Section: .. / 0508-exploits /
| /// File Name: |
linsql2.c |
Description:
|
linsql2 is an updated version of the command line client for MS-SQL that can execute arbitrary SQL queries and OS commands, when the username/password of the MS-SQL server is known. This version supports the API of the latest freetds library.
| | Author: | solid, herbless | | File Size: | 29720 | | Last Modified: | Aug 5 03:41:56 2005 |
| MD5 Checksum: | b933a852b1dbefb29d1a2d51fac664cb |
|
| /// File Name: |
kavLocalRoot.txt |
Description:
|
Due to the logs directory being 777 by default, Kaspersky AntiVirus 5.5 is susceptible to a local root exploit via a symlink attack. Details are provided.
| | Author: | Dr. Peter Bieringer | | File Size: | 15672 | | Last Modified: | Aug 13 02:56:49 2005 |
| MD5 Checksum: | cb19145c1046533f786fc038e618534f |
|
| /// File Name: |
funkboard066.txt |
Description:
|
FunkBoard version 0.66CF suffers from multiple cross site scripting flaws, remote code execution, and more. Full exploitation details provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 15115 | | Last Modified: | Aug 10 01:33:54 2005 |
| MD5 Checksum: | f4bed4c56ff83694efb27c8e811047bf |
|
| /// File Name: |
HOD-ms05039-pnp-expl.c |
Description:
|
Microsoft Windows Plug-and-Play remote overflow universal exploit that is related to MS05-039. Vulnerable systems include: Microsoft Windows Server 2003 SP1, Microsoft Windows XP SP1 and SP2, and Microsoft Windows 2000 SP4.
| | Author: | houseofdabus | | Related Exploit: | ms05039.c | | File Size: | 14264 | | Related CVE(s): | CAN-2005-1983 | | Last Modified: | Aug 13 03:01:08 2005 |
| MD5 Checksum: | d6dc9aaaab54213702bd9facbedf2e7c |
|
| /// File Name: |
sphpblog_vulns.pl.txt |
Description:
|
Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com | | File Size: | 13229 | | Last Modified: | Aug 31 01:41:06 2005 |
| MD5 Checksum: | d5a02f6fa42800a232858d4f054b1541 |
|
| /// File Name: |
ms05038.c |
Description:
|
Microsoft Internet Explorer COM Object remote file down and execute exploit. Makes use of the vulnerability described in MS05-038.
| | Author: | ZwelL | | Homepage: | http://www.donews.net/zwell | | File Size: | 12345 | | Related CVE(s): | CAN-2005-1990 | | Last Modified: | Aug 12 02:51:35 2005 |
| MD5 Checksum: | 87d23d7995cf25e628a75fa06f9295bc |
|
| /// File Name: |
flatnuke.html |
Description:
|
FlatNuke version 2.5.5 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 11946 | | Last Modified: | Aug 7 01:47:49 2005 |
| MD5 Checksum: | 28e00967d918af40327814729eefae70 |
|
| /// File Name: |
bfccown.zip |
Description:
|
Proof of concept exploit for the flaws relating to BFCC versions 1.22_A and below and BFVCC versions 2.14_B and below.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.altervista.org | | Related File: | bfccown.txt | | File Size: | 11110 | | Last Modified: | Aug 31 01:50:44 2005 |
| MD5 Checksum: | 0918b1298c512f28393bf9f2d5603a9b |
|
| /// File Name: |
lantronixRoot.txt |
Description:
|
Multiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.
| | Author: | c0ntex | | File Size: | 10696 | | Last Modified: | Aug 6 01:58:33 2005 |
| MD5 Checksum: | 8b24a3e766f3d0ae39e6caba270cd4d6 |
|
| /// File Name: |
gravityBad.txt |
Description:
|
Gravity Board X version 1.1 suffers from multiple vulnerabilities that can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or compromise a vulnerable system.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 10106 | | Last Modified: | Aug 10 01:21:11 2005 |
| MD5 Checksum: | aa6af3863ba0fbdd0fe94ab03da43d80 |
|
| /// File Name: |
nbSMTP_fsexp.c |
Description:
|
nbSMTP version 0.99 remote format string exploit. Tested on Slackware Linux 9.0, 10.0, and 10.1.
