Section: .. / 0809-exploits /
| /// File Name: |
stash-bypass.txt |
Description:
|
Stash version 1.0.3 suffers from administrative bypass and file disclosure vulnerabilities via SQL injection.
| | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 2910 | | Last Modified: | Sep 9 17:06:16 2008 |
| MD5 Checksum: | 88cf8e15e59c0f2784fe598bab277560 |
|
| /// File Name: |
stash-cookie.txt |
Description:
|
Stash version 1.0.3 suffers from an insecure cookie handling vulnerability.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 347 | | Last Modified: | Sep 9 17:05:18 2008 |
| MD5 Checksum: | 9e0878c80166e3a24bda8aab89778d9f |
|
| /// File Name: |
talkback-lfidisclose.txt |
Description:
|
Talkback version 2.3.6 suffers from local file inclusion and phpinfo disclosure vulnerabilities.
| | Author: | SirGod | | Homepage: | http://www.mortal-team.com/ | | File Size: | 1119 | | Last Modified: | Sep 14 16:00:28 2008 |
| MD5 Checksum: | f5e55d9660a67de5f47defe27cbdd80c |
|
| /// File Name: |
technote-rfi.txt |
Description:
|
Technote 7 suffers from a remote file inclusion vulnerability.
| | Author: | webDEViL | | File Size: | 569 | | Last Modified: | Sep 17 14:59:54 2008 |
| MD5 Checksum: | 0f821a7ceef2cd1fe8a70fbde20792e6 |
|
| /// File Name: |
turba-xss.txt |
Description:
|
Horde and Turbo Contact Manager version H3 2.2.1 suffers from cross site scripting and remote java file inclusion vulnerabilities.
| | Author: | Ivan Sanchez | | Homepage: | http://www.nullcode.com.ar/ | | File Size: | 2114 | | Last Modified: | Sep 14 21:59:53 2008 |
| MD5 Checksum: | 3e8424f9bd1f5d4ffe1d8ba251266b8f |
|
| /// File Name: |
twiki-exec.txt |
Description:
|
TWiki versions 4.2.2 and below suffer from a remote code execution vulnerability.
| | Author: | webDEViL | | File Size: | 1183 | | Last Modified: | Sep 22 16:47:37 2008 |
| MD5 Checksum: | 28897e2a05c3f3393a86ef2e20aca504 |
|
| /// File Name: |
ultimatewebboard-sql.txt |
Description:
|
Ultimate Webboard version 3.00 suffers from a remote SQL injection vulnerability.
| | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 1727 | | Last Modified: | Sep 26 18:09:39 2008 |
| MD5 Checksum: | 09c1e006f722fc0601f331d2741d0765 |
|
| /// File Name: |
unreal-1.3-dirtrav.txt |
Description:
|
Unreal Tournament v1.3 (build 3601 and 3614) suffer from a directory traversal in the web interface.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | File Size: | 3945 | | Last Modified: | Sep 21 19:39:52 2008 |
| MD5 Checksum: | 4dd4324fabecd7792e99f4d68fc11771 |
|
| /// File Name: |
unrealclient.tgz |
Description:
|
The Unreal engine is affected by some format string vulnerabilities which can be exploited by a malicious server when the victim client connects to it. The main format string can be exploited through a malformed CLASS parameter of the DLMGR command but another one seems to be exploitable through the forcing of the download of a malformed package (PKG). Some older games instead can be exploited through a malformed LEVEL parameter of the WELCOME command. The bug is caused by the calling of _vsnwprintf_s or _vsnwprintf for building an error message to visualize to the user (for example for a missing class) using a max size of 4 kilobytes and, naturally, without passing the needed format argument. All related exploit code is included in this tarball.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 15491 | | Last Modified: | Sep 11 19:39:09 2008 |
| MD5 Checksum: | 1a35fc9bde26ced2c7290a08d0e85a7d |
|
| /// File Name: |
unrealfp.zip |
Description:
|
Server shutdown exploit for Unreal Engine which suffers from a failed assertion vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related File: | unrealfp.txt | | File Size: | 25181 | | Last Modified: | Sep 16 18:03:20 2008 |
| MD5 Checksum: | a4765d152d1fbc578a2f05704063a425 |
|
| /// File Name: |
uploader6-xss.txt |
Description:
|
Uploader version 6.1 suffers from a cross site scripting vulnerability.
