629 local .html buffer overflow exploit for Win32.
Author:fl0 fl0w
File Size:17117
Last Modified:Jan 11 17:27:38 2010
MD5 Checksum:9baf734bdf96474f4f1ad797a4bd10b5

 ///  File Name: matlab-overrun.txt
Description:
Matlab R2009b suffers from an array overrun vulnerability that allows for code execution.
Author:Maksymilian Arciemowicz
Homepage:http://securityreason.com/
File Size:14626
Related CVE(s):CVE-2009-0689
Last Modified:Jan 8 20:18:23 2010
MD5 Checksum:920cb06d146e05e246c0868ac759fbcb

 ///  File Name: ms09_004_sp_replwritetovarbin.rb.tx..>
Description:
A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. This exploit smashes several pointers, as shown below. 1. pointer to a 32-bit value that is set to 0 2. pointer to a 32-bit value that is set to a length influenced by the buffer length. 3. pointer to a 32-bit value that is used as a vtable pointer. In MSSQL 2000, this value is referenced with a displacement of 0x38. For MSSQL 2005, the displacement is 0x10. The address of our buffer is conveniently stored in ecx when this instruction is executed. 4. On MSSQL 2005, an additional vtable ptr is smashed, which is referenced with a displacement of 4. This pointer is not used by this exploit. There are two different methods used by this exploit, which have been named "writeNcall" and "sprayNbrute". The first, "writeNcall", was published by k`sOSe on Dec 17 2008. It uses pointers 2 and 3, as well as a writeable address. This method is quite reliable. However, it relies on the the operation on pointer 2. Newer versions of SQL server (>= 2000 SP3 at least) use a length value that is 8-byte aligned. This imposes a restriction that the code address that leads to the payload (jmp ecx in this case) must match the regex '.[08].[08].[08].[08]'. Unfortunately, no such addresses were found in memory. For this reason, the second method, "sprayNbrute" is used. First a heap-spray is used to prime memory with lots of copies of the address of our code that leads to the payload (jmp ecx). Next, brute force is used to try to guess a value for pointer 3 that points to the sprayed data. A new method of spraying the heap inside MSSQL is presented. Sadly, it only allows the creation of a bunch of 8000 byte buffers.
Author:jduck
Homepage:http://www.metasploit.com
File Size:13781
Related OSVDB(s):50589
Related CVE(s):CVE-2008-5416
Last Modified:Jan 5 18:48:01 2010
MD5 Checksum:a6ba5011db5fd353bf27497da463eaa4

 ///  File Name: sketchup.py.txt
Description:
Google SketchUp versions 7.1.6087 and below lib3ds 3DS importer memory corruption exploit.
Author:mr_me
Related File:CORE-2009-1209.txt
File Size:12898
Last Modified:Jan 17 17:36:07 2010
MD5 Checksum:d4fe047fc4d39f8dd79c19ad2df8812d

 ///  File Name: NSOADV-2010-001.txt
Description:
Panda Security suffers from a local privilege escalation vulnerability. Proof of concept code included.
Author:Nikolas Sotiriu
Homepage:http://sotiriu.de/
File Size:12497
Last Modified:Jan 11 15:07:04 2010
MD5 Checksum:905392baaa1a3168d86e52fbf8911106

 ///  File Name: pidgin_exploit.py.txt
Description:
Pidgin MSN versions 2.6.4 and below file download proof of concept exploit.
Author:Mathieu GASPARD
File Size:12146
Related CVE(s):CVE-2010-0013
Last Modified:Jan 19 22:23:58 2010
MD5 Checksum:c3a79df369f819376944d698cfe085bd

 ///  File Name: modproxy-overflow.txt
Description:
Mod_proxy from Apache 1.3 suffers from an integer overflow. Full details and proof of concept provided.
Author:Adam Zabrocki
File Size:11945
Last Modified:Jan 27 13:29:04 2010
MD5 Checksum:0e53eeae7fb95547ed4e285e0d53d28a

 ///  File Name: dotproject-xss.txt
Description:
dotProject version 2.1.3 suffers from a cross site scripting vulnerability.
Author:Justin C. Klein Keane
File Size:11944
Last Modified:Jan 7 16:28:25 2010
MD5 Checksum:925bb8c71c0569143c4bb5325141a21d

 ///  File Name: mswinnt-pwn.txt
Description:
Microsoft Windows suffers from an user mode to ring 0 escalation vulnerability.
Author:Tavis Ormandy
File Size:10770
Related CVE(s):CVE-2010-0232
Last Modified:Jan 19 22:32:17 2010
MD5 Checksum:c93d900c86af294c53bf634faa96fc7c

 ///  File Name: xampp-xssxsrfsqltraversal.txt
Description:
XAMPP versions 1.6.8 and below suffer from cross site request forgery, cross site scripting, path disclosure, remote SQL injection and directory traversal vulnerabilities.
Author:MustLive
File Size:10254
Last Modified:Jan 29 18:21:58 2010
MD5 Checksum:d934d9380ec1f23797936d5bc2f1c657

 ///  File Name: safecentral-unharden-v2.c
Description:
Authentium SafeCentral versions 2.6 and below shdrv.sys local kernel ring0 SYSTEM proof of concept exploit. Version 2 of this exploit.
Author:mu-b
Homepage:http://www.digit-labs.org/
File Size:9915
Last Modified:Jan 17 18:34:18 2010
MD5 Checksum:4bc1701a8953e59e7a82269586643986