Freewebscript'z Games suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cb00d6a859a801505061a93c3316cdc487e7d6b394b24e24985318f0c58b7d7d
Mega ADS Portal suffers from a remote SQL injection vulnerability.
828a6da7266dc786e1ba03e17faa0525af05a251ecd27cb5c2903e114a18bc58
Multi Forums version 1.3.3 suffers from a cross site scripting vulnerability.
368feb843178cc35eebc426571293814e8660f62c113d4cb5dbcef87026853a1
Photokorn version 1.542 suffers from remote file inclusion, cross site scripting, and phpinfo() disclosure vulnerabilities.
b2ff584151777ed496942ef3f4165c0af2163d1c9db7eb647ab020eb0ab07e31
PhotoPost Classifieds version 1.8.2 suffers from a remote shell upload vulnerability.
04c6e394c3b9f7e02c8079df4b6ffa68c841e9857f09737cd2cfbca70b2350cd
Myiosoft EasyGallery suffers from a remote blind SQL injection vulnerability.
358f778762315f4d5c74e75250ec43f5683dcced9d6a331f8a3a4e0b637281df
Invision Power Board version 2.0.4 suffers from a backup related vulnerability.
0263ee369a2a93e6df7d80a5c5397b08dc09ae4a0109bffb8037fc2e4e42d838
Drupal versions 6.16 and below and 5.21 and below suffer from a remote denial of service vulnerability.
c7f874edbb712fa7d24e6b39e5024b3b97399ad830a90db59b0f6b7cba768c16
PHP-MySQL-Quiz suffers from a remote SQL injection vulnerability.
c27253ca329fd9d8a8b0b4ce1687817837e43bcb85b304e3ef6bb4417b04b8e1
PHP-Addressbook version 3.1.5 suffers from a remote SQL injection vulnerability.
0738824ddf410124ee6971b76a5e80b334e71b789daaf3d636dc512355d84d3b
VLC version 1.0.3 denial of service exploit.
213356a319c4db549adb0bf1a20149cad69e850a43384a4fff432e416b38b7a9
Wordpress versions 2.9 and below denial of service exploit.
f8f7a6795bf3ca1cb3ea6ebd59de9d440aaa1486164c17dc0a4427fd106668f1
SimplePlayer version 0.2 .wav buffer overflow denial of service exploit.
e9e9ae6dae03880d9715e56b48b45867bf0abd09115cf7f6bf46a41d4be84b42
bbScript versions 1.1.2.1 and below remote blind SQL injection exploit.
61db6325085167ae316f968ee29f6bc6a2393a63eca2b9cee1055b7493246a14
Joomla Core versions 1.5.x and below suffer from a denial of service vulnerability.
58dc436c16c1eb981342b4ae77b1673dcc0fce85b750f8c72e77727f0eb5fd19
Google Chrome version 3.0195.38 suffers from a simple status bar obfuscation vulnerability.
907974c8c020e825fe65dbb2218883d43459edf90e748b1c1c6152c4952d3804
Apollo Player version 37.0.0.0 .aap buffer overflow denial of service exploit.
713172aff050fc702ff9827082d851b387d365f69b7b64ccb6729ba62a41ee85
This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.
eb9a55064f6e381a97138b188135a0635600efe4ead2bdf62f7751369e16a37e
This Metasploit module exploits a buffer overflow in Computer Associates BrighStor ARCserve r11.5 (build 3884). By sending a specially crafted RPC request to opcode 0x342, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need set the hostname argument (HNAME).
25561774611f62f76340df5f53273f88999603ab3128927abfd951eddc17dd28
This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart.
3d12be67beff922e63d2ba3c7af87796dc724d566da3472bbc068cb1c51b523b
This Metasploit module exploits a stack-based buffer overflow in HP Application Recovery Manager OmniInet daemon. By sending a specially crafted MSG_PROTOCOL packet, a remote attacker may be able to execute arbitrary code.
bb3140caff7cdc64edf4b36ae5ea23db6db25dcb500491fe2b403cad680d6697
This Metasploit module exploits a buffer overflow in the Eureka Email 2.2q client that is triggered through an excessively long ERR message. NOTE: this exploit isn't very reliable. Unfortunately reaching the vulnerable code can only be done when manually checking mail (Ctrl-M). Checking at startup will not reach the code targeted here.
03aa5d1fb353fd0b0a186d111853941e220644c617f4997fc853286c33067088
This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart.
8a10ef51f9a242610ead82abda18b323770c190feb98597aba24f56a8407f14a
This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.
1a3eb49398ce9b0ab57cd1e8f8fcef3eb6dad5ad3499db7694e64b4fa58552a2
This Metasploit module exploits a stack overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify a the name of a valid Windows DOMAIN. It may be possible to satisfy this condition by using a custom dns and ldap setup, however that method is not covered here. Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator credentials are required to reach the vulnerable code. Windows XP SP1 only requires valid user credentials. Also, testing shows that a machine already joined to a domain is not exploitable.
ea9293c701b97bcc0c680f787edd7ae46789120c6798479e817b203688e6abb8