Section: .. / 0701-exploits /
| /// File Name: |
uniqueads-sql.txt |
Description:
|
Unique Ads aka UDS version 1.x suffers from SQL injection flaws.
| | Author: | Linux_Drox | | Homepage: | http://www.LeZr.com | | File Size: | 291 | | Last Modified: | Jan 23 23:05:48 2007 |
| MD5 Checksum: | e1f17d1f6a38bfc7bfd649962cae265b |
|
| /// File Name: |
gb400-xss.txt |
Description:
|
Guestbook version 4.00 beta by 212cafe.com is susceptible to cross site scripting attacks.
| | Author: | Linux_Drox | | Homepage: | http://www.LeZr.Com/vb | | File Size: | 344 | | Last Modified: | Jan 23 23:04:50 2007 |
| MD5 Checksum: | 10623ba368921a2820400fae5f25cacf |
|
| /// File Name: |
212cafeboard-xss.txt |
Description:
|
212cafeBoard version 0.08 Beta and 6.30 Beta are susceptible to cross site scripting attacks.
| | Author: | Linux_Drox | | Homepage: | http://www.LeZr.Com/vb | | File Size: | 616 | | Last Modified: | Jan 23 23:04:00 2007 |
| MD5 Checksum: | d2a92acabec410cacf7c6ee7ec91293b |
|
| /// File Name: |
cmsimple27-rfi.txt |
Description:
|
cmsimple version 2.7 suffers from multiple remote file inclusion vulnerabilities.
| | Author: | Alkomandoz | | File Size: | 1008 | | Last Modified: | Jan 23 23:00:41 2007 |
| MD5 Checksum: | 9d71b2a9beaa7c3922282824c1db1410 |
|
| /// File Name: |
da-adv-01202007.txt |
Description:
|
Digital Armaments Advisory - A vulnerability exists in expand_stack() of the grsecurity patch. This vulnerability is only locally exploitable. Proof of concept exploitation code included.
| | Homepage: | http://www.digitalarmaments.com/ | | File Size: | 5567 | | Last Modified: | Jan 23 22:57:26 2007 |
| MD5 Checksum: | cd2196f40f3a5d1d05ba2441bac61e19 |
|
| /// File Name: |
paypal-inject.txt |
Description:
|
The PayPal Subscription Manager suffers from cross site scripting and SQL injection flaws.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1321 | | Last Modified: | Jan 23 22:55:16 2007 |
| MD5 Checksum: | 12d26a70beadc998e42fa9b36ecc28db |
|
| /// File Name: |
lmmhi-xss.txt |
Description:
|
Login Manager version 3.0 suffers from cross site scripting and SQL injection flaws.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1536 | | Last Modified: | Jan 23 22:54:27 2007 |
| MD5 Checksum: | 1f64f390ba8100bc42f0664757c05707 |
|
| /// File Name: |
hpj-x01.cpp |
Description:
|
Proof of concept exploit for the .HPJ project file buffer overflow vulnerability in Microsoft Help Workshop version 4.03.0002.
| | Author: | porkythepig | | Related File: | mhw-hpj.txt | | File Size: | 4474 | | Last Modified: | Jan 19 23:03:01 2007 |
| MD5 Checksum: | 985cc677cb0570fada5a101f554777df |
|
| /// File Name: |
cacti086i-remote.txt |
Description:
|
Cacti versions 0.8.6i and below remote injection exploit that makes use of cmd.php and allows for arbitrary code execution.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 5356 | | Last Modified: | Jan 19 22:50:37 2007 |
| MD5 Checksum: | 63f152f8e622cf7721ee603df77032d2 |
|
| /// File Name: |
intel-pwn.c |
Description:
|
Intel Centrino ipw2200 wireless driver remote overflow proof of concept exploit.
| | Author: | Giuseppe Gottardi | | File Size: | 3311 | | Last Modified: | Jan 19 22:46:27 2007 |
| MD5 Checksum: | c34e734af71d473ed79bf8b23c3da260 |
|
| /// File Name: |
arsdigita-traverse.txt |
Description:
|
Ars Digita Community System (ACS) versions 3.4.10 and below suffer from a directory traversal vulnerability.
