what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files from l0om

Email addressinnate at gmx.de
First Active2003-10-21
Last Active2015-02-14
Cosmoshop Cross Site Scripting
Posted Feb 14, 2015
Authored by l0om

Cosmoshop suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a5e674c472acb0da22de2b4fe8eb6999aaedf57bf00a44f5c67812ad8a330b1
Cosmoshop pwd.cgi htaccess Creation
Posted Mar 15, 2014
Authored by l0om

Cosmoshop suffers from having an unrestricted pwd.cgi script that allows for arbitrary creation of an htaccess file that can be leveraged to block access or perform phishing attacks.

tags | exploit, arbitrary, cgi
SHA-256 | 53f0f39b47e349790d4106dadcb4f94299cf242f14f2206dfedf4903924e2e8a
CosmoShop ePRO 10.17.00 Authentication Bypass
Posted Feb 26, 2014
Authored by l0om

CosmoShop ePRO version 10.17.00 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 9ca82553e2a91b39a4615aa811e754f8bc091c8b5bfe3f6def05090e26d88f4c
Reverberation UDP Echo Denial Of Service Tool
Posted Mar 9, 2010
Authored by l0om | Site excluded.org

Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers.

tags | denial of service, udp, proof of concept
SHA-256 | 14699b1e6d5e32f01ee4e0376b52b221fce84d7267f7896bf740da0191cc46ba
Hippolyte Inactive Account Hijacker
Posted Sep 30, 2009
Authored by l0om | Site excluded.org

Hippolyte is a shell script that automates the checking of inactive account hijacking possibilities for accounts that may be used elsewhere for access (ie. Amazon, etc).

tags | shell, cracker
SHA-256 | 1c0cc2c62ba866eb985107f9934f171a08c1a9c308b03ebae41c7f1d8555a69e
date_me.c
Posted Jan 6, 2008
Authored by l0om | Site excluded.org

This code searches for Google Calendar accounts which exist and are not password protected.

tags | tool, scanner
systems | unix
SHA-256 | 3151bb236822f342ed070d2d4b6ddae739cbb33cf4ba0c9777a56abb9f7bb51b
gool-alpha.tar.gz
Posted Aug 8, 2007
Authored by l0om | Site excluded.org

C library written to implement the functionality of Google queries into C related projects.

tags | library
SHA-256 | 135efb82700e7d3117b9caeffbc267fd572f84133cfe5a370c23d799c910c8da
cosmoshop.txt
Posted May 22, 2006
Authored by l0om | Site excluded.org

Cosmoshop versions 8.11.106 and below suffer from SQL injection and directory traversal flaws.

tags | exploit, sql injection
SHA-256 | 8b27208612e77657b4af85607e71e76051898f89a6acde4b8fb317e982698949
guestbook06.txt
Posted Feb 25, 2006
Authored by l0om | Site excluded.org

Login - Guestbox version 0.6 suffers from cross site scripting and administrative bypass flaws.

tags | exploit, xss
SHA-256 | e7678dce241a98b21a240835ec53db5b588aaa2c1116c60056d1f0f6406a043e
DWL-G700AP.txt
Posted Feb 20, 2006
Authored by l0om | Site excluded.org

It is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.

tags | advisory, web
SHA-256 | b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19be
cosmoshop81078.txt
Posted Aug 31, 2005
Authored by l0om | Site excluded.org

Cosmoshop versions 8.10.78 and below suffer from SQL injection flaws, clear text passwords, and directory traversal flaws.

tags | exploit, sql injection
SHA-256 | 7afc580e4915d241635c89dec9a0e70603c257327ef5b3095f6601a40f25460b
icb.c
Posted Apr 18, 2005
Authored by l0om | Site excluded.org

icb was written to inject a small logical bomb in elf files without resizing sections of the file itself.

