Showing 1 - 7 of 7

Files Date: 2003-11-17

rush13.txt: Posted Nov 17, 2003; Authored by idtwolf | Site rsteam.ru; Rolis Guestbook version 1.0 is susceptible to php injection cross site scripting attacks.; tags | exploit, php, xss; SHA-256 | 79e815ebb7be676e76426a0e17297e327cf6c44d0c6d1dacc79e8088de2b8dc8; Download | Favorite | View

rush12.txt: Posted Nov 17, 2003; Authored by idtwolf | Site rsteam.ru; phpWebFileManager version 2.0.0 is susceptible to a directory traversal attack due to a lack of input validation.; tags | exploit; SHA-256 | 11a43dc0602f1582c83e6543b3980c8c54dc65ad457fb56add731e8860a3b758; Download | Favorite | View

netserve107.txt: Posted Nov 17, 2003; Authored by nimber | Site nimber.plux.ru; NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.; tags | exploit, remote; systems | windows; SHA-256 | 852c4463ccb97a58ecaf9041db4c846ee003660cb27e1d5da9855d1d9bf1cbe7; Download | Favorite | View

pserv.c: Posted Nov 17, 2003; Authored by jsk; pServ 2.0.x Beta webserver remote exploit that makes use of the User-Agent HTTP Header buffer overflow.; tags | exploit, remote, web, overflow; SHA-256 | 5c7a46786ee5ec0c5d78688145e1527fbd30b89d6df3a01b81f5ebb54be1a36d; Download | Favorite | View

Atstake Security Advisory 03-11-17.2: Posted Nov 17, 2003; Authored by Atstake, Ollie Whitehouse | Site atstake.com; Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.; tags | advisory, remote, web, overflow; advisories | CVE-2003-0940, CVE-2003-0941, CVE-2003-0942, CVE-2003-0943, CVE-2003-0944, CVE-2003-0945; SHA-256 | cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bd; Download | Favorite | View

Atstake Security Advisory 03-11-17.1: Posted Nov 17, 2003; Authored by Atstake, Ollie Whitehouse, Dino Dai Zovi | Site atstake.com; Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.; tags | advisory, remote, overflow, local, tcp; advisories | CVE-2003-0938, CVE-2003-0939; SHA-256 | 3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125b; Download | Favorite | View

fp30reg.c: Posted Nov 17, 2003; Authored by Adik | Site netninja.to.kg; Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.; tags | exploit, remote, shell, tcp; systems | windows; SHA-256 | 0525c03ba09b7ba2b7fdb64cf62b8da14bba89c6449b6742c2eab4d12dda2e59; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days