Section: .. / 1002-exploits /
| /// File Name: |
cmsd_exploit.c |
Description:
|
AIX RPC.cmsd remote stack buffer overflow proof of concept exploit.
| | Author: | Rodrigo Rubira Branco | | Related File: | 10.07.09-1.txt | | File Size: | 2148 | | Last Modified: | Feb 2 22:22:12 2010 |
| MD5 Checksum: | 07e89cdb3a2afe27888f80e560197ff5 |
|
| /// File Name: |
cmsmadesimple-lfixss.txt |
Description:
|
CMSMadeSimple version 1.6.6 suffers from cross site scripting and local file inclusion vulnerabilities.
| | Author: | Beenu Arora | | File Size: | 1780 | | Last Modified: | Feb 12 15:57:14 2010 |
| MD5 Checksum: | d896c727049f245a6d704b63b4cd0e11 |
|
| /// File Name: |
codeigniter-rfi.txt |
Description:
|
CodeIgniter version 1.0 suffers from a remote file inclusion vulnerability.
| | Author: | eidelweiss | | File Size: | 1692 | | Last Modified: | Feb 15 15:27:37 2010 |
| MD5 Checksum: | e42b281f07784839e5c718b222adc869 |
|
| /// File Name: |
coffienet-bypass.txt |
Description:
|
CoffieNet CMS suffers from a direct access administrative bypass vulnerability.
| | Author: | indoushka | | File Size: | 1935 | | Last Modified: | Feb 15 18:03:49 2010 |
| MD5 Checksum: | c62cd508fb14111e6ee10c9abb07932e |
|
| /// File Name: |
comptelinstantlink-xss.txt |
Description:
|
The Comptel InstantLink system suffers from a cross site scripting vulnerability.
| | Author: | thebluegenius | | File Size: | 1366 | | Last Modified: | Feb 26 14:05:50 2010 |
| MD5 Checksum: | 4e59a6d642da4b0d3b730c8ef9f437dd |
|
| /// File Name: |
coppermine_piceditor.rb.txt |
Description:
|
This Metasploit module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed. NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time.
| | Author: | Janek Vind aka waraxe | | Homepage: | http://www.metasploit.com | | File Size: | 3842 | | Related OSVDB(s): | 41676 | | Related CVE(s): | CVE-2008-0506 | | Last Modified: | Feb 20 14:41:10 2010 |
| MD5 Checksum: | 348630ab822d73fca3d6902525794666 |
|
| /// File Name: |
CORE-2009-0625.txt |
Description:
|
Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
| | Author: | Core Security Technologies,Federico Muttis,Jorge Luis Alvarez Medina | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 18432 | | Related CVE(s): | CVE-2010-0255 | | Last Modified: | Feb 4 02:20:01 2010 |
| MD5 Checksum: | 36320648119fe6322abfd8ce8887f87e |
|
| /// File Name: |
CORE-2010-0104.txt |
Description:
|
Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
| | Author: | Adrian Manrique,Aureliano Calvo,Core Security Technologies | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 10300 | | Related CVE(s): | CVE-2010-0368, CVE-2010-0369 | | Last Modified: | Feb 5 19:16:11 2010 |
| MD5 Checksum: | 92cacafd80234bf0eb614d89411c5edb |
|
| /// File Name: |
CORE-2010-0106.txt |
Description:
|
Core Security Technologies Advisory - The Cisco Secure Desktop web application does not sufficiently verify if a well-formed request was provided by the user who submitted the POST request, resulting in a cross-site scripting vulnerability. In order to be able to successfully make the attack, the Secure Desktop application on the Cisco Appliance must be turned on.
| | Author: | Core Security Technologies | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7791 | | Related CVE(s): | CVE-2010-0440 | | Last Modified: | Feb 1 20:45:49 2010 |
| MD5 Checksum: | 43bf3b5f149665627a5281e53af94e5a |
|
| /// File Name: |
CORE-2010-0121.txt |
Description:
|
Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.
| | Author: | Core Security Technologies,Dan Crowley | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 16509 | | Last Modified: | Feb 5 20:42:15 2010 |
| MD5 Checksum: | 8e5f421a8e3147938908dd4d9a608315 |
|
| /// File Name: |
coreftp.py.txt |
Description:
|
CoreFTP version 2.1 b1637 password field universal buffer overflow exploit.
| | Author: | corelanc0d3r,mr_me | | File Size: | 5472 | | Last Modified: | Feb 2 16:32:02 2010 |
| MD5 Checksum: | 41a135ea6e8049a11c9d8ec050efe027 |
|
| /// File Name: |
corelan-10-008-evalmsi.txt |
Description:
|
Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities.
