Section: .. / 0810-exploits /
| /// File Name: |
celoxis-xss.txt |
Description:
|
The web based project management tool Celoxis is susceptible to cross site scripting vulnerabilities.
| | File Size: | 1803 | | Last Modified: | Oct 1 17:47:14 2008 |
| MD5 Checksum: | 7c59f06267f9a6ced9652f57ec723e2a |
|
| /// File Name: |
Churrasco.zip |
Description:
|
Elevation of privileges proof of concept exploit for Token Kidnapping on Windows 2003.
| | Author: | Cesar Cerrudo | | File Size: | 16744 | | Last Modified: | Oct 9 01:27:44 2008 |
| MD5 Checksum: | a133719375519c641a32b7c2aef28d45 |
|
| /// File Name: |
classifiedads-sql.txt |
Description:
|
Classified Ads Script suffers from a remote SQL injection vulnerability in store_info.php.
| | Author: | Hussin X | | Homepage: | http://www.tryag.cc/ | | File Size: | 1295 | | Last Modified: | Oct 27 17:28:44 2008 |
| MD5 Checksum: | 8dda7866bdddf90b118031b3d17f4c3a |
|
| /// File Name: |
cpanel-lfixss.txt |
Description:
|
Cpanel version 11.x suffers from local file inclusion and cross site scripting vulnerabilities.
| | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | Related Exploit: | cpanel-lfi.txt | | File Size: | 1901 | | Last Modified: | Oct 31 14:45:38 2008 |
| MD5 Checksum: | b2620f52e382ae9d00f9164d327f0f19 |
|
| /// File Name: |
cpcommerce-xss.txt |
Description:
|
cpCommerce suffers from a cross site scripting vulnerability in search.php.
| | Author: | Fabian Fingerle | | File Size: | 1544 | | Related CVE(s): | CVE-2008-4121 | | Last Modified: | Oct 20 16:27:12 2008 |
| MD5 Checksum: | feee9a0f0d47ece9a4b439b613470347 |
|
| /// File Name: |
createdirectory2sysdba.sql |
Description:
|
Proof of concept code that demonstrates how an Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB.
| | Author: | Paul Wright | | Homepage: | http://www.oracleforensics.com/ | | Related File: | create_any_directory_to_sysdba.pdf | | File Size: | 6826 | | Last Modified: | Oct 13 18:38:09 2008 |
| MD5 Checksum: | 0aa995c9603c1c0edc67e8ed52f9a3d3 |
|
| /// File Name: |
cruxgallery-lfi.txt |
Description:
|
Crux Gallery versions 1.32 and below suffer from a local file inclusion vulnerability in index.php.
| | Author: | StAkeR | | File Size: | 757 | | Last Modified: | Oct 1 17:37:19 2008 |
| MD5 Checksum: | 836d49696bda021e8abb2f1d8ec7db14 |
|
| /// File Name: |
cspartner-sql.txt |
Description:
|
CSPartner version 1.0 remote delete all users and SQL injection exploit.
| | Author: | StAkeR | | File Size: | 1183 | | Last Modified: | Oct 23 14:47:48 2008 |
| MD5 Checksum: | 7f17fa097cfd0c323c20f8fbaf3d0c80 |
|
| /// File Name: |
css-read.txt |
Description:
|
CSSH is a proof of concept CSS based history crawler.
| | Author: | Sirdarckcat | | Homepage: | http://www.sirdarckcat.net/ | | File Size: | 4527 | | Last Modified: | Oct 23 15:00:28 2008 |
| MD5 Checksum: | 7e532e9324d03f0f560d11bdc7387a89 |
|
| /// File Name: |
cubecartcms-sql.txt |
Description:
|
This is an old SQL injection vulnerability for CubeCart CMS that has further details on exploitation since the original report surfaced years back.
| | Author: | swappie aka faithlove | | Related Exploit: | cubecart201.txt | | File Size: | 1533 | | Last Modified: | Oct 12 16:26:28 2008 |
| MD5 Checksum: | 901bd6b5ab81e07d465b727228451401 |
|
| /// File Name: |
dbsoftware-multi.txt |
Description:
|
VImpX.ocx version 4.8.8.0 in db Software Laboratory VImpX suffers from a buffer overflow and failures to sanitize data.
| | Author: | shinnai | | Homepage: | http://shinnai.altervista.org/ | | File Size: | 2702 | | Last Modified: | Oct 24 11:45:03 2008 |
| MD5 Checksum: | decacd34930301b529f2205cf71cd35c |
|
| /// File Name: |
debugdiag-null.txt |
Description:
|
DebugDiag suffers from a NULL pointer dereference in CrashHangExt.dll version 1.0.
