Proof of concept exploit for the Windows ANI File Parsing vulnerability that works against Microsoft Windows Server 2003, XP SP0/SP1, and all versions of Windows 2000.
91c664069aaf04eeb2fd8b56dc978ae1a85c97f8aebaa343b6a3a748475d770dGolden FTP server exploit that binds a shell on port 4444 after making use of a buffer overflow using RNTO.
9724f97a1ecada3be15f4742b07636f26e97c99aca03c918c47480b86a0c9e10This code calls a URL in the browser window but fails to update the address bar in Internet Explorer. It appears that the form submission is suspended with the interrupt of the 'window.alert' call.
5fa49406e32cc1f2292382225ac7d84a711606f41edf1a871c33e51865dd8cbcMPM Guestbook Pro remote exploit that performs arbitrary command execution and local file upload.
8fa4ecc8f4bf22735a4a28510742a044cea289c4ca55a8b239f9e934bbb92f54Proof of concept exploit for DivX player versions 2.6 and below that allow for arbitrary file overwriting via a flaw in handling skins.
528c24d73ee874822073440071c6461caba58ba67d803ce1718840bd7827fbffSiteman version 1.0.x is susceptible to administrative account injection due to a lack of variable sanitization.
e5a5bf492a4c40f297327f5f1d1daa9de444247c8372eae725e2f1b6c19ca055fkey version 0.0.2 local file accessibility exploit.
dfb6bbb2d3c62d255c655605b6d08045515378ba0ce5439df34cced8c6849b4aSTG Security Advisory: JSBoard versions 2.0.9 and below suffer from an input validation flaw that allows for arbitrary file reading.
04fa973bf4b6839924d1a72282fd12936c652ed1299fc3906090b148f9953989STG Security Advisory: GForge versions 3.3 and below are susceptible to directory traversal attacks.
8dc2e1f4564aa448435f8b3771a3642f05fd3c4d9e6cbbf1dbd81ef08a7da42aMac OSX versions 10.3.x with a Darwin Kernel equal to or below 7.7.0 are susceptible to a denial of service flaw that may allow for possible privilege escalation.
237a3224700bab126e3d93c2630bea4ae47220dea9a8923e14614ec3c58c12e9NodeManager Professional 2.00 buffer overflow exploit that binds a shell to port 2001.
d2760218e3f15342798e63cffabc4d5d0a5db7643df4ce807004ab02371da3e8The Netegrity SiteMinder smpwservicescgi.exe is susceptible to a remote data inclusion vulnerability that allows for phishing attacks.
ba2e8bce8ac6c15f997f1dbeffe9a186f5050292a7ea62b8f9c7ae2dde132eeeProof of concept local exploit for Exim version 4.41.
1a839bac6db247dda2ba272d3176761f8ca62bce03f16b97e11e0ac59b9bbd7cPeer2Mail Encrypt passdumper exploit version 1.0. Versions 1.4 and below are affected. Tested on Win XP SP2.
9e68cf5568109ed38a372ad93eb6b342c953163593ce9cb057b493fc49efe43cFlaws in Kazaa allow for arbitrary code execution and for remote execution of code.
54d24c88f2912b09d0b345f953c5e2770d0632927a44603c2da9fd28f2b664fcGallery 1.3.4 suffers from remote script inclusion and cross site scripting vulnerabilities.
36bc6482ca51b4b7350ffc8c1ee1e6a6bb416073b0a7a3a9c534cf7492035976The Netgear FVS318 version 2.4 router is susceptible to filter bypass when the URL is hex encoded and it also have a cross site scripting flaw.
e0429ec6f905a58deb753259af332c31bbfdea50bc29d36fff67ce55cbe545dcDirect access to administrative pages in SparkleBlog do not require any authentication. Additionally, is it susceptible to cross site scripting flaws.
40ed3e540124f66225b479f580198e60203fc9805df45f8f3044838e6f6f52b5Apache mod_auth_radius denial of service exploit that makes use of an integer overflow. All versions up to 1.5.4/1.5.7 are affected.
f7ff7f47f7ce5c52334025dc09ef1c15014686b6928c566e2615a001bbaf8e23Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
b05f72bd3493e1d0b8d1ee90794c20b56668c3916fe59f0c1ec9dedcf40e49feApple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
980e29b173e8a41638fcc56d3e43c65e0fadd1fe21f3843fda8f99b6a5c8e1ceMinis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
bc6ce20ca36bb68498535718c232cac09a37599b8dae319f5270eaad999cd7b2phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
ccab1b3b37dc00b2ce75e69c79399eccdef31a6d7916011f4463b9fbd94ccd62A cross site scripting vulnerability in Froogle allows for theft of the Google GMail cookie.
0179530cd2417889ba6e45be56a4de62e152084a405eb4c88b5500db98b06304Full version of the expand_stack SMP race proof of concept exploit that makes use of a locally exploitable flaw in the Linux page fault handler code.
145d1f9c198c773549d49a4c5ec104fe0cf2f1f1a0edb16986e3f10aa42ac5c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed