Section: .. / 1001-exploits /
| /// File Name: |
trendmicrowd-activex.txt |
Description:
|
TrendMicro Web-Deployment Active-X remote execution proof of concept exploit.
| | Author: | superli | | File Size: | 5961493 | | Last Modified: | Jan 18 01:48:45 2010 |
| MD5 Checksum: | 83582d2b6cc0c3bc07c7e29d32265fc3 |
|
| /// File Name: |
1001-exploits.tgz |
Description:
|
This archive contains all of the 517 exploits added to Packet Storm in January, 2010.
| | Homepage: | http://packetstormsecurity.org/ | | File Size: | 1544746 | | Last Modified: | Feb 4 00:45:43 2010 |
| MD5 Checksum: | 7b95540b80dd588d186922b6943bce5e |
|
| /// File Name: |
BusinessObj.pdf |
Description:
|
SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.
| | Author: | Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 333255 | | Last Modified: | Jan 27 13:57:44 2010 |
| MD5 Checksum: | b8ff415b2162a6d51559dbe082d71238 |
|
| /// File Name: |
adobe-activex.txt |
Description:
|
Adobe GetPlus get_atlcom Active-X remote execution proof of concept exploit.
| | Author: | superli | | File Size: | 329102 | | Last Modified: | Jan 18 01:45:59 2010 |
| MD5 Checksum: | f7aae43179790a553b5767466d9cd156 |
|
| /// File Name: |
KiTrap0D.zip |
Description:
|
Microsoft Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0 exploit.
| | Author: | Tavis Ormandy | | Related Exploit: | mswinnt-pwn.txt | | File Size: | 327475 | | Related CVE(s): | CVE-2010-0232 | | Last Modified: | Jan 20 19:12:04 2010 |
| MD5 Checksum: | 5c83e900aa45b2181ae0595a6c90eef6 |
|
| /// File Name: |
CYBSEC-FreePBXdisclose.pdf |
Description:
|
CYBSEC Security Advisory - FreePBX 2.5.x suffers from an administrator password disclosure vulnerability.
| | Author: | Ivan Huertas | | Homepage: | http://www.cybsec.com/ | | File Size: | 101416 | | Last Modified: | Jan 19 20:27:44 2010 |
| MD5 Checksum: | 31faa220f5de1185e390d5817479cc7a |
|
| /// File Name: |
blackboxes.pdf |
Description:
|
This is a brief whitepaper discussing how to own Blackboxes (typical broadband routers such as SB5120s, SMC Connect, D-Link dcm-202s, Toshiba PCX2600s, and a handful of RCA and Linksys modems).
| | Author: | ShadowHatesYou | | File Size: | 59190 | | Last Modified: | Jan 19 20:50:46 2010 |
| MD5 Checksum: | 24a0d7f9eb060591cb7b32f48b8ea9fe |
|
| /// File Name: |
CYBSEC-FreePBXXSS.pdf |
Description:
|
CYBSEC Security Advisory - FreePBX versions 2.5.x and 2.6.0 suffer from a cross site scripting vulnerability.
| | Author: | Ivan Huertas | | Homepage: | http://www.cybsec.com/ | | File Size: | 57390 | | Last Modified: | Jan 19 20:43:48 2010 |
| MD5 Checksum: | b43ef03d6406d43f7306b895b7506013 |
|
| /// File Name: |
xunlei-activex.txt |
Description:
|
Xunlei XPPlayer ActiveX related remote execution proof of concept exploit.
| | Author: | superli | | File Size: | 51613 | | Last Modified: | Jan 18 01:59:19 2010 |
| MD5 Checksum: | 7f5e49a3cea9a15a43b5183008a66b8f |
|
| /// File Name: |
uusee-poc.zip |
Description:
|
UUSee ReliPlayer 2008 Active-X remote execution proof of concept exploit.
| | Author: | superli | | File Size: | 44104 | | Last Modified: | Jan 8 20:28:14 2010 |
| MD5 Checksum: | 49aa8ed5fc4374c1a0de0f764dfb147b |
|
| /// File Name: |
sop-poc.zip |
Description:
|
SopCast SopCore Active-X Control remote execution proof of concept exploit.
| | Author: | superli | | File Size: | 44100 | | Last Modified: | Jan 8 20:17:28 2010 |
| MD5 Checksum: | 36058b82b3b45c75237ee9588cb55c3b |
|
| /// File Name: |
CYBSEC-FreePBXsql.pdf |
Description:
|
CYBSEC Security Advisory - FreePBX version 2.5.1 suffers from a remote SQL injection vulnerability.
| | Author: | Ivan Huertas | | Homepage: | http://www.cybsec.com/ | | File Size: | 39766 | | Last Modified: | Jan 19 22:16:39 2010 |
| MD5 Checksum: | 0a874444640c3ffb708b63966806c3a5 |
|
| /// File Name: |
Sony_Ericsson.rar |
Description:
|
Proof of concept denial of service exploit for the total multimedia features in Sony Ericsson phones.
| | Author: | Aodrulez | | File Size: | 28472 | | Last Modified: | Jan 6 22:50:17 2010 |
| MD5 Checksum: | 5d803a5f828ba1bec3506c0dd0f9b46b |
|
| /// File Name: |
log-inject.txt |
Description:
|
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.
