Section: .. / 1001-exploits /

Page 3 of 21
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 >> Files 50 - 75 of 518

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	hp_omniinet_2.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.
Author:	EgiX,jduck,riaf
Homepage:	http://www.metasploit.com
File Size:	5265
Related OSVDB(s):	60852
Related CVE(s):	CVE-2009-3844
Last Modified:	Jan 7 01:00:00 2010
MD5 Checksum:	b3687ed374a55ab5d0525a4d749456b8

/// File Name:	ie_aurora.rb.txt
Description:	This Metasploit module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
Homepage:	http://www.metasploit.com
File Size:	5107
Related OSVDB(s):	61697
Related CVE(s):	CVE-2010-0249
Last Modified:	Jan 17 19:21:02 2010
MD5 Checksum:	50ede2e16f7d86132be5262085376217

/// File Name:	civicrm-xss.txt
Description:	CiviCRM version 3.1 Beta 1 suffers from a cross site scripting vulnerabilities.
Author:	Ch3nz,h00die
File Size:	5052
Last Modified:	Jan 13 22:12:56 2010
MD5 Checksum:	64c2faa351f4df88e13cff21097e1e27

/// File Name:	CORELAN-10-005.txt
Description:	The Apple iPhone/iPod Serversman HTTP server version 3.1.5 suffers from a denial of service vulnerability. Proof of concept included.
Author:	mr_me
File Size:	4518
Last Modified:	Jan 27 11:41:29 2010
MD5 Checksum:	29d0bd31b0d0cecdea7a33d8ee1d1577

/// File Name:	SA-20100115-0.txt
Description:	LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.
Author:	Daniel Fabian,Lukas Weichselbaum
Homepage:	http://www.sec-consult.com
File Size:	4486
Last Modified:	Jan 15 20:06:10 2010
MD5 Checksum:	4ea74d7fa9611a6a57792630447e477e

/// File Name:	aqt-overflow.txt
Description:	Apple QuickTime versions 7.2 and 7.3 RTSP buffer overflow exploit.
Author:	Jacky
File Size:	4341
Last Modified:	Jan 6 22:40:30 2010
MD5 Checksum:	a4e4906a81f2d967f8b66729a9a4ec28

/// File Name:	alwjeez-backup.txt
Description:	Alwjeez Host Script database backup exploit.
Author:	alnjm33
File Size:	4288
Last Modified:	Jan 11 15:31:22 2010
MD5 Checksum:	7810f06b6d203100e4320618e65251f3

/// File Name:	rt-sa-2010-002.txt
Description:	During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on the server. Versions 1.4.0.7 and below are affected.
Homepage:	http://www.redteam-pentesting.de/
File Size:	4170
Last Modified:	Jan 27 13:38:36 2010
MD5 Checksum:	3e2c933a8d60fc962fa41f41e23de87e

/// File Name:	datingagentpro-xss.txt
Description:	Dating Agent PRO suffers from cookie manipulation and cross site scripting vulnerabilities.
Author:	indoushka
File Size:	4088
Last Modified:	Jan 3 19:20:53 2010
MD5 Checksum:	144b271aed0fcb41e262410af7389527

/// File Name:	srt_webdrive_priv.rb.txt
Description:	This Metasploit module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River Technologies WebDrive 9.02 build 2232 on Microsoft Windows XP SP3.
Author:	Trancer
Homepage:	http://www.metasploit.com
File Size:	4044
Related OSVDB(s):	59080
Related CVE(s):	CVE-2009-4606
Last Modified:	Jan 27 09:40:54 2010
MD5 Checksum:	8dd714881e063e08a7412de5262a9a84

/// File Name:	aol_phobos_bof.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import()', an attacker can overrun a buffer and execute arbitrary code.
Author:	Trancer
Homepage:	http://www.metasploit.com
File Size:	4004
Last Modified:	Jan 26 02:24:52 2010
MD5 Checksum:	7c391b1026feefd4187822cacfc9f40e

/// File Name:	pmnm3u-overflow.txt
Description:	PlayMeNow suffers from a .m3u playlist file buffer overflow vulnerability.
Author:	bibi-info
File Size:	3940
Last Modified:	Jan 3 20:50:44 2010
MD5 Checksum:	c0a83a1853027cd2aab658ee4401d806

