exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 136 RSS Feed

Files Date: 2005-04-17

maxthon_arbitrary_read-write.html.txt
Posted Apr 17, 2005
Authored by Aviv Raff | Site raffon.net

Maxthon arbitrary-file read/write exploit example.

tags | exploit, arbitrary
SHA-256 | 83e15a14c4ca1f73136d1a24e593806b928158a0e285203e908ede1f7670d146
maxthon_mulvulns.txt
Posted Apr 17, 2005
Authored by Aviv Raff | Site raffon.net

Maxthon (essentially a wrapper for Internet Explorer to allow tabbed browsing, plugins, etc.) can be exploited by a malicious website to read and write arbitrary local files on the machine running it.

tags | advisory, arbitrary, local
SHA-256 | 2ff28f0629769068a8a4d27d251a092c75a2951bd09734d553331d287e6d1042
punbb_email_sql_injection.txt
Posted Apr 17, 2005
Authored by exploits

PunBB forum software contains a vulnerability where SQL injection can be performed by first entering an email address containing exploitation data into the change_email function, and then redisplaying the email address. This is due to PunBB trusting data it gets from its own database.

tags | exploit, sql injection
SHA-256 | 5fd7b7dfa4f40fbb3979dda469c1018c6a5f5a970b23430b090c05f3a14e5f41
postnukeSQL.txt
Posted Apr 17, 2005
Authored by Diabolic Crab | Site hackerscenter.com

PostNuke 0.760-RC3 is susceptible to SQL injection and cross site scripting attacks.

tags | exploit, xss, sql injection
SHA-256 | 1980dd4e2e92bf4117657e6d579f8f7c916706f0ee78009ae756ab764277c296
issue_15_2005.pdf
Posted Apr 17, 2005
Authored by astalavista | Site astalavista.com

Astalavista Security Newsletter Issue 15 - The latest security events, trends, tools and resources, two articles - "P2P networks - unaware employees, security threats and your organization in between" and "Help, my boss is spying on me!" and an interview with Bruce from the DallasCon, http://www.dallascon.com/ event.

tags | web
SHA-256 | 5713702fa5289a535139efebd78a273de1a3e920fa464b2fac30aa62eaefd123
mac_osx_java_jre_deserialization.txt
Posted Apr 17, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.

tags | advisory, java, remote, denial of service
SHA-256 | 9240b9c36216337500ad4e6dfbbd857f177a6bbbc8ca8a2b74647cc9add4b812
phpBBupload.txt
Posted Apr 17, 2005
Authored by Status-x

The up.php script in phpBB 2.0.x allows malicious remote attackers to upload files and execute them with the permissions of the webserver uid.

tags | exploit, remote, php
SHA-256 | 0fab773d0a914d66e982e894e653b4e19ce9feddd6c3fa068f1bcec3d715f8ed
Gentoo Linux Security Advisory 200504-7
Posted Apr 17, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200504-07 - Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Versions less than 2.8.4-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-0706
SHA-256 | e77f6bcd49e79832caa4a3f457d50b11968012fc78aafbf32e7a331e44bc8fc3
opentextExec.txt
Posted Apr 17, 2005
Authored by dila

OpenText FirstClass 8.0 client allows for arbitrary file execution due to insufficient validation of user input.

tags | advisory, arbitrary
SHA-256 | b976296b2efced00f4ad9db88a892382c7216db64fc23218f491679d6f1c3929
mpsb05-02.txt
Posted Apr 17, 2005
Authored by Macromedia Security Zone | Site macromedia.com

ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class files, meaning that this basically provides access to sourcecode.

tags | advisory, java, web
SHA-256 | d7b1b3c859d12c04a0f3ca16ffb18db9f291e9677461b7c104d32ba9e93f52e3
SCOSA-2005.15.txt
Posted Apr 17, 2005
Site sco.com

SCO Security Advisory - A very long HOME environment variable will cause a buffer overflow in auditsh, atcronsh and termsh.

tags | advisory, overflow
advisories | CVE-2005-0351
SHA-256 | 5b698e7d22e61337025c621ff27bfe734078535ff5c5947c215f495febbabfc6
SCOSA-2005.18.txt
Posted Apr 17, 2005
Site sco.com

SCO Security Advisory - The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system.

tags | advisory, remote, denial of service, arbitrary, protocol
advisories | CVE-2004-0368
SHA-256 | 24bb6cc7c24a3053840cf6a4090a3bd2cd80da9b00448e52d83e306efef43c75
iDEFENSE Security Advisory 2005-04-07.2
Posted Apr 17, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could allow for the overwriting of arbitrary files, regardless of permissions. The vulnerability specifically exists in the way that gr_osview opens user specified files without dropping privileges. When a file is specified using the -s option, it will be opened regardless of permissions, and operating system usage information will be written into it.

