Section: .. / 0611-exploits /
| /// File Name: |
xssshellv039.zip |
Description:
|
XSS Shell is a powerful cross site scripting backdoor. XSS Shell allows interactively getting control over a cross site scripting (XSS) vulnerability in a web application. It demonstrates the real power and damage of cross site scripting attacks.
| | Author: | Ferruh Mavituna | | Homepage: | http://ferruh.mavituna.com/ | | File Size: | 852444 | | Last Modified: | Nov 7 00:58:51 2006 |
| MD5 Checksum: | 0947babc5801dabce902869a44f85048 |
|
| /// File Name: |
MOKB-21-11-2006.dmg.bz2 |
Description:
|
Denial of service exploit for Mac OS X that demonstrates a failure to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors). Memory corruption is present but is unlikely to allow for arbitrary code execution.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/mokb/MOKB-21-11-2006.html | | File Size: | 192272 | | Last Modified: | Nov 22 02:04:26 2006 |
| MD5 Checksum: | ed1007245a6c325814fabdf084b169e3 |
|
| /// File Name: |
MOKB-02-11-2006.img.gz |
Description:
|
The following filesystem image can be used to reproduce a bug in the Linux 2.6.x kernel series where the squashfs module fails to properly handle corrupted fs structures.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/ | | Related File: | MOKB-02-11-2006.html | | File Size: | 42078 | | Last Modified: | Nov 2 21:04:07 2006 |
| MD5 Checksum: | 3719d5a0c2b221e4289b5ee452838af3 |
|
| /// File Name: |
winzip-bof.txt |
Description:
|
WinZIP versions 10.0.7245 and below FileView ActiveX control remote buffer overflow exploit.
| | Author: | prdelka | | Homepage: | https://prdelka.blackart.org.uk/ | | File Size: | 13315 | | Last Modified: | Nov 16 11:25:51 2006 |
| MD5 Checksum: | 421934b64e514f5fd6e14e2a68eee841 |
|
| /// File Name: |
nst-29.txt |
Description:
|
The Journal module in PHP-Nuke 7.9 and prior suffers from SQL injection in search.php. POC exploit included that grabs the password hash of the first admin.
| | Author: | [NST] | | Homepage: | http://www.neosecurityteam.net/ | | File Size: | 12842 | | Last Modified: | Oct 31 18:34:23 2006 |
| MD5 Checksum: | 93c7fef47bb65bcdc704a49530dd541c |
|
| /// File Name: |
vd_proftpd.pm.txt |
Description:
|
A remotely exploitable stack overflow vulnerability has been found in ProFTPD server. The vulnerability allows a remote authenticated attacker to gain root privileges. Versions below 1.3.0a are affected. Exploit included.
| | Author: | Evgeny Legerov | | Homepage: | http://www.gleg.net/ | | File Size: | 12526 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 30 19:06:34 2006 |
| MD5 Checksum: | b1752a0ea3478f34b3424fdb19d3671c |
|
| /// File Name: |
ms06070-2.c |
Description:
|
Microsoft Windows Wkssvc NetrJoinDomain2 stack overflow exploit that works against the vulnerability described in MS06-070. Fixed by S A Stevens.
| | Author: | cocoruder, S A Stevens | | Homepage: | http://ruder.cdut.net/default.asp | | File Size: | 12087 | | Last Modified: | Nov 20 12:03:14 2006 |
| MD5 Checksum: | 95bc617d247f39dd3011dc8d9d277937 |
|
| /// File Name: |
ms06070.c |
Description:
|
Microsoft Windows Wkssvc NetrJoinDomain2 stack overflow exploit that works against the vulnerability described in MS06-070.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/default.asp | | File Size: | 11836 | | Last Modified: | Nov 16 11:27:51 2006 |
| MD5 Checksum: | 5f345c7860fdf68e10b87e540f99880d |
|
| /// File Name: |
phpwind-501.txt |
Description:
|
PHPWind versions 5.0.1 and below AdminUser remote blind SQL injection exploit.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 9150 | | Last Modified: | Nov 14 02:01:55 2006 |
| MD5 Checksum: | 18e9515c184821f51140b2b519dcbe7e |
|
| /// File Name: |
XHNB-Novell-eDirectory_remote_bof.c |
Description:
|
Novell eDirectory versions 9.0 and below DHost remote buffer overflow exploit.
| | Author: | FistFuXXer, Expanders | | File Size: | 8643 | | Last Modified: | Nov 6 23:52:47 2006 |
| MD5 Checksum: | 1ed95b6be03b156bf4d22e7d5f95b29e |
|
| /// File Name: |
quickcart-20.txt |
Description:
|
QuickCart versions 2.0 and below local file inclusion exploit that leverages actions_client/gallery.php.