| | Author: | corelanc0d3r | | File Size: | 4546 | | Last Modified: | Feb 5 18:25:42 2010 |
| MD5 Checksum: | 4e7f78c58e5eef2a0cf77410c4835a99 |
|
| /// File Name: |
corelan-10-009-ipswitch-imail.txt |
Description:
|
Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability.
| | Author: | sinn3r | | File Size: | 6623 | | Last Modified: | Feb 5 18:28:00 2010 |
| MD5 Checksum: | c0af0f3102545f2df46f09690d825db9 |
|
| /// File Name: |
CORELAN-10-010.txt |
Description:
|
GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
| | Author: | MarkoT | | Homepage: | http://www.corelan.be/ | | File Size: | 2801 | | Last Modified: | Feb 8 20:43:57 2010 |
| MD5 Checksum: | 0e7f9fafc9f7fcb06b0568d00318a9a8 |
|
| /// File Name: |
coupons-bypass.txt |
Description:
|
Coupons suffers from a direct access administrative bypass vulnerability.
| | Author: | indoushka | | File Size: | 1763 | | Last Modified: | Feb 20 13:47:23 2010 |
| MD5 Checksum: | 5887f82eafb23b35b11b2de6d5e62b05 |
|
| /// File Name: |
cpanel-xsrf.tgz |
Description:
|
cPanel suffers from multiple cross site request forgery vulnerabilities.
| | Author: | SecurityRules | | Homepage: | http://sec-r1z.com/ | | File Size: | 1380 | | Last Modified: | Feb 23 01:20:29 2010 |
| MD5 Checksum: | dc962d229e8eab1a4a68fb5e51559edd |
|
| /// File Name: |
croogo-xsrf.txt |
Description:
|
Croogo version 1.2.1 suffers from a cross site request forgery vulnerability.
| | Author: | Milos Zivanovic | | File Size: | 2460 | | Last Modified: | Feb 8 17:39:40 2010 |
| MD5 Checksum: | f52707b51eba2f300845199d785ba7b4 |
|
| /// File Name: |
cubecartindex-sql.txt |
Description:
|
CubeCart suffers from a remote SQL injection vulnerability.
| | Author: | AtT4CKxT3rR0r1ST | | File Size: | 941 | | Last Modified: | Feb 18 21:23:18 2010 |
| MD5 Checksum: | fb74314baf44c6f9b0ffc3fb5150e4f8 |
|
| /// File Name: |
cve-2010-0453.c |
Description:
|
This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.
| | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | Related File: | TKADV2010-001.txt | | File Size: | 1671 | | Related CVE(s): | CVE-2010-0453 | | Last Modified: | Feb 8 19:59:42 2010 |
| MD5 Checksum: | 2a0447bcfa866c531eb52571f1f41998 |
|
| /// File Name: |
dachooch-sql.txt |
Description:
|
Dachooch suffers from a remote SQL injection vulnerability.
| | Author: | Snakespc | | File Size: | 872 | | Last Modified: | Feb 12 17:51:04 2010 |
| MD5 Checksum: | c4e0d3588005cd860401af7351a5286d |
|
| /// File Name: |
damailinglist-sqldisclose.txt |
Description:
|
DA Mailing List version 2 suffers from remote SQL injection and database disclosure vulnerabilities.
| | Author: | Phenom | | File Size: | 2943 | | Last Modified: | Feb 8 19:29:55 2010 |
| MD5 Checksum: | 788ce3a808958d671ddad91b8303fb9d |
|
| /// File Name: |
deepburner.c |
Description:
|
Deepburner Pro version 1.9.0.228 dbr file universal buffer overflow exploit.
| | Author: | fl0 fl0w | | File Size: | 16371 | | Last Modified: | Feb 2 22:19:33 2010 |
| MD5 Checksum: | 3947416e25068b90cb387e048c42cebe |
|
| /// File Name: |
deepburner_path.rb.txt |
Description:
|
This Metasploit module exploits a stack-based buffer overflow in versions 1.9.0.228, 1.8.0, and possibly other versions of AstonSoft's DeepBurner (Pro, Lite, etc). An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded DBR file within a browser, since the DBR extension is registered to DeepBurner.
| | Author: | Expanders,fl0 fl0w | | Homepage: | http://www.metasploit.com | | File Size: | 3874 | | Related OSVDB(s): | 32356 | | Related CVE(s): | CVE-2006-6665 | | Last Modified: | Feb 5 18:58:19 2010 |
| MD5 Checksum: | 35c9773dc0a7fa04a697d0a53ee89484 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