tags | advisory, arbitrary, local
systems | irix
advisories | CVE-2005-0465
SHA-256 | 29a70daef98009d4fa1ecd712df21886a85b1073f4c94150aff6fcc84691906c
msn_plus_pass_bypass.txt
Posted Apr 17, 2005
Authored by m0fo

MSN Plus "locking" can be bypassed by changing the lock password. Changing the lock password does not require knowing the current lock password.

tags | advisory
SHA-256 | dd112afee2d90828080399022d95ebfc61f1b905029955c8a62aa850ef5dc9c5
iDEFENSE Security Advisory 2005-04-07.1
Posted Apr 17, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating System could allow for the disclosure of sensitive information such as the root user's password hash. The vulnerability specifically exists in the way that gr_osview opens user-specified description files without dropping privileges. When this is combined with the debug option, it is possible to dump a line from an arbitrary file, regardless of its protection.

tags | advisory, arbitrary, local, root, info disclosure
systems | irix
advisories | CVE-2005-0464
SHA-256 | 33fd95497c6279b174df0ba9d86a06c156ff31e8632e7ad7b59db900e31cdda0
PHPNuke76wl.txt
Posted Apr 17, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Web_Links module cXIb803.14.

tags | exploit, vulnerability, sql injection
SHA-256 | 60d72dd7277f7f18f9bc11e7c141afad2bbe83ef23916ed5d81d6bac84512910
PHPNuke76dl.txt
Posted Apr 17, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Downloads module cXIb803.13.

tags | exploit, vulnerability, sql injection
SHA-256 | edd182cbf088c1e3d61aad3bb195dc0aee217341ddd31ba25ce407e364dbf7e8
nokia_mms_gateway_vuln.txt
Posted Apr 17, 2005
Authored by miraclemaker_gsm

Nokia MMS "Terminal Gateway" software is vulnerable to a login-bypass issue where attackers can gain access to MMSs as long as they know the phone number to which the MMS was originally sent. Exploit URLs included in advisory.

tags | exploit
SHA-256 | e1f0ffaa814f6513033680b7df4ba3b31386d4650d33bd549da8e3d4c2eb6538
surgeftp22m1.txt
Posted Apr 17, 2005
Authored by Tan Chew Keong | Site security.org.sg

SurgeFTP is susceptible to a LEAK command denial of service vulnerability. Tested versions include SurgeFTP versions 2.2m1 and 2.2k3 Windows on English Win2K SP4, WinXP SP2.

tags | advisory, denial of service
systems | windows
SHA-256 | 870f7f9a0e500e8dfffd3386dd856ff95f0c6018ebb9e1b154f414caa090d494
linksys-WET11_pass-reset.txt
Posted Apr 17, 2005
Authored by Kristian Hermansen | Site ht-technology.com

The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not necessary to know the current password.

tags | exploit
systems | cisco
SHA-256 | 41a5685548d9372b766fdd212e2e121b1473c1fcba0c32e03733c9355f3cea6d
ftpNow2614.c
Posted Apr 17, 2005
Authored by ATmaCA, Kozan | Site netmagister.com

FTP Now version 2.6.14 local password disclosure exploit.

tags | exploit, local
SHA-256 | db4d5cd625c186f85857254d493858696e6c85cf751477950de385fcbead84ff
waraxe-2005-SA041.txt
Posted Apr 17, 2005
Authored by Janek Vind aka waraxe | Site waraxe.us

PHPNuke versions 6.x through 7.6 suffer from SQL injection flaws in their Top module.

tags | exploit, sql injection
SHA-256 | e501e135737e253eaa617b3dce6618ba24463fe19e53ff93b1759277eab29ea3
Secunia Security Advisory 14906
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Diabolic Crab has reported some vulnerabilities in RadBids Gold, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and potentially disclose sensitive information.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | a8d3a5905ec1c79ca746cfbfc488dd4bc32717bb3441105c9707c5c2c3e07d86
Secunia Security Advisory 14907
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | unixware
SHA-256 | ca7123ba0d173808e31ef5c7d0e94b819224307de4b2b3a1b7b6486e37836c45
Secunia Security Advisory 14918
Posted Apr 17, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aviv Raff has reported a vulnerability in Maxthon, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 5b4cf6d730cf7909ea4224dce7cd7fca1250ad03a1d6c1bb99edb412cd0f4ff6
Page 1 of 6
Back12345Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close