| | Author: | suN8Hclf | | Homepage: | http://www.dark-coders.pl/ | | File Size: | 1575 | | Last Modified: | Oct 30 19:53:45 2008 |
| MD5 Checksum: | b14d304d78cba454491b7f24622dc0f7 |
|
| /// File Name: |
dffphp-rfi.txt |
Description:
|
DFF PHP Framework API (Data Feed File) suffers from multiple remote file inclusion vulnerabilities.
| | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 844 | | Last Modified: | Oct 8 17:15:51 2008 |
| MD5 Checksum: | 96a8b371b2d4f81a2cb4e8a958f15f36 |
|
| /// File Name: |
discforums-sql.txt |
Description:
|
Discussion Forums 2k version 3.3 suffers from multiple remote SQL injection vulnerabilities.
| | Author: | ~!Dok_tOR!~ | | Homepage: | http://www.antichat.ru/ | | File Size: | 660 | | Last Modified: | Oct 1 17:56:41 2008 |
| MD5 Checksum: | 65da34d2a679a7317dad2a2687f7b183 |
|
| /// File Name: |
djvu-overflow.txt |
Description:
|
DjVu Active-X Control version 3.0 ImageURL property overflow exploit.
| | Author: | Shahriyar Jalayeri | | File Size: | 4012 | | Last Modified: | Oct 30 13:05:06 2008 |
| MD5 Checksum: | d99964958d9d22eaf62dcc8b04a64ba0 |
|
| /// File Name: |
dorsacms-xss.txt |
Description:
|
Dorsa CMS suffers from multiple cross site scripting vulnerabilities.
| | Author: | Pouya Server | | File Size: | 1342 | | Last Modified: | Oct 29 14:03:24 2008 |
| MD5 Checksum: | d10e6b67f7ee382b7902f5e000fb50da |
|
| /// File Name: |
e107-sql.txt |
Description:
|
The alternate_profiles plugin in e107 suffers from a remote SQL injection vulnerability.
| | Author: | boom3rang | | Homepage: | http://www.khq-crew.ws/ | | File Size: | 1656 | | Last Modified: | Oct 27 18:25:22 2008 |
| MD5 Checksum: | 8ca2a1be044c832df99fc4f6a840bae3 |
|
| /// File Name: |
e1070713-blindsql.txt |
Description:
|
e107 versions 0.7.13 and below blind SQL injection exploit that makes use of usersettings.php.
| | Author: | __GiReX__ | | Homepage: | http://girex.altervista.org/ | | File Size: | 6202 | | Last Modified: | Oct 20 19:49:57 2008 |
| MD5 Checksum: | bd0df524f0d3f88a4e8914c99f3ddb67 |
|
| /// File Name: |
e107easyshop-sql.txt |
Description:
|
Remote blind SQL injection exploit for the EasyShop plugin used in e107.
| | Author: | StAkeR | | File Size: | 1296 | | Last Modified: | Oct 27 22:05:59 2008 |
| MD5 Checksum: | 651b478f3e11f74b92d2021d32c05736 |
|
| /// File Name: |
e107fmpro-upload.txt |
Description:
|
Version 1 of the fm pro plugin for e107 suffers from file disclosure, php shell upload, and directory traversal vulnerabilities.
| | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 1158 | | Last Modified: | Oct 29 13:54:30 2008 |
| MD5 Checksum: | 3c0cd759a312359f85351b3ff6a27522 |
|
| /// File Name: |
easynet4ufaq-sql.txt |
Description:
|
Easyney4u FAQ Host suffers from a remote SQL injection vulnerability in faq.php.
| | Author: | SuB-ZeRo | | File Size: | 1077 | | Last Modified: | Oct 11 14:20:16 2008 |
| MD5 Checksum: | 9cc64dc7b6c8489a5010135e78380e25 |
|
| /// File Name: |
easynet4uforum-sql.txt |
Description:
|
Easyney4u Forum Host suffers from a remote SQL injection vulnerability in forum.php.
| | Author: | SuB-ZeRo | | File Size: | 911 | | Last Modified: | Oct 11 14:25:30 2008 |
| MD5 Checksum: | 928f0ddb6926d93238f24b6ee2abd9a8 |
|
| /// File Name: |
easynet4ulink-sql.txt |
Description:
|
Easynet4u Link Host suffers from a remote SQL injection vulnerability in directory.php.
| | Author: | BeyazKurt | | File Size: | 959 | | Last Modified: | Oct 11 14:26:23 2008 |
| MD5 Checksum: | 487c026f6efd6e494e36d7397edd2ab9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
