Section: .. / 0712-exploits /
| /// File Name: |
phpmyrealty-sql.txt |
Description:
|
phpMyRealty version 1.0.x suffers from a remote SQL injection vulnerability in search.php.
| | Author: | Koller | | Homepage: | http://xaker.name/ | | File Size: | 1579 | | Last Modified: | Dec 19 19:34:41 2007 |
| MD5 Checksum: | 935b527f913d6735c673beeb82735fb1 |
|
| /// File Name: |
phprpg-sql.txt |
Description:
|
PHP RPG version 0.8.0 appears to suffer from SQL injection and information disclosure vulnerabilities.
| | Author: | Michael Brooks | | File Size: | 728 | | Last Modified: | Dec 17 20:18:12 2007 |
| MD5 Checksum: | 6869343b5d263ecee0a04b7e1fb04c10 |
|
| /// File Name: |
phpsf-multi.txt |
Description:
|
The PHP Security Framework Beta 1 is susceptible to remote file inclusion and SQL injection vulnerabilities.
| | Author: | DarkFig | | File Size: | 8702 | | Last Modified: | Dec 17 20:31:12 2007 |
| MD5 Checksum: | e07bfb80e877c580185c4b1ab451a873 |
|
| /// File Name: |
phpzlink-sql.txt |
Description:
|
PHP ZLink version 0.3 remote SQL injection exploit that makes use of go.php.
| | Author: | DNX | | File Size: | 2718 | | Last Modified: | Dec 24 14:32:03 2007 |
| MD5 Checksum: | 7bb04116b4299a35eca34552b6689793 |
|
| /// File Name: |
pmos-exec.txt |
Description:
|
PMOS Help Desk versions 2.4 and below remote command execution exploit.
| | Author: | EgiX | | File Size: | 4253 | | Last Modified: | Dec 28 17:51:45 2007 |
| MD5 Checksum: | 38a0ab698014f8f7c7c898f6bc84147a |
|
| /// File Name: |
pnphpbb2-lfi.txt |
Description:
|
PNphpBB2 versions 1.2i and below suffer from a local file inclusion vulnerability in printview.php.
| | Author: | irk4z | | File Size: | 1359 | | Last Modified: | Dec 28 18:07:37 2007 |
| MD5 Checksum: | 5220f81d43e3d77de5ef990354283bcb |
|
| /// File Name: |
poldoccms-disclose.txt |
Description:
|
PolDoc CMS version 0.96 suffers from a remote file disclosure vulnerability in download_file.php.
| | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 226 | | Last Modified: | Dec 8 18:25:31 2007 |
| MD5 Checksum: | 33c0a6529ccbe8a86a185dd81aaf2c54 |
|
| /// File Name: |
PR07-39.txt |
Description:
|
Directory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.
| | Author: | Adrian Pastor, Jan Fry, Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 6437 | | Last Modified: | Dec 5 23:01:08 2007 |
| MD5 Checksum: | 684697b6b76075b8a430cdfae765642b |
|
| /// File Name: |
raidhttpdudo.txt |
Description:
|
RaidenHTTPD version 2.0.19 ulang command execution proof of concept exploit.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 1794 | | Last Modified: | Dec 17 21:16:12 2007 |
| MD5 Checksum: | 480db94329c1eac50def73cc321b85cf |
|
| /// File Name: |
rayzz-rfli.txt |
Description:
|
Rayzz Script version 2.0 suffers from remote and local file inclusion vulnerabilities.
| | Author: | Crackers_Child | | File Size: | 1585 | | Last Modified: | Dec 2 16:02:48 2007 |
| MD5 Checksum: | 0445e70bdf7c5f765545448de43f9944 |
|
| /// File Name: |
realpdos_au.txt |
Description:
|
RealPlayer 11 suffers from a denial of service condition when handling a malformed AU file exploit.
| | Author: | Abed Adonis | | Homepage: | http://www.safehack.com/ | | File Size: | 4226 | | Last Modified: | Dec 2 16:11:19 2007 |
| MD5 Checksum: | 90c2bb1c01945a3dd9a72b22cde47e8a |
|
| /// File Name: |
rosoft-player-expl.c |
Description:
|
Rosoft Media Player versions 4.1.7 and below .M3U file stack overflow exploit that binds a shell to port 4444.
| | Author: | devcode | | File Size: | 4003 | | Last Modified: | Dec 18 19:53:35 2007 |
| MD5 Checksum: | b0d500f7a138af644f1478ce0bd1a532 |
|
| /// File Name: |
runcms-multi.txt |
Description:
|
RunCMS version 1.6 suffers from SQL injection, cross site scripting, predictable session id, and other vulnerabilities.
| | Author: | Alexandr Polyakov,Stas Svistunovich | | File Size: | 5746 | | Last Modified: | Dec 28 17:29:08 2007 |
| MD5 Checksum: | 81623bea6360468867a46926a84073b5 |
|
| /// File Name: |
runcms-sql.txt |
Description:
|
RunCMS version 1.6 get admin cookie remote blind SQL injection exploit.