| | Homepage: | http://www.xc0re.net/ | | File Size: | 444 | | Last Modified: | Sep 3 17:16:10 2008 |
| MD5 Checksum: | d3868d8d336ff7a3919446693fca6528 |
|
| /// File Name: |
ut3sticle.zip |
Description:
|
Unreal engine 3 remote denial of service exploit that leverages a failed memory allocation vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related File: | ut3sticle.txt | | File Size: | 14224 | | Last Modified: | Sep 11 19:36:57 2008 |
| MD5 Checksum: | fd70cb504803f93b8541d7f472ab6239 |
|
| /// File Name: |
vastal-itechagent.txt |
Description:
|
Vastal I-Tech Agent suffers from a remote SQL injection vulnerability in view_ann.php.
| | Author: | DeViL iRaQ | | File Size: | 1042 | | Last Modified: | Sep 5 16:59:21 2008 |
| MD5 Checksum: | 203db934b67f329683f1b32d137acd90 |
|
| /// File Name: |
vastal-itechcosmetics.txt |
Description:
|
Vastal I-Tech Cosmetics Zone suffers from a remote SQL injection vulnerability in view_products_cat.php.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 813 | | Last Modified: | Sep 5 17:05:59 2008 |
| MD5 Checksum: | 53f1f2c243e4ca3a7465b7b878af6fb0 |
|
| /// File Name: |
vastal-itechdvd.txt |
Description:
|
Vastal I-Tech DVD Zone suffers from a remote SQL injection vulnerability in view_mags.php.
| | Author: | DeViL iRaQ | | File Size: | 998 | | Last Modified: | Sep 5 17:02:17 2008 |
| MD5 Checksum: | 73ed791b817b619b2cae65f5f935670c |
|
| /// File Name: |
vastal-itechfreelance.txt |
Description:
|
Vastal I-Tech Freelance Zone suffers from a remote SQL injection vulnerability in view_cresume.php.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 661 | | Last Modified: | Sep 5 17:05:16 2008 |
| MD5 Checksum: | c3050b70a64f3f3524fe720b1fcb64bb |
|
| /// File Name: |
vastal-itechjobs.txt |
Description:
|
Vastal I-Tech Jobs Zone suffers from a remote SQL injection vulnerability in view_news.php.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 874 | | Last Modified: | Sep 5 17:03:13 2008 |
| MD5 Checksum: | d35dde70aa37844953a819214d29ff30 |
|
| /// File Name: |
vastal-itechmag.txt |
Description:
|
Vastal I-Tech Mag Zone suffers from a remote SQL injection vulnerability in view_mags.php.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 634 | | Last Modified: | Sep 5 17:04:33 2008 |
| MD5 Checksum: | ad03d5c61ab7b1764882d04f31a007f1 |
|
| /// File Name: |
vastal-itechmmorpg.txt |
Description:
|
Vastal I-Tech MMORPG Zone suffers from a remote SQL injection vulnerability.
| | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 837 | | Last Modified: | Sep 5 17:03:54 2008 |
| MD5 Checksum: | e6fafb94727361eb4327476c1ad5f121 |
|
| /// File Name: |
vastal-itechshaadi.txt |
Description:
|
Vastal I-Tech Shaadi Zone version 1.0.9 suffers from a remote SQL injection vulnerability.
| | Author: | e.wiZz! | | File Size: | 1131 | | Last Modified: | Sep 5 16:57:14 2008 |
| MD5 Checksum: | 5c3407bfee59b9dd58df36985f120ff1 |
|
| /// File Name: |
vastal-itechshare.txt |
Description:
|
Vastal I-Tech Share Zone suffers from a remote SQL injection vulnerability in view_news.php.
| | Author: | DeViL iRaQ | | File Size: | 1029 | | Last Modified: | Sep 5 17:01:37 2008 |
| MD5 Checksum: | b07083700994fa807623dffce0aac446 |
|
| /// File Name: |
vastal-itechtoner.txt |
Description:
|
Vastal I-Tech Toner Cart suffers from a remote SQL injection vulnerability in show_series_ink.php.
| | Author: | DeViL iRaQ | | File Size: | 1094 | | Last Modified: | Sep 5 17:00:50 2008 |
| MD5 Checksum: | 6ee1cf0afc26370d06b22ba62dcd7156 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
