Section: .. / 0910-exploits /

Page 1 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 1 - 25 of 209

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	EverFocus_Edsr_Exploit.tar.gz
Description:	The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.
Author:	Andrea Fabrizi
Homepage:	http://www.andreafabrizi.it/
File Size:	67659
Last Modified:	Oct 14 21:02:54 2009
MD5 Checksum:	0110c0963015b92c7829d39f94c7d024

/// File Name:	CVE-2009-1979.zip
Description:	Proof of concept exploit for Oracle Database versions 10.1.0.5 and 10.2.0.4 that relates to an improper AUTH_SESSKEY parameter length validation.
Author:	Dennis Yurichev
File Size:	36296
Related CVE(s):	CVE-2009-1979
Last Modified:	Oct 30 15:38:16 2009
MD5 Checksum:	660b662ab4b883cfab9655f94f942ca7

/// File Name:	U3D-overrun.py.txt
Description:	This is a detailed analysis regarding the U3D CLODProgressiveMeshDeclaration initialization array overrun that affects Adobe Acrobat Reader versions 7.x, 8.x, and 9.x. Exploit included.
Author:	Felipe Andres Manzano
File Size:	22734
Related CVE(s):	CVE-2009-2994
Last Modified:	Oct 27 10:51:18 2009
MD5 Checksum:	5f19c6d7ff938e0ce48d2133fe048576

/// File Name:	xpdf-overflow.txt
Description:	Xpdf allows local and remote attackers to overflow a buffer on the heap via an integer overflow vulnerability. Xpdf is prone to a NULL pointer dereference attack. Proof of concept pdf included.
Author:	Adam Zabrocki
File Size:	19648
Last Modified:	Oct 17 15:51:19 2009
MD5 Checksum:	41fe0496ebc9657e8ed7b82d93dde2da

/// File Name:	9sg_runcms_forum_sql.txt
Description:	RunCMS version 2M1 /modules/forum/post.php semi-blind remote SQL injection exploit.
Author:	Nine:Situations:Group::bookoo
Homepage:	http://retrogod.altervista.org/
File Size:	17051
Last Modified:	Oct 26 16:23:51 2009
MD5 Checksum:	9755d685724246ee4a10ee140b892754

/// File Name:	jetty-xssdisclose.txt
Description:	Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.
Author:	Antonio Parata,Francesco Ongaro,Giovanni Pellerano
Homepage:	http://www.ush.it/
File Size:	15429
Last Modified:	Oct 26 16:42:12 2009
MD5 Checksum:	aef5b932405a374f8c291772b008fbb9

/// File Name:	php_unserialize_zval_cookie.rb.txt
Description:	This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.
Author:	GML,H D Moore,Stefan Esser
Homepage:	http://www.metasploit.com
File Size:	12349
Related OSVDB(s):	32771
Related CVE(s):	CVE-2007-1286
Last Modified:	Oct 27 17:32:23 2009
MD5 Checksum:	5328f9ccf0fabc5d2f0900b7b86d6114

/// File Name:	9sg_runcms_store_sql.txt
Description:	RunCMS version 2M1 store() remote SQL injection exploit.
Author:	Nine:Situations:Group::bookoo
Homepage:	http://retrogod.altervista.org/
File Size:	11960
Last Modified:	Oct 26 16:27:01 2009
MD5 Checksum:	406fdee87817625e5c47c1ab53e007cc

/// File Name:	CORE-2009-0812.txt
Description:	Core Security Technologies Advisory - Multiple cross-site scripting vulnerabilities (both stored and reflected) have been found in the web interface of Hyperic HQ, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of the browser of a legitimate logged in user.
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	11531
Related CVE(s):	CVE-2009-2897, CVE-2009-2898
Last Modified:	Oct 5 19:13:18 2009
MD5 Checksum:	c84787eba30a9d9b9513c1d252ec6232

/// File Name:	getunique.c
Description:	Mozilla Firefox version 3.5.3 local download manager exploit that demonstrates a temporary file creation vulnerability.
Author:	Jeremy Brown
Homepage:	http://jbrownsec.blogspot.com/
File Size:	9684
Last Modified:	Oct 28 16:15:00 2009
MD5 Checksum:	ff0a70ec71952b02c7ea238923d542dc

/// File Name:	safari_metadata_archive.rb.txt
Description:	This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	9516
Related OSVDB(s):	23510
Related CVE(s):	CVE-2006-0848
Last Modified:	Oct 28 14:58:15 2009
MD5 Checksum:	c9eff8239967b82607204dfb73547679

/// File Name:	libcfts2-dos.txt
Description:	libc:fts_*() suffers from multiple denial of service vulnerabilities. This affects multiple vendors.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	9282
Last Modified:	Oct 2 13:24:06 2009
MD5 Checksum:	12f5efcaff2ce616d39734fb7ba13ddd

/// File Name:	cubecart4-bypass.txt
Description:	CubeCart 4 suffers from a really nasty session management bypass vulnerability.
Author:	Bogdan Calin
Homepage:	http://www.acunetix.com/
File Size:	9130
Last Modified:	Oct 30 15:37:01 2009
MD5 Checksum:	7581bc6c05ca76a7306651bb56bb45f3