tags | denial of service
SHA-256 | 61287a1c4dface850c210335f648bd0a3137e0eb906f483141ebcb8d3f9c98af
dwcSQL.txt
Posted Oct 27, 2004
Authored by l0om | Site excluded.org

dwc_articles versions 1.6 and below suffer from various SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 868b0d709c04337ab6679a6750c0c3949932eafe1e106b3ce4937e990b0ec271
lgool.c
Posted Oct 24, 2004
Authored by l0om

Lgool is a program that will search Google for a given vulnerability. It does the exact same thing you could do by going to Google and searching for nasty stuff like passwd.cfg, but without all the trouble of actually opening a web browser. It operates in a way that is similar to "gooscan" (written by johnny and presented at defcon this year).

tags | web
systems | unix
SHA-256 | fc84bedf31be38ae83ff3d535b74ab23de27f74cc69a13e4347fc8c5f24bbf9e
serverviewInsecure.txt
Posted Sep 10, 2004
Authored by l0om | Site excluded.org

The Serverview server management product is susceptible to multiple denial of service and data corruption attacks due to insecure file permissions.

tags | advisory, denial of service
SHA-256 | 108fcccc833eb5fcd6c72e00dec99910326570a898687b5d0d5fcb0084408a96
advisory13.txt
Posted May 19, 2004
Authored by l0om | Site excluded.org

osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.

tags | exploit
SHA-256 | 3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136
ftpgrep.c
Posted May 13, 2004
Authored by l0om | Site excluded.org

ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.

tags | exploit, remote
SHA-256 | 3464aef370394a488838a73ebe145b21b8ec9a413fa217fe3f91b965c6cd0a8a
suse-yast.txt
Posted Apr 5, 2004
Authored by l0om | Site excluded.org

Possible symlink attack in SuSe's Yast Online Update tool.

tags | advisory
systems | linux, suse
SHA-256 | fa5ad54174d9f2e28e10a089d616b0f4ebc3a38a0f1b21434805e9abf2d6c5a7
clamVE.txt
Posted Mar 30, 2004
Authored by l0om | Site excluded.org

Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().

tags | advisory
SHA-256 | c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853b
eTrust60.txt
Posted Feb 9, 2004
Authored by l0om

eTrust Virus Protection 6.0 InoculateIT for Linux is vulnerable to various symlink attacks and also creates multiple world writeable files and directories that can lead to system compromise.

tags | advisory, virus
systems | linux
SHA-256 | 8b163eb967dcd0f8561591434297e9b857a280d9af0cc48874c8eca5debb3f11
suse90symlinks.txt
Posted Jan 20, 2004
Authored by l0om

Various init related script in SuSE 9.0 are susceptible to symlink attacks.

tags | advisory
systems | linux, suse
SHA-256 | 558fe9c77b84013499f18e08a176fcedcda8445c9e6304fead1629d649ed6cc9
networker60.txt
Posted Jan 19, 2004
Authored by l0om

A plausible symlink attack exists in networker version 6.0 in the shutdown script.

tags | advisory
SHA-256 | f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019
susegnome.txt
Posted Jan 14, 2004
Authored by l0om | Site excluded.org

Local exploit that makes use of a symlink vulnerability in YaST when using SuSEconfig.gnome-filesystem.

tags | exploit, local
SHA-256 | b52db200e1ea04d1dd8b34e13eb95b40a438eeed156071a65829e4a699a709a6
antivir.c
Posted Jan 14, 2004
Authored by l0om | Site excluded.org

Local exploit that makes use of a symlink vulnerability that lies in Antivir for Linux version 2.0.9-9.

tags | exploit, local
systems | linux
SHA-256 | 16c3a212203098718f24a83489734c130a494f00fe79ca71a4e1ce777906a39d
lotus602linux.txt
Posted Jan 8, 2004
Authored by l0om | Site excluded.org

Lotus Notes version 6.0.2 on Linux installs with faulty permissions on its notes.ini file which would allow local attackers to compromise the system.

tags | advisory, local
systems | linux
SHA-256 | 99641299508cfd2408eb78d99c4ead40d71cad304a5188181956419b494672ec
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close