Section: .. / 0801-exploits /
| /// File Name: |
yasslick.zip |
Description:
|
Proof of concept code that demonstrates invalid memory access and buffer overflow vulnerabilities in yaSSL versions 1.75 and below.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related File: | yasslick.txt | | File Size: | 7813 | | Last Modified: | Jan 4 20:23:20 2008 |
| MD5 Checksum: | a33ae8f79e61ca61b15b6ccb143cf840 |
|
| /// File Name: |
ibproarcade-sql.txt |
Description:
|
ibProArcade versions 3.3.0 and below remote SQL injection exploit.
| | Author: | 1dt.w0lf | | Homepage: | http://rst.void.ru | | File Size: | 7511 | | Last Modified: | Jan 30 19:17:07 2008 |
| MD5 Checksum: | 7070a05ab2596375cb435fb574ccf878 |
|
| /// File Name: |
imageshack-poc.txt |
Description:
|
ImageShack Toolbar version 4.5.7 FileUploader class insecure method proof of concept exploit.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 7445 | | Last Modified: | Jan 25 03:13:57 2008 |
| MD5 Checksum: | c9f37eec01b1afe5e9d468d0050e0b65 |
|
| /// File Name: |
setcms365-exec.txt |
Description:
|
SetCMS version 3.6.5 remote code execution exploit that makes use of functions.php.
| | Author: | 1dt.w0lf | | Homepage: | http://rst.void.ru | | File Size: | 6935 | | Last Modified: | Jan 23 23:20:36 2008 |
| MD5 Checksum: | 328ee597f6bfd29f403bf053dd119b35 |
|
| /// File Name: |
safenet-ipsec-call.c |
Description:
|
Safenet IPSecDrv.sys versions 10.4.0.12 and below local kernel ring() SYSTEM exploit.
| | Author: | mu-b | | File Size: | 6920 | | Last Modified: | Jan 29 21:31:06 2008 |
| MD5 Checksum: | 7302c5a3e8c3d40fe5a04bbb874d842b |
|
| /// File Name: |
myphp30-sql.txt |
Description:
|
MyPHP Forum versions 3.0 and below suffer from multiple SQL injection vulnerabilities.
| | Author: | The:Paradox | | Homepage: | http://www.inj3ct-it.org/ | | File Size: | 6894 | | Last Modified: | Jan 3 13:19:31 2008 |
| MD5 Checksum: | 639a2407db743221b057dfe6e87346ca |
|
| /// File Name: |
myspaceup-overflow.txt |
Description:
|
MySpace Uploader buffer overflow exploit that makes use of MySpaceUploader.ocx version 1.0.0.4.
| | Author: | Elazar Broad | | File Size: | 6781 | | Last Modified: | Jan 31 21:02:08 2008 |
| MD5 Checksum: | 0e31c8e9f1f741f08a782e73534231cf |
|
| /// File Name: |
lycos-overflow.txt |
Description:
|
Lycos FileUploader Control buffer overflow exploit that can bind a shell to port 4444.
| | Author: | Elazar Broad | | File Size: | 6759 | | Last Modified: | Jan 24 00:12:31 2008 |
| MD5 Checksum: | af4cbaa2f63f150989aeb96121f5f9cd |
|
| /// File Name: |
gateway-overflow.txt |
Description:
|
Gateway WebLaunch ActiveX remote buffer overflow exploit with calc.exe and port binding shellcode.
| | Author: | Elazar Broad | | File Size: | 6739 | | Last Modified: | Jan 25 03:13:06 2008 |
| MD5 Checksum: | dd2662e9d783419b08e0da7a21538b2a |
|
| /// File Name: |
persits-overflow.txt |
Description:
|
Persits XUpload version 3.0 AddFile() remote buffer overflow exploit with calc.exe and port binding shellcode.
| | Author: | Elazar Broad | | File Size: | 6711 | | Last Modified: | Jan 25 19:03:56 2008 |
| MD5 Checksum: | 650bca174ccc4f7ea2d42f26f1d7e237 |
|
| /// File Name: |
movenet-overflow.txt |
Description:
|
Move Networks Upgrade Manager Control buffer overflow exploit with calc.exe and port binding shellcode.
| | Author: | Elazar Broad | | File Size: | 6697 | | Last Modified: | Jan 25 03:12:04 2008 |
| MD5 Checksum: | a58074d9d40dae3928f1dc08f00dcc2c |
|
| /// File Name: |
flexbb-sql.txt |
Description:
|
FlexBB versions 0.6.3 and below cookie stealing remote SQL injection exploit.
| | Author: | Eugene Minaev | | Homepage: | http://itdefence.ru/ | | File Size: | 6652 | | Last Modified: | Jan 7 14:16:01 2008 |
| MD5 Checksum: | 3b4c04eeeaeccdaa33c9551e94d27429 |
|
| /// File Name: |
apachemodneg-splitxss.txt |
Description:
|
mod_negotiation as shipped with Apache versions 1.3.39 and below, 2.0.61 and below, and 2.2.6 and below suffers from cross site scripting and http response splitting vulnerabilities.
