Exploit the possiblities
Showing 1 - 25 of 136 RSS Feed

Files Date: 2005-04-17

maxthon_arbitrary_read-write.html.txt
Posted Apr 17, 2005
Authored by Aviv Raff | Site raffon.net

Maxthon arbitrary-file read/write exploit example.

tags | exploit, arbitrary
MD5 | 1fdbca010994cb0c6184e491b57ca2bf
maxthon_mulvulns.txt
Posted Apr 17, 2005
Authored by Aviv Raff | Site raffon.net

Maxthon (essentially a wrapper for Internet Explorer to allow tabbed browsing, plugins, etc.) can be exploited by a malicious website to read and write arbitrary local files on the machine running it.

tags | advisory, arbitrary, local
MD5 | 910d7b7a8275192114e1108f4451daf9
punbb_email_sql_injection.txt
Posted Apr 17, 2005
Authored by exploits

PunBB forum software contains a vulnerability where SQL injection can be performed by first entering an email address containing exploitation data into the change_email function, and then redisplaying the email address. This is due to PunBB trusting data it gets from its own database.

tags | exploit, sql injection
MD5 | b242610ce1957b5f242867f87a20589a
postnukeSQL.txt
Posted Apr 17, 2005
Authored by Diabolic Crab | Site hackerscenter.com

PostNuke 0.760-RC3 is susceptible to SQL injection and cross site scripting attacks.

tags | exploit, xss, sql injection
MD5 | 6a24eee0397120aaec68754f40024eb9
issue_15_2005.pdf
Posted Apr 17, 2005
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter Issue 15 - The latest security events, trends, tools and resources, two articles - "P2P networks - unaware employees, security threats and your organization in between" and "Help, my boss is spying on me!" and an interview with Bruce from the DallasCon, http://www.dallascon.com/ event.

tags | web
MD5 | f786c2d4a94d6d59d81341f1b6105e5c
mac_osx_java_jre_deserialization.txt
Posted Apr 17, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.

tags | advisory, java, remote, denial of service
MD5 | c00a95239d9949a40ef993dca9a12842
phpBBupload.txt
Posted Apr 17, 2005
Authored by Status-x

The up.php script in phpBB 2.0.x allows malicious remote attackers to upload files and execute them with the permissions of the webserver uid.

tags | exploit, remote, php
MD5 | 78c28129d09b1486d7655ac6c6719ad0
Gentoo Linux Security Advisory 200504-7
Posted Apr 17, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200504-07 - Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Versions less than 2.8.4-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-0706
MD5 | 6d820dd3598bfcf7a6c8c85b70265c79
opentextExec.txt
Posted Apr 17, 2005
Authored by dila

OpenText FirstClass 8.0 client allows for arbitrary file execution due to insufficient validation of user input.

tags | advisory, arbitrary
MD5 | 86cbb64ecbaea880f9284733c9b5ccdb
mpsb05-02.txt
Posted Apr 17, 2005
Authored by Macromedia Security Zone | Site macromedia.com

ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class files, meaning that this basically provides access to sourcecode.

tags | advisory, java, web
MD5 | 6cc80800293828d76154f7e8b7dc5c09
SCOSA-2005.15.txt
Posted Apr 17, 2005
Site sco.com

SCO Security Advisory - A very long HOME environment variable will cause a buffer overflow in auditsh, atcronsh and termsh.

tags | advisory, overflow
advisories | CVE-2005-0351
MD5 | e13b1aec94e6787f2df047eda56e4f4f
SCOSA-2005.18.txt
Posted Apr 17, 2005
Site sco.com

SCO Security Advisory - The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system.

tags | advisory, remote, denial of service, arbitrary, protocol
advisories | CVE-2004-0368
MD5 | 6b9786c83a6253edcaab88d709d9d324
iDEFENSE Security Advisory 2005-04-07.2
Posted Apr 17, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could allow for the overwriting of arbitrary files, regardless of permissions. The vulnerability specifically exists in the way that gr_osview opens user specified files without dropping privileges. When a file is specified using the -s option, it will be opened regardless of permissions, and operating system usage information will be written into it.