/// File Name:	discuz20-xss.txt
Description:	Discuz version 2.0 suffers from a cross site scripting vulnerability.
Author:	indoushka
File Size:	3929
Last Modified:	Jan 3 23:17:50 2010
MD5 Checksum:	3d8689f153a6de0a996e5946e1e89cd1

/// File Name:	Firefox-PoC.rar
Description:	Firefox version 3.6 XML parser memory corruption proof of concept denial of service exploit.
Author:	d3b4g
File Size:	3912
Last Modified:	Jan 24 15:25:08 2010
MD5 Checksum:	ffd5bdec38a9846d2e6cbed0a398279a

/// File Name:	Opera-PoC.rar
Description:	Opera version 10.10 XML parser denial of service proof of concept exploit.
Author:	d3b4g
File Size:	3898
Last Modified:	Jan 26 02:07:35 2010
MD5 Checksum:	8b552e8a8b1cd15b7605cf0d50eff470

/// File Name:	upphpaw05-shellxss.txt
Description:	Up,Phpaw,05 suffers from cross site scripting and shell upload vulnerabilities.
Author:	indoushka
File Size:	3865
Last Modified:	Jan 4 17:05:39 2010
MD5 Checksum:	b7a994cca0e6b525022b9df4a3f9d1c1

/// File Name:	naxtor-xss.txt
Description:	Naxtor Shopping e-Cart version 1.0 suffers from a cross site scripting vulnerability.
Author:	indoushka
File Size:	3824
Last Modified:	Jan 3 20:48:18 2010
MD5 Checksum:	f1eedee9be0becf52bd6de3ca5bbaae5

/// File Name:	blazeapp-sqlxss.txt
Description:	Blaze Apps versions 1.4.0.051909 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
Author:	AmnPardaz Security Research Team
Homepage:	http://www.bugreport.ir/
File Size:	3743
Last Modified:	Jan 19 22:31:03 2010
MD5 Checksum:	4e3665c7ea3b2aec5a0cdef23f525cb1

/// File Name:	vbulletin401-sql.txt
Description:	vBulletin version 4.0.1 remote SQL injection exploit.
Author:	indoushka
File Size:	3718
Last Modified:	Jan 18 20:42:21 2010
MD5 Checksum:	719d6ddb7d620dcb3d190c48e75a0564

/// File Name:	surgeftp-traversal.txt
Description:	Surge FTP's administrative web interface suffers from an Apache Tomcat 5.5.26 directory traversal vulnerability.
Author:	indoushka
File Size:	3674
Last Modified:	Jan 15 19:09:09 2010
MD5 Checksum:	c6a87528c70e7df93015f603a699819f

/// File Name:	smartvisionsn-sql.txt
Description:	Smart Vision Script News remote SQL injection exploit.
Author:	darkmasking
Related Exploit:	smartvision-sql.txt
File Size:	3650
Last Modified:	Jan 4 18:49:32 2010
MD5 Checksum:	2a20f4de796f49aedbf8938df59bb7f3

/// File Name:	novellcifsafp-dos.txt
Description:	Novell Netware CIFS and AFP suffer from a remote memory consumption denial of service vulnerability. Proof of concept code included.
Author:	Francis Provencher
File Size:	3636
Last Modified:	Jan 5 19:57:11 2010
MD5 Checksum:	9965d60d060d71c9b1dfe90effb12b33

/// File Name:	dodoupload-shell.txt
Description:	Dodo Upload version 1.3 suffers from a shell upload vulnerability.
Author:	indoushka
File Size:	3622
Last Modified:	Jan 13 21:33:42 2010
MD5 Checksum:	c94693e9b8693ff1a50f0f0ad943cf5f

/// File Name:	worldpayss-sql.txt
Description:	WorldPay Script Shop remote SQL injection exploit.
Author:	darkmasking
Related Exploit:	worldpay-sql.txt
File Size:	3619
Last Modified:	Jan 4 18:48:02 2010
MD5 Checksum:	ec80bbd9c400b513607161db49f39f0e

/// File Name:	arab3upload-xss.txt
Description:	arab3 Upload suffers from a cross site scripting vulnerability.
Author:	indoushka
File Size:	3599
Last Modified:	Jan 3 21:06:18 2010
MD5 Checksum:	5742a574ed02b7b1dfc54d6f1c8e3c81