Section: .. / 0508-exploits /
| /// File Name: |
flat256.html |
Description:
|
FlatNuke version 2.5.6 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 1254 | | Last Modified: | Aug 31 02:51:23 2005 |
| MD5 Checksum: | 11acdd9d2ced8d0e8654998fccb7e62b |
|
| /// File Name: |
fud.html |
Description:
|
Remote code execution exploit for FUD Forum versions 2.7 and below.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | Related File: | fudForum.txt | | File Size: | 1476 | | Last Modified: | Aug 31 02:49:53 2005 |
| MD5 Checksum: | 0a6890ae0ddec4b2fbf9dafb1a53e299 |
|
| /// File Name: |
HP_OV_NNM_RCE.c |
Description:
|
Remote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.
| | Author: | Lympex | | Homepage: | http://l-bytes.net | | File Size: | 3959 | | Last Modified: | Aug 31 02:26:49 2005 |
| MD5 Checksum: | f52cf58231344c9d88f6eb0cd01adc82 |
|
| /// File Name: |
AD20050830.txt |
Description:
|
BNBT EasyTracker is susceptible to a remote denial of service vulnerability when accepting a malformed HTTP request. Demonstration exploit provided. Versions 7.7r3.2004.10.27 and below are affected.
| | Author: | Sowhat | | Homepage: | http://secway.org/advisory/AD20050830.txt | | File Size: | 8779 | | Last Modified: | Aug 31 02:09:09 2005 |
| MD5 Checksum: | 2ac337d4908927ed071926acbb6d4270 |
|
| /// File Name: |
phpldap.html |
Description:
|
phpLDAPadmin versions 0.9.6 through 0.9.7/alpha5 suffer from directory traversal, remote code execution and cross site scripting vulnerabilities. Detailed exploitation provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 1226 | | Last Modified: | Aug 31 02:04:26 2005 |
| MD5 Checksum: | 3a75a213f873a5a71289eba8299c2757 |
|
| /// File Name: |
bfccown.zip |
Description:
|
Proof of concept exploit for the flaws relating to BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.altervista.org | | Related File: | bfccown.txt | | File Size: | 11110 | | Last Modified: | Aug 31 01:50:44 2005 |
| MD5 Checksum: | 0918b1298c512f28393bf9f2d5603a9b |
|
| /// File Name: |
lduSQL.txt |
Description:
|
Land Down Under versions 801 and below suffer from multiple SQL injection vulnerabilities. Full details provided.
| | Author: | matrix_killer | | Homepage: | http://www.h4cky0u.org | | File Size: | 1315 | | Last Modified: | Aug 31 01:45:23 2005 |
| MD5 Checksum: | eb9df365250444e4b536d1fb2e55e3aa |
|
| /// File Name: |
sphpblog_vulns.pl.txt |
Description:
|
Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com | | File Size: | 13229 | | Last Modified: | Aug 31 01:41:06 2005 |
| MD5 Checksum: | d5a02f6fa42800a232858d4f054b1541 |
|
| /// File Name: |
SqWebMail.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
| | Author: | Jakob Balle | | Homepage: | http://www.secunia.com | | File Size: | 3694 | | Last Modified: | Aug 31 01:37:12 2005 |
| MD5 Checksum: | 57470dc10cef0798ea3aec873b6095dd |
|
| /// File Name: |
cosmoshop81078.txt |
Description:
|
Cosmoshop versions 8.10.78 and below suffer from SQL injection flaws, clear text passwords, and directory traversal flaws.
| | Author: | l0om | | Homepage: | http://www.excluded.org | | File Size: | 1466 | | Last Modified: | Aug 31 01:32:48 2005 |
| MD5 Checksum: | 43eb2a684a72cba7453b395b76af5865 |
|
| /// File Name: |
phpfusionXSS2.txt |
Description:
|
PHP-Fusion versions 6.00.107 and below are susceptible to cross site scripting attacks.
| | Author: | slacker4ever_1 | | File Size: | 333 | | Last Modified: | Aug 31 01:24:14 2005 |
| MD5 Checksum: | 899b8a9751b5a4ffdc795c68056c4f44 |
|
| /// File Name: |
autolinks21.txt |
Description:
|
AutoLinks Pro 2.1 suffers from a remote file inclusion vulnerability.