tags | advisory, arbitrary, local
systems | irix
advisories | CVE-2005-0465
MD5 | 2ade3a565b4f88b059495fd55d72ad72
msn_plus_pass_bypass.txt
Posted Apr 17, 2005
Authored by m0fo

MSN Plus "locking" can be bypassed by changing the lock password. Changing the lock password does not require knowing the current lock password.

tags | advisory
MD5 | 8deb2b609543787b524c5382d0da9d30
iDEFENSE Security Advisory 2005-04-07.1
Posted Apr 17, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating System could allow for the disclosure of sensitive information such as the root user's password hash. The vulnerability specifically exists in the way that gr_osview opens user-specified description files without dropping privileges. When this is combined with the debug option, it is possible to dump a line from an arbitrary file, regardless of its protection.

tags | advisory, arbitrary, local, root, info disclosure
systems | irix
advisories | CVE-2005-0464
MD5 | 9cc19ad2bed67e14448de3c36652635b
PHPNuke76wl.txt
Posted Apr 17, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Web_Links module cXIb803.14.

tags | exploit, vulnerability, sql injection
MD5 | bdd5e09df50584c825c0b69ff51bf2b1
PHPNuke76dl.txt
Posted Apr 17, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Downloads module cXIb803.13.

tags | exploit, vulnerability, sql injection
MD5 | 1a31c1ff7481ec1ed97041607bee43c4
nokia_mms_gateway_vuln.txt
Posted Apr 17, 2005
Authored by miraclemaker_gsm

Nokia MMS "Terminal Gateway" software is vulnerable to a login-bypass issue where attackers can gain access to MMSs as long as they know the phone number to which the MMS was originally sent. Exploit URLs included in advisory.

tags | exploit
MD5 | f819d25aec2f7facb4307ba1dee3c29f
surgeftp22m1.txt
Posted Apr 17, 2005
Authored by Tan Chew Keong | Site security.org.sg

SurgeFTP is susceptible to a LEAK command denial of service vulnerability. Tested versions include SurgeFTP versions 2.2m1 and 2.2k3 Windows on English Win2K SP4, WinXP SP2.

tags | advisory, denial of service
systems | windows, 2k, xp
MD5 | 7bb529e540b8dc98039c4afac54c2578
linksys-WET11_pass-reset.txt
Posted Apr 17, 2005
Authored by Kristian Hermansen | Site ht-technology.com

The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not necessary to know the current password.

tags | exploit
systems | cisco
MD5 | 6ca7f7cad061edc47ba030dc887e3176
ftpNow2614.c
Posted Apr 17, 2005
Authored by ATmaCA, Kozan | Site netmagister.com

FTP Now version 2.6.14 local password disclosure exploit.

tags | exploit, local
MD5 | 58bb4e5a94f38ef9db492636e6130f7a
waraxe-2005-SA041.txt
Posted Apr 17, 2005
Authored by Janek Vind aka waraxe | Site waraxe.us

PHPNuke versions 6.x through 7.6 suffer from SQL injection flaws in their Top module.

tags | exploit, sql injection
MD5 | 182956494bfaabfc5e8040492d369843
Secunia Security Advisory 14906
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Diabolic Crab has reported some vulnerabilities in RadBids Gold, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and potentially disclose sensitive information.

tags | advisory, vulnerability, xss, sql injection
MD5 | 23d0c0607e4a04b5ca69150744bcba9d
Secunia Security Advisory 14907
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | unixware
MD5 | 20eb299ad9f34a4a4acd0c740afbde99
Secunia Security Advisory 14918
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aviv Raff has reported a vulnerability in Maxthon, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | c108339bd7f62d070f7a29962db3ec30
Page 1 of 6
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close