Section: .. / 0508-exploits /
| /// File Name: |
phpfreenews140.txt |
Description:
|
PHPFreeNews versions 1.40 and below are susceptible to SQL injection and cross site scripting attacks.
| | Author: | matrix killer, h4cky0u | | Homepage: | http://www.h4cky0u.org | | File Size: | 2808 | | Last Modified: | Aug 18 03:30:54 2005 |
| MD5 Checksum: | 678d0e34a1a7e5546aa2cd24aa7be7dd |
|
| /// File Name: |
phpfusionXSS2.txt |
Description:
|
PHP-Fusion versions 6.00.107 and below are susceptible to cross site scripting attacks.
| | Author: | slacker4ever_1 | | File Size: | 333 | | Last Modified: | Aug 31 01:24:14 2005 |
| MD5 Checksum: | 899b8a9751b5a4ffdc795c68056c4f44 |
|
| /// File Name: |
phpkit161.txt |
Description:
|
PHPKit 1.6.1 suffers from various SQL and PHP injection attacks.
| | Author: | phuket | | File Size: | 1278 | | Last Modified: | Aug 24 03:15:38 2005 |
| MD5 Checksum: | 1e06c82655f6a9df83e573597bc58690 |
|
| /// File Name: |
phpldap.html |
Description:
|
phpLDAPadmin versions 0.9.6 through 0.9.7/alpha5 suffer from directory traversal, remote code execution and cross site scripting vulnerabilities. Detailed exploitation provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 1226 | | Last Modified: | Aug 31 02:04:26 2005 |
| MD5 Checksum: | 3a75a213f873a5a71289eba8299c2757 |
|
| /// File Name: |
phptb20.txt |
Description:
|
PHPTB Topic Boards 2.0 is susceptible to a SQL injection attack.
| | Author: | aLMaSTeR HaCKeR | | File Size: | 593 | | Last Modified: | Aug 17 01:00:23 2005 |
| MD5 Checksum: | 58075d11875a9ffbfaccd264fc4f6380 |
|
| /// File Name: |
phptbInject.txt |
Description:
|
PHPTB versions 2.0 and below suffer from multiple PHP injection flaws.
| | Author: | Filip Groszynski | | File Size: | 1843 | | Last Modified: | Aug 18 02:58:47 2005 |
| MD5 Checksum: | f161d2f673c45c1b9acff4b010f0ef79 |
|
| /// File Name: |
phpwebnotes.txt |
Description:
|
phpWebNotes version 2.0.0-pr1 suffers from a remote inclusion vulnerability that may allow for cross site scripting attacks.
| | Author: | Norbert | | File Size: | 871 | | Last Modified: | Aug 28 15:20:45 2005 |
| MD5 Checksum: | 6771a439057aac9e9acef007389b8f28 |
|
| /// File Name: |
PortailPHP.txt |
Description:
|
PortailPHP 2.4 allows for SQL injection attacks.
| | Author: | Abducter | | File Size: | 955 | | Last Modified: | Aug 5 03:54:04 2005 |
| MD5 Checksum: | 8d9c05c26e0316e763484783b8947b19 |
|
| /// File Name: |
qnx-inputtrap.txt |
Description:
|
QNX inputtrap from QNX RTOS versions 6.3 and 6.1.0 suffers from an arbitrary file read vulnerability.
| | Author: | Julio Cesar Fort | | File Size: | 1640 | | Last Modified: | Aug 25 02:09:10 2005 |
| MD5 Checksum: | 6485b7c7501a5b7eee39fd1c2b6d013c |
|
| /// File Name: |
quickDoS.txt |
Description:
|
Quick'n'Easy FTP server 3.0 pro and lite suffer from a remote buffer overflow vulnerability that can result in a denial of service.
| | Author: | matiteman | | File Size: | 1189 | | Last Modified: | Aug 5 02:52:51 2005 |
| MD5 Checksum: | 3d12df00cbada7c7534f5d4d49f8f8b3 |
|
| /// File Name: |
rsaXSS.txt |
Description:
|
Definition of irony: Three cross site scripting vulnerabilities have been discovered in the RSA Security Blog entitled "Speaking of Security".
