Showing 1 - 25 of 26,860

Exploit Files

Vanilla 2.0.18.4 Cross Site Scripting: Posted May 19, 2012; Authored by Henry Hoggard; The moderator edit account functionality in Vanilla version 2.0.18.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | 7e2f35ca93dab864187814828cae8b89; Download | Favorite | Comments (0)

Vanilla Latest Comment 1.1 Cross Site Scripting: Posted May 19, 2012; Authored by Henry Hoggard; Vanilla version 2.0.18.4 with Latest Comment plugin version 1.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | e757bce29415dacf71305155a64b1c2f; Download | Favorite | Comments (0)

Vanilla About Me 1.1.1 Cross Site Scripting: Posted May 19, 2012; Authored by Henry Hoggard; Vanilla version 2.0.18.4 with About Me plugin version 1.1.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | 1410506aa8649e659b6980edb275a0a7; Download | Favorite | Comments (0)

Oracle Weblogic Apache Connector POST Request Buffer Overflow: Posted May 18, 2012; Site metasploit.com; This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.; tags | exploit, web, overflow; systems | windows, 2k; advisories | CVE-2008-3257, OSVDB-47096; MD5 | 906cfff187bbb0026697ce9e23a575f1; Download | Favorite | Comments (0)

Squiggle 1.7 SVG Browser Java Code Execution: Posted May 18, 2012; Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com; This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.; tags | exploit, java, arbitrary, code execution; systems | linux, windows; MD5 | 2c8371ebf9277f065c37c6f9a57a0aa1; Download | Favorite | Comments (0)

PHP 5.4 Win32 Code Execution: Posted May 18, 2012; Authored by 0in; PHP version 5.4.3 code execution exploit for Win32.; tags | exploit, php, code execution; systems | windows; MD5 | bf7b4442cabfaf14771396d43b041e28; Download | Favorite | Comments (1)

HP VSA Command Execution: Posted May 18, 2012; Authored by Nicolas Gregoire; HP VSA remote command execution exploit.; tags | exploit, remote; MD5 | 569ace67aa28a559c95f0ea2dcf7e73c; Download | Favorite | Comments (0)

SkinCrafter 3.0 Buffer Overflow: Posted May 18, 2012; Authored by Saurabh Sharma; SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.; tags | exploit, overflow, activex; advisories | CVE-2012-2271; MD5 | 960cf97b967da300296a7252c5cd650d; Download | Favorite | Comments (0)

Cryptographp Local File Inclusion / HTTP Response Splitting: Posted May 18, 2012; Authored by Lu33Y; Cryptographp suffers from local file inclusion and HTTP response splitting vulnerabilities.; tags | exploit, web, local, vulnerability, file inclusion; MD5 | 60dabe657f693a1c4d9b4bfe6ae9b2f7; Download | Favorite | Comments (0)

Division 6 IT SQL Injection / Cross Site Scripting: Posted May 17, 2012; Authored by the_cyber_nuxbie; Division 6 IT suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; MD5 | e6aa49527836b842d72680951787521d; Download | Favorite | Comments (0)

Artiphp CMS 5.5.0 Database Backup Disclosure: Posted May 17, 2012; Authored by LiquidWorm | Site zeroscience.mk; Artiphp CMS version 5.5.0 suffers from a database backup disclosure vulnerability.; tags | exploit; MD5 | 05194633dbe64cd33c6d2bc9a46c63ac; Download | Favorite | Comments (0)

Artiphp CMS 5.5.0 Cross Site Scripting: Posted May 17, 2012; Authored by LiquidWorm | Site zeroscience.mk; Artiphp CMS version 5.5.0 suffers from multiple POST cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 8418d0559d7c2fda632eee004ed490d7; Download | Favorite | Comments (0)

SiliSoftware backupDB() 1.2.7a Cross Site Scripting: Posted May 17, 2012; Authored by LiquidWorm | Site zeroscience.mk; SiliSoftware backupDB() version 1.2.7a suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | fdd4f35a4a968373195090e4afe4af34; Download | Favorite | Comments (0)