| | Author: | CoKi | | Homepage: | http://www.nosystem.com.ar | | Related File: | glsa-200508-03.txt | | File Size: | 9664 | | Last Modified: | Aug 6 02:09:25 2005 |
| MD5 Checksum: | 7b03f489ef56c1c6f12b4ebe55f21c9e |
|
| /// File Name: |
AD20050830.txt |
Description:
|
BNBT EasyTracker is susceptible to a remote denial of service vulnerability when accepting a malformed HTTP request. Demonstration exploit provided. Versions 7.7r3.2004.10.27 and below are affected.
| | Author: | Sowhat | | Homepage: | http://secway.org/advisory/AD20050830.txt | | File Size: | 8779 | | Last Modified: | Aug 31 02:09:09 2005 |
| MD5 Checksum: | 2ac337d4908927ed071926acbb6d4270 |
|
| /// File Name: |
JaxXSS.txt |
Description:
|
Various Jax PHP scripts suffer from a multitude of cross site scripting vulnerabilities. Detailed exploitation provided.
| | Author: | Lostmon | | File Size: | 8728 | | Last Modified: | Aug 6 01:50:29 2005 |
| MD5 Checksum: | a6d52131534c3d1d0580eef57b4f42ab |
|
| /// File Name: |
save_yourself_from_savewebportal34...> |
Description:
|
SaveWebPortal 3.4 suffers from remote code execution, admin check bypass, remote file inclusion, and cross site scripting flaws. Full exploitation details provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 8391 | | Last Modified: | Aug 24 00:32:55 2005 |
| MD5 Checksum: | 16d84af2d4d95a3df6ca4779a8b8d97b |
|
| /// File Name: |
backupexec_dump.pm.txt |
Description:
|
Veritas Backup Exec Agent remote file access exploit that makes use of a logic flaw. This exploit is part of the Metasploit framework and works against all current versions of this Agent.
| | File Size: | 8044 | | Last Modified: | Aug 12 03:02:26 2005 |
| MD5 Checksum: | ae93e11c686917a4a9744af5e2f5e9e3 |
|
| /// File Name: |
fudForum.txt |
Description:
|
FUD Forum bulletin board software version 2.6.15 allows for unauthenticated access to messages.
| | Author: | Alexander Heidenreich | | File Size: | 7948 | | Last Modified: | Aug 12 03:10:59 2005 |
| MD5 Checksum: | 5f4359c950138e45d602dfc0f0ff159c |
|
| /// File Name: |
jagoff.txt |
Description:
|
The JaguarControl ActiveX controller suffers from a buffer overflow exploit.
| | Author: | Tacettin Karadeniz | | File Size: | 7186 | | Last Modified: | Aug 17 00:39:41 2005 |
| MD5 Checksum: | 643f8b8022b4e721b3f4964731f4da5a |
|
| /// File Name: |
netquery311.html |
Description:
|
Netquery 3.11 remote command execution proof of concept exploit.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 7124 | | Last Modified: | Aug 24 00:43:42 2005 |
| MD5 Checksum: | 83c1382cfd28ff684814dc00390654d1 |
|
| /// File Name: |
zorum.html |
Description:
|
Zorum 3.5 is susceptible to remote code execution and directory traversal flaws. Exploit included.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 7108 | | Last Modified: | Aug 18 03:45:14 2005 |
| MD5 Checksum: | 75cc26e336a37497f66b8a6459a08d4b |
|
| /// File Name: |
sakeru.txt |
Description:
|
Sakeru version 0.1 is a URL filtering bypass proof of concept tool that takes advantage of weaknesses in Websense, etc.
| | Author: | sinhack research labs | | File Size: | 6956 | | Last Modified: | Aug 17 02:40:28 2005 |
| MD5 Checksum: | 27a51ade94086288debec3a7f8de6f40 |
|
| /// File Name: |
ms05039.c |
Description:
|
Microsoft Windows 2000 Plug and Play universal remote exploit for the flaw discussed in MS05-039.
| | File Size: | 6750 | | Related CVE(s): | CAN-2005-1983 | | Last Modified: | Aug 12 02:56:09 2005 |
| MD5 Checksum: | dfe17f8473ec85618b91a9a7f181675a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