| | Author: | Rodrigo Gutierrez | | File Size: | 1275 | | Last Modified: | Aug 15 01:05:37 2005 |
| MD5 Checksum: | 1d0636b787b9e7133990aaf3e0fd0cbe |
|
| /// File Name: |
sakeru.txt |
Description:
|
Sakeru version 0.1 is a URL filtering bypass proof of concept tool that takes advantage of weaknesses in Websense, etc.
| | Author: | sinhack research labs | | File Size: | 6956 | | Last Modified: | Aug 17 02:40:28 2005 |
| MD5 Checksum: | 27a51ade94086288debec3a7f8de6f40 |
|
| /// File Name: |
save_yourself_from_savewebportal34...> |
Description:
|
SaveWebPortal 3.4 suffers from remote code execution, admin check bypass, remote file inclusion, and cross site scripting flaws. Full exploitation details provided.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 8391 | | Last Modified: | Aug 24 00:32:55 2005 |
| MD5 Checksum: | 16d84af2d4d95a3df6ca4779a8b8d97b |
|
| /// File Name: |
silvernews203.txt |
Description:
|
Silvernews versions 2.0.3 and below suffer from SQL injection, login bypass, remote command execution, and cross site scripting flaws.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 1403 | | Last Modified: | Aug 5 03:45:38 2005 |
| MD5 Checksum: | cd2b1d924a6824ef896db080f1dc72d7 |
|
| /// File Name: |
solaris_lpd_unlink.pm.txt |
Description:
|
This Metasploit module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simple delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
| | Author: | H D Moore, Optyx | | File Size: | 3736 | | Last Modified: | Aug 24 05:33:23 2005 |
| MD5 Checksum: | c354cbe8ad5502700d7c12a89411d670 |
|
| /// File Name: |
sphpblog_vulns.pl.txt |
Description:
|
Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com | | File Size: | 13229 | | Last Modified: | Aug 31 01:41:06 2005 |
| MD5 Checksum: | d5a02f6fa42800a232858d4f054b1541 |
|
| /// File Name: |
SqWebMail.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.
| | Author: | Jakob Balle | | Homepage: | http://www.secunia.com | | File Size: | 3694 | | Last Modified: | Aug 31 01:37:12 2005 |
| MD5 Checksum: | 57470dc10cef0798ea3aec873b6095dd |
|
| /// File Name: |
vegadns-dyn0.txt |
Description:
|
VegaDNS suffers from a cross site scripting flaw, amongst others.
| | Author: | dyn0 | | Homepage: | http://0xdeadface.co.uk | | File Size: | 964 | | Last Modified: | Aug 10 01:22:56 2005 |
| MD5 Checksum: | d2a1b335b860cf7775deef38a3410981 |
|
| /// File Name: |
wagora240.txt |
Description:
|
w-agora versions 4.2.0 and below suffer from directory traversal attacks.
| | Author: | matrix killer | | Homepage: | http://www.h4cky0u.org | | File Size: | 1751 | | Last Modified: | Aug 19 01:00:41 2005 |
| MD5 Checksum: | de65ead31088b1588847201a38fb9f70 |
|
| /// File Name: |
WebWizXSS.txt |
Description:
|
The Web Wiz Forum software is susceptible to a cross site scripting flaw.
| | Author: | sirh0t | | File Size: | 4070 | | Last Modified: | Aug 24 00:40:01 2005 |
| MD5 Checksum: | 437ca49aad788bf13576a13327457a35 |
|
| /// File Name: |
WinAce2605.txt |
Description:
|
Local exploitation of a buffer overflow vulnerability in WinAce 2.6.0.5 allows attackers to execute arbitrary code. Exploit included.
| | Author: | ATmaCA | | Homepage: | http://www.atmacasoft.com | | File Size: | 3827 | | Last Modified: | Aug 23 21:02:46 2005 |
| MD5 Checksum: | ef03c6d30861cb461ac833057f3168d5 |
|
| /// File Name: |
woltlab233.txt |
Description:
|
Woltlab Burning Board versions 2.3.3 and below suffer from SQL injection flaws in modcp.php.
| | Author: | [R] | | Homepage: | http://rootbox.cx.la/ | | File Size: | 1010 | | Last Modified: | Aug 24 00:24:35 2005 |
| MD5 Checksum: | 40e269baa395760ed2d158fabc2f3339 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