| | Author: | Kacper | | Homepage: | http://www.rahim.webd.pl/ | | File Size: | 8482 | | Last Modified: | Nov 14 01:55:46 2006 |
| MD5 Checksum: | 93ad7b90ec3259c85490ad21e3de4d4d |
|
| /// File Name: |
ASPPortal-400.txt |
Description:
|
ASPPortal versions 4.0.0 and below remote SQL injection exploit that makes use of default1.asp.
| | Author: | ajann | | File Size: | 7780 | | Last Modified: | Nov 14 01:02:56 2006 |
| MD5 Checksum: | 64efb632dfb906d4e3d6c6a242605d18 |
|
| /// File Name: |
ramacms068.txt |
Description:
|
Rama CMS versions 0.68 and below local file inclusion exploit.
| | Author: | Kacper | | Homepage: | http://www.rahim.webd.pl/ | | File Size: | 7729 | | Last Modified: | Nov 14 02:00:41 2006 |
| MD5 Checksum: | 71fa42e645ae38422c86778fbe0014af |
|
| /// File Name: |
efsStream.txt |
Description:
|
EFS Easy Address Book web server versions 1.2 and below remote file stream exploit.
| | Author: | Greg Linares | | File Size: | 7426 | | Last Modified: | Nov 6 23:53:56 2006 |
| MD5 Checksum: | a0e60c4c0b0df7017a24f65de41eef52 |
|
| /// File Name: |
wbblite_102_sql.html |
Description:
|
Woltlab Burning Board Lite version 1.0.2 Zend_Hash_Del_Key_Or_Index / blind SQL injection exploit.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 7406 | | Last Modified: | Nov 26 22:34:55 2006 |
| MD5 Checksum: | 51876241b351f7781a3c0d53a94cc130 |
|
| /// File Name: |
sap-banner.c |
Description:
|
SAP RFC_SYSTEM_INFO information disclosure exploit that leaks OS type, real IP address, SAP version, and more.
| | Author: | Nicob | | File Size: | 7357 | | Last Modified: | Nov 14 01:47:34 2006 |
| MD5 Checksum: | 96b58aa2aba723709a768cf2d891f460 |
|
| /// File Name: |
SAP_WebAS_UDP_DoS.c |
Description:
|
Two byte UDP denial of service exploit for SAP version below 6.40 patch 6.
| | Author: | Nicob | | File Size: | 6684 | | Last Modified: | Nov 14 01:45:34 2006 |
| MD5 Checksum: | 4317da203cf4470a5db5b6b1e174503c |
|
| /// File Name: |
easyFilePwn.txt |
Description:
|
Easy File Sharing Web Server version 4 remote information stealing exploit.
| | Author: | Greg Linares | | File Size: | 6379 | | Last Modified: | Nov 6 23:50:42 2006 |
| MD5 Checksum: | 69d0257dcbcbdabff405d804a597d5dc |
|
| /// File Name: |
daringphucball.rb |
Description:
|
The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values. This is the Metasploit module for this vulnerability.
| | Author: | H D Moore | | Homepage: | http://metasploit.com/ | | File Size: | 6172 | | Last Modified: | Nov 2 21:08:16 2006 |
| MD5 Checksum: | b3bece5770fb6b8baf288b1f5e1f6148 |
|
| /// File Name: |
VULNDISCO_META_FREE.tar.gz |
Description:
|
This VulnDisco Packet for Metasploit 2.7 has the following zero day exploits: vd_ldapinfo.pm - [0day] Query info from LDAP server, vd_xlink.pm - [0day] Omni-NFS Enterprise remote exploit, vd_openldap.pm - [0day] OpenLDAP denial of service exploit.
| | Author: | Evgeny Legerov | | Homepage: | http://gleg.net/vulndisco_meta.shtml | | File Size: | 5894 | | Last Modified: | Nov 7 00:34:34 2006 |
| MD5 Checksum: | 0c437d90c742652c42b96c35d7c8fe64 |
|
| /// File Name: |
dlink_wifi_rates.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.
| | Author: | H D Moore, Matt Miller, Johnny Cache, LMH | | Homepage: | http://projects.info-pull.com/mokb/ | | File Size: | 5873 | | Last Modified: | Nov 14 02:56:53 2006 |
| MD5 Checksum: | a403e8304d2632dbf796bf0e140b69a9 |
|
| /// File Name: |
torrentflux22.txt |
Description:
|
TorrentFlux version 2.2 suffers from arbitrary file creation/deletion/overwrite as well as a command execution vulnerability.
| | Author: | r0ut3r | | File Size: | 5476 | | Last Modified: | Nov 16 11:24:00 2006 |
| MD5 Checksum: | 53b2a62fbfc3b3a2f1688e1646f3ace4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