| | Author: | Elliot Kendall | | File Size: | 2517 | | Last Modified: | Jan 19 22:36:56 2007 |
| MD5 Checksum: | bccdd934e449d00f30ebc95270f1c1bb |
|
| /// File Name: |
sabros17-xss.txt |
Description:
|
sabros.us version 1.7 is susceptible to a cross site scripting vulnerability.
| | Author: | CorryL | | Homepage: | http://www.x0n3-h4ck.org | | File Size: | 1137 | | Last Modified: | Jan 19 22:33:07 2007 |
| MD5 Checksum: | 956a4b877bc8ecf1a1a893b75459ad6c |
|
| /// File Name: |
prdelka-vs-GNU-mbsebbs.c |
Description:
|
GNU/Linux mbse-bbs versions 0.70.0 and below local root exploit that makes use of a stack overflow.
| | Author: | prdelka | | Homepage: | https://prdelka.blackart.org.uk/ | | File Size: | 2374 | | Last Modified: | Jan 19 22:29:43 2007 |
| MD5 Checksum: | ceb4aa8738a2e9e9172391ee528ad4f4 |
|
| /// File Name: |
MOAB-18-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1448 | | Related CVE(s): | CVE-2007-0019 | | Last Modified: | Jan 19 22:17:46 2007 |
| MD5 Checksum: | f346f828f0229f5d5c055f66c3cc0e16 |
|
| /// File Name: |
MOAB-17-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1101 | | Last Modified: | Jan 19 22:16:28 2007 |
| MD5 Checksum: | 4e5ef169ae8d60a1ea2d97be091df8b0 |
|
| /// File Name: |
MOAB-16-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 2324 | | Last Modified: | Jan 19 22:14:45 2007 |
| MD5 Checksum: | cdd6c9e0e59a872c2790c1ee93429dcd |
|
| /// File Name: |
MOAB-15-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - Proof of concept exploit for a local privilege escalation vulnerability on Mac OS X. Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 2520 | | Last Modified: | Jan 19 22:11:37 2007 |
| MD5 Checksum: | 6762c468a26eb0f93504c63d879495d9 |
|
| /// File Name: |
MOAB-14-01-2007.c |
Description:
|
Month of Apple Bugs - Proof of concept exploit for the _ATPsndrsp function. The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1894 | | Related CVE(s): | CVE-2007-0236 | | Last Modified: | Jan 19 22:09:05 2007 |
| MD5 Checksum: | d8a22e613c075522ee7d1a0b3bdf1403 |
|
| /// File Name: |
MOAB-13-01-2007.dmg.gz |
Description:
|
Month of Apple Bugs - This is a specially crafted HFS+ filesystem in a DMG image that can cause the do_hfs_truncate() function to panic the kernel (denial of service), when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+ filesystems corruption.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 209464 | | Related CVE(s): | CVE-2006-5482 | | Last Modified: | Jan 19 22:07:28 2007 |
| MD5 Checksum: | bfca8d4401098b7bcee7f1364f4cf014 |
|
| /// File Name: |
cnt-exploit.txt |
Description:
|
There is a stack based memory corruption flaw in Microsoft Help Workshop version 4.03.0002 while processing .CNT Help Contents files.
| | Author: | porkythepig | | File Size: | 6450 | | Last Modified: | Jan 19 20:42:50 2007 |
| MD5 Checksum: | 764820ba9625e1d14bd44980b62d86a6 |
|
| /// File Name: |
mybloggie215-xss.txt |
Description:
|
myBloggie version 2.1.5 is susceptible to cross site scripting attacks.
| | Author: | CorryL | | Homepage: | http://www.x0n3-h4ck.org | | File Size: | 1427 | | Last Modified: | Jan 19 20:40:26 2007 |
| MD5 Checksum: | 748ad0ef345953a0fe74ecf6b9ea2c1c |
|
| /// File Name: |
oracle--isa-xss.txt |
Description:
|
The Oracle Reports Web Cartridge (RWCGI60) is susceptible to cross site scripting vulnerabilities.
| | Author: | Vicente Aguilera Diaz | | File Size: | 3197 | | Last Modified: | Jan 19 20:38:57 2007 |
| MD5 Checksum: | 65270c446e599966e5729e8f948b2d04 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