| | Author: | NewAngels Team | | File Size: | 1308 | | Last Modified: | Aug 31 01:22:26 2005 |
| MD5 Checksum: | a9273540bd7022124f6c8cb05c02da63 |
|
| /// File Name: |
lduXSS2.txt |
Description:
|
Land Down Under suffers from cross site scripting vulnerabilities in the signature and topic payloads.
| | Author: | spyMASter | | File Size: | 804 | | Last Modified: | Aug 31 01:18:57 2005 |
| MD5 Checksum: | 38e1144d56f1c9a6cdeb36bb6a7a7238 |
|
| /// File Name: |
mybbSQL.pl.txt |
Description:
|
MyBulletinBoard (MyBB) member.php SQL injection exploit.
| | Author: | W7ED | | File Size: | 1488 | | Last Modified: | Aug 31 01:17:00 2005 |
| MD5 Checksum: | 9274e58ef338ce1541974c525480a669 |
|
| /// File Name: |
multiVulns.txt |
Description:
|
Multiple vulnerabilities have been discovered in various CMS and forum software. e107 suffers from a cross site scripting flaw, Wordpress suffers from a SQL injection flaw, PHPNews suffers from a remote inclusion flaw, phpBB suffers from a SQL injection flaw, Google suffers from a SQL injection flaw, and myspace.com suffers from a user profile defacement flaw. Oh.. and UBB 6.3.2 suffers from a remote code execution flaw.
| | Author: | pacifico, ratboy | | File Size: | 4505 | | Last Modified: | Aug 31 01:15:14 2005 |
| MD5 Checksum: | 0b3cc1bdf7c9bc094938f2cf671a24b5 |
|
| /// File Name: |
phpwebnotes.txt |
Description:
|
phpWebNotes version 2.0.0-pr1 suffers from a remote inclusion vulnerability that may allow for cross site scripting attacks.
| | Author: | Norbert | | File Size: | 871 | | Last Modified: | Aug 28 15:20:45 2005 |
| MD5 Checksum: | 6771a439057aac9e9acef007389b8f28 |
|
| /// File Name: |
lglass20040427.txt |
Description:
|
Exploit for Looking Glass v20040427 arbitrary command execution / cross site scripting vulnerabilities
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 6518 | | Last Modified: | Aug 28 05:31:58 2005 |
| MD5 Checksum: | fc4b3d001799b92df265dce9d88d0b2a |
|
| /// File Name: |
qnx-inputtrap.txt |
Description:
|
QNX inputtrap from QNX RTOS versions 6.3 and 6.1.0 suffers from an arbitrary file read vulnerability.
| | Author: | Julio Cesar Fort | | File Size: | 1640 | | Last Modified: | Aug 25 02:09:10 2005 |
| MD5 Checksum: | 6485b7c7501a5b7eee39fd1c2b6d013c |
|
| /// File Name: |
foojanInject.txt |
Description:
|
Foojan PHP Weblog suffers from an injection flaw when trusting an unsanitized HTTP_REFERER payload.
| | Author: | ali202 | | File Size: | 583 | | Last Modified: | Aug 25 01:16:23 2005 |
| MD5 Checksum: | 8d7c5ecdfa9b64b6f5372f8fa0e32db2 |
|
| /// File Name: |
PaFileDB31SQL.txt |
Description:
|
PaFileDB 3.1 is susceptible to a SQL injection attack that allows for login bypass.
| | Author: | deluxe89, Astovidatu | | Homepage: | http://security-project.org | | File Size: | 1833 | | Last Modified: | Aug 25 01:09:21 2005 |
| MD5 Checksum: | 5ebb7571066d1cee27025c2990ccbf0e |
|
| /// File Name: |
beaXSS.txt |
Description:
|
BEA WebLogic versions 8.1 SP4 and below suffer from a cross site scripting flaw in the Administration console.
| | Author: | GomoR | | Homepage: | http://www.GomoR.org/ | | File Size: | 1433 | | Last Modified: | Aug 25 00:59:40 2005 |
| MD5 Checksum: | 75cb275908dde195433f902633155e90 |
|
| /// File Name: |
onunload.txt |
Description:
|
In nearly all browsers you can overwrite the window location in the 'onunload' event. This has been tested against Firefox, Opera, and Internet Explorer.
| | Author: | Tobias Boonstoppel | | File Size: | 773 | | Last Modified: | Aug 25 00:57:48 2005 |
| MD5 Checksum: | cb19d56d011a3ec5af3696705135f266 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