SiliSoftware phpThumb() 1.7.11 Cross Site Scripting: Posted May 16, 2012; Authored by LiquidWorm | Site zeroscience.mk; SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | f1e640638ed8dc3eac71a5a482db3b0c; Download | Favorite | Comments (0)

FlashPeak SlimBrowser 6.0.1.38 Denial Of Service: Posted May 16, 2012; Authored by demonalex; FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.; tags | exploit, denial of service; MD5 | b9129424b21a6690e12d38542c75d08a; Download | Favorite | Comments (0)

Unijimpe Captcha Cross Site Scripting: Posted May 16, 2012; Authored by Daniel Godoy; Unijimpe Captcha suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | 88a50525ab630bd4268d5fd281052321; Download | Favorite | Comments (0)

Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting: Posted May 15, 2012; Authored by Ivano Binetti; Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; advisories | CVE-2012-2629; MD5 | b46274d71dad8328fcee5d80cfc6ed4b; Download | Favorite | Comments (0)

Liferay 6.1 Cross Site Request Forgery: Posted May 15, 2012; Authored by Jelmer Kuperus; Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.; tags | exploit, proof of concept, csrf; systems | linux; MD5 | 2b12109503d92e9bf2898884245f4f24; Download | Favorite | Comments (0)

SVG Java Execution Trigger: Posted May 15, 2012; Authored by Nicolas Gregoire; Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.; tags | exploit, java, code execution, proof of concept; systems | linux; MD5 | 14de63077e55a7c29ecb567ff57d0d25; Download | Favorite | Comments (0)

Liferay 6.1 Name / Email Address Disclosure: Posted May 15, 2012; Authored by Jelmer Kuperus; Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.; tags | exploit, proof of concept, info disclosure; systems | linux; MD5 | 1c9db5e006b9833dda17ca6d031cba9b; Download | Favorite | Comments (0)

Liferay 5.x / 6.x Cross Site Scripting: Posted May 15, 2012; Authored by Jelmer Kuperus; Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | e109ffd11302435030168f60435e9421; Download | Favorite | Comments (0)

TunInfo SQL Injection: Posted May 15, 2012; Authored by the_cyber_nuxbie; TunInfo suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; MD5 | 73d227f77c8ac6212e4a5cd3db3a8674; Download | Favorite | Comments (0)

Liferay 6.1 No Account Access Bypass: Posted May 15, 2012; Authored by Jelmer Kuperus; Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.; tags | exploit, proof of concept, bypass; systems | linux; MD5 | b45af907ccb22997e62ef3d74a4de98f; Download | Favorite | Comments (0)

Multimedia Builder 4.9.8 Denial Of Service: Posted May 15, 2012; Authored by Ahmed Elhady Mohamed; Multimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.; tags | exploit, denial of service; MD5 | 9b662835aa9215e59b130deb0de64a13; Download | Favorite | Comments (0)

WordPress Track That Stat 1.0.8 Cross Site Scripting: Posted May 15, 2012; Authored by Heine Pedersen, Torben Jensen; WordPress Track That Stat plugin version 1.0.8 suffers from a cross site scripting vulnerability.; tags | exploit, xss; MD5 | 148509ae8edc1038128b97a56f0f73dc; Download | Favorite | Comments (0)

Page 1 of 1,075 Back 1 2 3 4 5 Next

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Debian 26 files
Red Hat 26 files
Ubuntu 23 files
HauntIT 22 files
Mandriva 18 files
the_cyber_nuxbie 12 files
HP 11 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,793)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,466)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,598)
Mac OS X (415)
Mandriva (2,202)
NetBSD (235)
OpenBSD (414)
RedHat (2,417)
Slackware (378)
Solaris (1,472)
SUSE (1,227)
Ubuntu (2,717)
UNIX (6,847)
UnixWare (148)
Windows (4,011)
Other

Exploit Files

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems