Section: .. / 0701-exploits /
| /// File Name: |
gmx-xss.txt |
Description:
|
The German free mail provider, GMX, suffers from a cross site scripting vulnerability.
| | Author: | commander keen | | File Size: | 2127 | | Last Modified: | Jan 5 01:57:04 2007 |
| MD5 Checksum: | 92169507c46934f5bd707ff904f8846e |
|
| /// File Name: |
tftpdwin042.txt |
Description:
|
TFTPDWIN version 0.4.2 remote buffer overflow exploit.
| | Author: | acaro | | File Size: | 2095 | | Last Modified: | Jan 15 22:29:45 2007 |
| MD5 Checksum: | 99964cb405827681deff02aa17331ce9 |
|
| /// File Name: |
devc4992.py.txt |
Description:
|
Dev-C++ version 4.9.9.2 CPP file parsing local stack overflow proof of concept exploit.
| | Author: | shinnai | | Homepage: | http://shinnai.altervista.org/ | | File Size: | 1983 | | Last Modified: | Jan 30 23:09:05 2007 |
| MD5 Checksum: | 3b200e9a5cfbe00a7c1ee6305f3aab23 |
|
| /// File Name: |
MOAB-14-01-2007.c |
Description:
|
Month of Apple Bugs - Proof of concept exploit for the _ATPsndrsp function. The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1894 | | Related CVE(s): | CVE-2007-0236 | | Last Modified: | Jan 19 22:09:05 2007 |
| MD5 Checksum: | d8a22e613c075522ee7d1a0b3bdf1403 |
|
| /// File Name: |
MOAB-28-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1848 | | Related CVE(s): | CVE-2007-0467 | | Last Modified: | Jan 29 11:59:01 2007 |
| MD5 Checksum: | d2a1cdd08b0f39cc9d815a3572650b30 |
|
| /// File Name: |
googlePwned.txt |
Description:
|
It is possible to access Google's blacklisted URL database which contains some juicy real logins and passwords.
| | Author: | Rajesh Sethumadhavan | | Homepage: | http://www.xdisclose.com/ | | File Size: | 1820 | | Last Modified: | Jan 3 21:52:00 2007 |
| MD5 Checksum: | a57451a6327efff092a654acb6b30374 |
|
| /// File Name: |
lcs11-rfi.txt |
Description:
|
Local Calendar System version 1.1 suffers from a remote file inclusion flaw.
| | Author: | Tr_ZiNDaN | | File Size: | 1796 | | Last Modified: | Jan 29 11:29:32 2007 |
| MD5 Checksum: | c1397db7851ddeaef4bb0baff9e654ad |
|
| /// File Name: |
adv62-y3dips-2007.txt |
Description:
|
Upload Service version 1.0 suffers from a remote file inclusion flaw.
| | Author: | y3dips | | Homepage: | http://echo.or.id/ | | File Size: | 1787 | | Last Modified: | Jan 24 01:42:09 2007 |
| MD5 Checksum: | 6d3348f6b4f7cb170691af62ef746048 |
|
| /// File Name: |
phpxd03-rfi.txt |
Description:
|
phpXD versions 0.3 and below remote file inclusion exploit.
| | Author: | Dr Max Virus | | File Size: | 1714 | | Last Modified: | Jan 24 00:09:45 2007 |
| MD5 Checksum: | 72fb1eb373124bdab06b785a4cf82561 |
|
| /// File Name: |
ebp2x-rfi.txt |
Description:
|
Easy Banner Pro version 2.x suffers from a remote file inclusion vulnerability.
| | Author: | rUnViRuS | | Homepage: | http://www.sec-area.com/ | | File Size: | 1684 | | Last Modified: | Jan 13 17:51:32 2007 |
| MD5 Checksum: | 2ff922507439118ead78bc86c203e733 |
|
| /// File Name: |
tlm-rfi.txt |
Description:
|
TLM CMS versions 1.1 and below suffer from a remote file inclusion vulnerability.
| | Author: | GolD_M | | File Size: | 1681 | | Last Modified: | Jan 13 19:01:05 2007 |
| MD5 Checksum: | eda173b0a50608ae27ba01a380445f34 |
|
| /// File Name: |
cmsms102-xss.txt |
Description:
|
CMS Made Simple version 1.0.2 suffers from multiple cross site scripting vulnerabilities.
| | Author: | nanoymaster | | Homepage: | http://www.nanoy.org/ | | File Size: | 1605 | | Last Modified: | Jan 5 03:00:15 2007 |
| MD5 Checksum: | 45b660cfd50cbfca60bd1965aa475e17 |
|
| /// File Name: |
lmmhi-xss.txt |
Description:
|
Login Manager version 3.0 suffers from cross site scripting and SQL injection flaws.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1536 | | Last Modified: | Jan 23 22:54:27 2007 |
| MD5 Checksum: | 1f64f390ba8100bc42f0664757c05707 |
|
| /// File Name: |
pdf-xss.txt |
Description:
|
It appears that PDF has a flaw in it that allows arbitrary javascript to be executed.
| | Author: | petko d. petkov | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 1527 | | Last Modified: | Jan 3 21:57:05 2007 |
| MD5 Checksum: | c3a253982d48edc846cc9203972f3cb2 |
|
| /// File Name: |
MOAB-22-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1510 | | Related CVE(s): | CVE-2007-0023 | | Last Modified: | Jan 24 00:24:54 2007 |
| MD5 Checksum: | 0822f8f385381a6dada4f24b194e032f |
|
| /// File Name: |
MOAB-18-01-2007.rb.txt |
Description:
|
Month of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.
| | Author: | LMH,Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/ | | File Size: | 1448 | | Related CVE(s): | CVE-2007-0019 | | Last Modified: | Jan 19 22:17:46 2007 |
| MD5 Checksum: | f346f828f0229f5d5c055f66c3cc0e16 |
|
| /// File Name: |
mybloggie215-xss.txt |
Description:
|
myBloggie version 2.1.5 is susceptible to cross site scripting attacks.
| | Author: | CorryL | | Homepage: | http://www.x0n3-h4ck.org | | File Size: | 1427 | | Last Modified: | Jan 19 20:40:26 2007 |
| MD5 Checksum: | 748ad0ef345953a0fe74ecf6b9ea2c1c |
|
| /// File Name: |
VLCMediaSlayer-x86.pl.txt |
Description:
|
Month Of Apple Bugs - A vulnerability in the handling of the udp:// URL handler for the VLC Media Player allows remote arbitrary code execution. This exploit will create a malicious .m3u file that will cause VLC Player for OSX to execute arbitrary code.
| | Author: | LMH, Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/index.html | | File Size: | 1422 | | Related CVE(s): | CVE-2007-0017 | | Last Modified: | Jan 4 03:15:18 2007 |
| MD5 Checksum: | 7be8a31aa5f26b9929610d23d102a6bc |
|
| /// File Name: |
mpsw-rfi.txt |
Description:
|
The Magic Photo Storage website suffers from a remote file inclusion vulnerability.
| | Author: | k1tk4t | | File Size: | 1406 | | Last Modified: | Jan 13 16:57:30 2007 |
| MD5 Checksum: | c874f011c71475bc4ea69e02693e9658 |
|
| /// File Name: |
ashopcom-xss.txt |
Description:
|
Ashop Commerce suffers from multiple cross site scripting vulnerabilities.
| | Author: | DoZ | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1398 | | Last Modified: | Jan 1 22:10:24 2007 |
| MD5 Checksum: | 7b63705346ac3a4050db334c4c17e528 |
|
| /// File Name: |
avm-traversal.txt |
Description:
|
The AR7 webserver included in the AVM UPNP service for windows suffers from a directory traversal flaw.
| | Author: | DPR | | File Size: | 1380 | | Last Modified: | Jan 19 20:24:32 2007 |
| MD5 Checksum: | 4096d42a11e6cad95b7283a6c55cbdc4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