| | Author: | Sh2kerr | | Homepage: | http://www.dsec.ru/ | | File Size: | 6020 | | Last Modified: | Dec 28 17:25:14 2007 |
| MD5 Checksum: | 087b777aa997d970867589f82d3062e7 |
|
| /// File Name: |
runcms-sqlids.txt |
Description:
|
RunCMS version 1.6 remote blind SQL injection exploit with IDS evasion capabilities.
| | Author: | Sh2kerr | | Homepage: | http://www.dsec.ru/ | | File Size: | 5245 | | Last Modified: | Dec 28 17:54:59 2007 |
| MD5 Checksum: | 91053be594c500d5c8d4bf8e2c602710 |
|
| /// File Name: |
samba_nmbddos.c |
Description:
|
Denial of service exploit for Samba versions below 3.0.27 that makes use of the NetBIOS replies stack-based buffer overflow vulnerability.
| | Author: | Gill Bates | | File Size: | 10790 | | Related CVE(s): | CVE-2007-5398 | | Last Modified: | Dec 17 20:23:26 2007 |
| MD5 Checksum: | 3e4b89f27e0d7b8b5b04028a306ac357 |
|
| /// File Name: |
seclog-2007-001.txt |
Description:
|
NoseRub versions 0.5.2 and below suffer from a SQL injection vulnerability.
| | Author: | Felix Groebert | | Homepage: | http://seclog.de/ | | File Size: | 4944 | | Last Modified: | Dec 28 20:23:30 2007 |
| MD5 Checksum: | 082b8e4c54ce3efe96c596a7cfe889dc |
|
| /// File Name: |
serendipity-xss.txt |
Description:
|
The Serendipity blog system contains a plugin to display the content of feeds in the sidebar (serendipity_plugin_remoterss). If an attacker can modify the RSS feed, it is possible to inject javascript code in the link part, because it is not correctly escaped. Versions below 1.2.1 are affected.
| | Author: | Hanno Boeck | | Homepage: | http://www.hboeck.de/ | | File Size: | 1316 | | Related CVE(s): | CVE-2007-6205 | | Last Modified: | Dec 10 19:43:37 2007 |
| MD5 Checksum: | b821d6ea55e23f0392f1f8a833a17acd |
|
| /// File Name: |
serweb-rfilfi.txt |
Description:
|
SerWeb versions 2.0.0 dev1 2007-02-20 and below suffer from multiple remote and local file inclusion vulnerabilities.
| | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 420 | | Last Modified: | Dec 7 12:43:02 2007 |
| MD5 Checksum: | fe882164e8c8e9c4285283912f6bc8b6 |
|
| /// File Name: |
shnews-sql.txt |
Description:
|
SH-News version 3.0 suffers from a remote SQL injection vulnerability in comments.php.
| | Author: | hadihadi | | File Size: | 1068 | | Last Modified: | Dec 10 17:11:19 2007 |
| MD5 Checksum: | 7814f65c7210ed1ed5f0a82139fedf5a |
|
| /// File Name: |
simple-py.txt |
Description:
|
Simple HTTPD version 1.3 /aux remote denial of service exploit.
| | Author: | shinnai | | Homepage: | http://shinnai.altervista.org/ | | File Size: | 684 | | Last Modified: | Dec 11 22:16:36 2007 |
| MD5 Checksum: | dc603d793628d0a7afc91ceeba96cae9 |
|
| /// File Name: |
simple-traverse.txt |
Description:
|
Simple HTTPD versions 1.38 and below suffer from directory traversal and script viewing vulnerabilities. Details for exploitation provided.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 2316 | | Last Modified: | Dec 7 20:19:25 2007 |
| MD5 Checksum: | 9e1df2ac8d37aa7da73fd989c8cf9a32 |
|
| /// File Name: |
sinecms-sql.txt |
Description:
|
SineCMS versions 2.3.4 and below with the Calendar module suffer from a remote SQL injection vulnerability.
| | Author: | KiNgOfThEwOrLd | | Homepage: | http://www.inj3ct-it.org/ | | File Size: | 2802 | | Last Modified: | Dec 6 00:22:40 2007 |
| MD5 Checksum: | 8b0c4f06fcf765fe59c902b1942cefc7 |
|
| /// File Name: |
skyfex-dos.txt |
Description:
|
SkyFex Client version 1.0 remote stack overflow proof of concept exploit that makes use of the ActiveX Start() method.
| | Author: | shinnai | | Homepage: | http://shinnai.altervista.org/ | | File Size: | 2164 | | Last Modified: | Dec 28 17:18:39 2007 |
| MD5 Checksum: | 60acbdc4c0a19100cde1215ef246cab1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