/// File Name:	madwifi_giwscan_cb.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.
Author:	Julien Tinnes,Laurent Butti
File Size:	8932
Related OSVDB(s):	31267
Related CVE(s):	CVE-2006-6332
Last Modified:	Oct 27 14:09:44 2009
MD5 Checksum:	08745c6fa50ec188b98852ec2891a8bd

/// File Name:	lsa_transnames_heap.rb.txt
Description:	This Metasploit module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method (credit Ramon and Adriano), which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher than "2".
Author:	Adriano Lima
Homepage:	http://www.risesecurity.org/
File Size:	8185
Related OSVDB(s):	34699
Related CVE(s):	CVE-2007-2446
Last Modified:	Oct 27 16:27:36 2009
MD5 Checksum:	8f84f393fa7096a43ae30b92fc8df61d

/// File Name:	tikiwiki_jhot_exec.rb.txt
Description:	TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity. The vulnerability has been reported in Tikiwiki version 1.9.4.
Author:	Matteo Cantoni
File Size:	7407
Related OSVDB(s):	28456
Related CVE(s):	CVE-2006-4602
Last Modified:	Oct 30 14:58:37 2009
MD5 Checksum:	bfe0080ed3f0b35548031d6376c39223

/// File Name:	hagent_untrusted_hsdata.rb.txt
Description:	This Metasploit module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.
Author:	Kevin Finisterre
File Size:	7029
Related OSVDB(s):	55839
Related CVE(s):	CVE-2009-0695
Last Modified:	Oct 27 20:50:48 2009
MD5 Checksum:	81c6b3ec51a59ee4082efe5546123b56

/// File Name:	pentaho-xss.txt
Description:	Pentaho version 1.7.0.1062 and below suffer from cross site scripting and disclosure vulnerabilities.
Author:	euronymous
File Size:	6597
Last Modified:	Oct 15 14:47:11 2009
MD5 Checksum:	7657af02b25405d624bc4c3b68b2d6a7

/// File Name:	9sg_ibm_setnet32.txt
Description:	IBM Informix Client SDK 3.0 SetNet32 File (.nfx) Hostsize integer overflow exploit with Windows adduser shellcode.
Author:	Nine:Situations:Group::Bruiser
Homepage:	http://retrogod.altervista.org/
File Size:	6368
Last Modified:	Oct 5 19:11:04 2009
MD5 Checksum:	38c82f93bb1b95e5e0790445b61e6047

/// File Name:	sphpblog_file_upload.rb.txt
Description:	This Metasploit module combines three separate issues within The Simple PHP Blog (versions 0.4.0 and below) application to upload arbitrary data and thus execute a shell. The first vulnerability exposes the hash file (password.txt) to unauthenticated users. The second vulnerability lies within the image upload system provided to logged-in users; there is no image validation function in the blogger to prevent an authenticated user from uploading any file type. The third vulnerability occurs within the blog comment functionality, allowing arbitrary files to be deleted.
Author:	Matteo Cantoni
File Size:	6197
Related OSVDB(s):	19012
Related CVE(s):	CVE-2005-2733
Last Modified:	Oct 30 14:53:25 2009
MD5 Checksum:	06420dea2b1236798228c7e9d86f4beb

/// File Name:	openview_omniback_exec.rb.txt
Description:	This Metasploit module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module.
Author:	H D Moore,patrick
Homepage:	http://www.metasploit.com
File Size:	6055
Related OSVDB(s):	6018
Related CVE(s):	CVE-2001-0311
Last Modified:	Oct 27 17:26:35 2009
MD5 Checksum:	b269dc6f7984d396b3e5e9acaf44dd3c

/// File Name:	mailapp_image_exec.rb.txt
Description:	This Metasploit module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.
Author:	H D Moore,Kevin Finisterre
Homepage:	http://www.metasploit.com
File Size:	6019
Related OSVDB(s):	40875
Related CVE(s):	CVE-2006-0395, CVE-2007-6165
Last Modified:	Oct 28 15:01:17 2009
MD5 Checksum:	65efe27dbff4de35ebd1ec592beb222c

/// File Name:	firefox_escape_retval.rb.txt
Description:	This Metasploit module exploits a memory corruption vulnerability in the Mozilla Firefox browser. This flaw occurs when a bug in the javascript interpreter fails to preserve the return value of the escape() function and results in uninitialized memory being used instead. This module has only been tested on Windows, but should work on other platforms as well with the current targets.
Author:	H D Moore,Simon Berry-Byrne
File Size:	5581
Related OSVDB(s):	55846
Last Modified:	Oct 27 16:35:44 2009
MD5 Checksum:	6116e92fca1903ed3250f521944da945

/// File Name:	qtjava_pointer.rb.txt
Description:	This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
Author:	Dino A Dai Zovi,H D Moore,Kevin Finisterre
Homepage:	http://www.metasploit.com
File Size:	5492
Related OSVDB(s):	23608
Related CVE(s):	CVE-2007-2175
Last Modified:	Oct 27 17:15:01 2009
MD5 Checksum:	fd12e3cb5086c03366ca1e1daa1f55f1

/// File Name:	upnp_location.rb.txt
Description:	This Metasploit module exploits the Mac OS X mDNSResponder UPnP location overflow.
Homepage:	http://www.metasploit.com
File Size:	5371
Last Modified:	Oct 28 15:58:46 2009
MD5 Checksum:	00933391fec89081e5a6100903e69651