| | Author: | Stefano Di Paola | | Homepage: | http://www.mindedsecurity.com/ | | File Size: | 6523 | | Last Modified: | Jan 22 19:01:44 2008 |
| MD5 Checksum: | e18caed342360e46f868a14e0dd9a259 |
|
| /// File Name: |
levelone-root.txt |
Description:
|
The Level-One WBR-3460A firmware versions 1.00.11 and 1.00.12 suffer from a remote root compromise vulnerability due to unrestricted access via telnetd.
| | Author: | Anastasios Monachos | | File Size: | 6262 | | Last Modified: | Jan 8 11:54:52 2008 |
| MD5 Checksum: | e6cd692180e1b1c7473e52022086d9d9 |
|
| /// File Name: |
PortalApp40.txt |
Description:
|
PortalApp version 4.0 is susceptible to SQL injection and cross site scripting vulnerabilities.
| | Author: | r3dm0v3 | | Homepage: | http://r3dm0v3.persianblog.ir/ | | File Size: | 6250 | | Last Modified: | Jan 6 19:42:02 2008 |
| MD5 Checksum: | 2149eb3f42dec44f908df87d4f05a3c1 |
|
| /// File Name: |
msvis-dsr.txt |
Description:
|
Microsoft Visual Basic Enterprise Edition version 6 SP6 .dsr file handling buffer overflow exploit.
| | Author: | shinnai | | Homepage: | http://shinnai.altervista.org/ | | File Size: | 6171 | | Last Modified: | Jan 18 19:50:54 2008 |
| MD5 Checksum: | 4e4357996f33a74f3579997717ee4858 |
|
| /// File Name: |
smallnuke-sql.txt |
Description:
|
SmallNuke versions 2.0.4 and below password recovery remote SQL injection exploit.
| | Author: | Eugene Minaev | | Homepage: | http://itdefence.ru/ | | File Size: | 5794 | | Last Modified: | Jan 8 12:09:10 2008 |
| MD5 Checksum: | c12f052e8e4031623f7a2262f4756f63 |
|
| /// File Name: |
CORE-2007-1106.txt |
Description:
|
Core Security Technologies Advisory - The vdccm daemon from SynCE version 0.92 is susceptible to a remote command injection vulnerability. Proof of concept code included.
| | Author: | Alfredo Ortega, Oren Isacson | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 5751 | | Last Modified: | Jan 7 16:02:07 2008 |
| MD5 Checksum: | 1655c1e06c6c7900d54c01c00c885bc4 |
|
| /// File Name: |
siteatschool-sql.txt |
Description:
|
Site@School versions 2.3.10 and below remote blind SQL injection exploit that makes use of slideshow_full.php.
| | Author: | EgiX | | File Size: | 5459 | | Last Modified: | Jan 3 13:20:40 2008 |
| MD5 Checksum: | cf226e79e0df10aab83c93d9b8206a7b |
|
| /// File Name: |
taskfreak-sql.txt |
Description:
|
TaskFreak! versions 0.6.1 and below suffer form a remote SQL injection vulnerability.
| | Homepage: | http://thedefaced.org/ | | File Size: | 5400 | | Last Modified: | Jan 12 19:01:35 2008 |
| MD5 Checksum: | 2abed647096811a4a10a240d879fdc67 |
|
| /// File Name: |
eggblog310-sql.txt |
Description:
|
Eggblog versions 3.1.0 and below cookie stealing remote SQL injection exploit.
| | Author: | Eugene Minaev | | Homepage: | http://itdefence.ru/ | | File Size: | 5364 | | Last Modified: | Jan 7 14:19:12 2008 |
| MD5 Checksum: | 84551c02c0216357e58a10e2b7d77a5a |
|
| /// File Name: |
halflife-dos.txt |
Description:
|
Half-Life CSTRIKE Server version 1.6 denial of service exploit.
| | Author: | Eugene Minaev | | Homepage: | http://itdefence.ru/ | | File Size: | 5222 | | Last Modified: | Jan 6 19:47:22 2008 |
| MD5 Checksum: | 2bd996f70a611cf86b13e17a613c1245 |
|
| /// File Name: |
phpnuke80final-sql.txt |
Description:
|
PHP-Nuke versions 8.0 FINAL and below remote SQL injection exploit.
| | Author: | 1dt.w0lf, Foster | | Homepage: | http://rst.void.ru | | File Size: | 5204 | | Last Modified: | Jan 23 23:41:55 2008 |
| MD5 Checksum: | b376db7185da657da9ea991285912280 |
|
| /// File Name: |
phpkit-xsrf.txt |
Description:
|
PHPKIT version 1.6.4 PL1 suffers from multiple cross site request forgery vulnerabilities.
| | Author: | NBBN | | File Size: | 5186 | | Last Modified: | Jan 29 22:15:20 2008 |
| MD5 Checksum: | 74f2333a37d46569cde3a89d3ea816e6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