| | Author: | Alessandro Tanasi,Francesco Ongaro,Giovanni Pellerano | | Homepage: | http://www.ush.it/ | | File Size: | 17845 | | Related CVE(s): | CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496 | | Last Modified: | Jan 11 17:57:19 2010 |
| MD5 Checksum: | e961c5ac151346754ab8fe4a54fa6e8a |
|
| /// File Name: |
htmldoc-overflow.c |
Description:
|
HTMLDOC version 1.9.x-r1629 local .html buffer overflow exploit for Win32.
| | Author: | fl0 fl0w | | File Size: | 17117 | | Last Modified: | Jan 11 17:27:38 2010 |
| MD5 Checksum: | 9baf734bdf96474f4f1ad797a4bd10b5 |
|
| /// File Name: |
ms09_004_sp_replwritetovarbin.rb.tx..> |
Description:
|
A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. This exploit smashes several pointers, as shown below. 1. pointer to a 32-bit value that is set to 0 2. pointer to a 32-bit value that is set to a length influenced by the buffer length. 3. pointer to a 32-bit value that is used as a vtable pointer. In MSSQL 2000, this value is referenced with a displacement of 0x38. For MSSQL 2005, the displacement is 0x10. The address of our buffer is conveniently stored in ecx when this instruction is executed. 4. On MSSQL 2005, an additional vtable ptr is smashed, which is referenced with a displacement of 4. This pointer is not used by this exploit. There are two different methods used by this exploit, which have been named "writeNcall" and "sprayNbrute". The first, "writeNcall", was published by k`sOSe on Dec 17 2008. It uses pointers 2 and 3, as well as a writeable address. This method is quite reliable. However, it relies on the the operation on pointer 2. Newer versions of SQL server (>= 2000 SP3 at least) use a length value that is 8-byte aligned. This imposes a restriction that the code address that leads to the payload (jmp ecx in this case) must match the regex '.[08].[08].[08].[08]'. Unfortunately, no such addresses were found in memory. For this reason, the second method, "sprayNbrute" is used. First a heap-spray is used to prime memory with lots of copies of the address of our code that leads to the payload (jmp ecx). Next, brute force is used to try to guess a value for pointer 3 that points to the sprayed data. A new method of spraying the heap inside MSSQL is presented. Sadly, it only allows the creation of a bunch of 8000 byte buffers.
| | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 13781 | | Related OSVDB(s): | 50589 | | Related CVE(s): | CVE-2008-5416 | | Last Modified: | Jan 5 18:48:01 2010 |
| MD5 Checksum: | a6ba5011db5fd353bf27497da463eaa4 |
|
| /// File Name: |
sketchup.py.txt |
Description:
|
Google SketchUp versions 7.1.6087 and below lib3ds 3DS importer memory corruption exploit.
| | Author: | mr_me | | Related File: | CORE-2009-1209.txt | | File Size: | 12898 | | Last Modified: | Jan 17 17:36:07 2010 |
| MD5 Checksum: | d4fe047fc4d39f8dd79c19ad2df8812d |
|
| /// File Name: |
NSOADV-2010-001.txt |
Description:
|
Panda Security suffers from a local privilege escalation vulnerability. Proof of concept code included.
| | Author: | Nikolas Sotiriu | | Homepage: | http://sotiriu.de/ | | File Size: | 12497 | | Last Modified: | Jan 11 15:07:04 2010 |
| MD5 Checksum: | 905392baaa1a3168d86e52fbf8911106 |
|
| /// File Name: |
pidgin_exploit.py.txt |
Description:
|
Pidgin MSN versions 2.6.4 and below file download proof of concept exploit.
| | Author: | Mathieu GASPARD | | File Size: | 12146 | | Related CVE(s): | CVE-2010-0013 | | Last Modified: | Jan 19 22:23:58 2010 |
| MD5 Checksum: | c3a79df369f819376944d698cfe085bd |
|
| /// File Name: |
modproxy-overflow.txt |
Description:
|
Mod_proxy from Apache 1.3 suffers from an integer overflow. Full details and proof of concept provided.
| | Author: | Adam Zabrocki | | File Size: | 11945 | | Last Modified: | Jan 27 13:29:04 2010 |
| MD5 Checksum: | 0e53eeae7fb95547ed4e285e0d53d28a |
|
| /// File Name: |
dotproject-xss.txt |
Description:
|
dotProject version 2.1.3 suffers from a cross site scripting vulnerability.
| | Author: | Justin C. Klein Keane | | File Size: | 11944 | | Last Modified: | Jan 7 16:28:25 2010 |
| MD5 Checksum: | 925bb8c71c0569143c4bb5325141a21d |
|
| /// File Name: |
mswinnt-pwn.txt |
Description:
|
Microsoft Windows suffers from an user mode to ring 0 escalation vulnerability.
| | Author: | Tavis Ormandy | | File Size: | 10770 | | Related CVE(s): | CVE-2010-0232 | | Last Modified: | Jan 19 22:32:17 2010 |
| MD5 Checksum: | c93d900c86af294c53bf634faa96fc7c |
|
| /// File Name: |
xampp-xssxsrfsqltraversal.txt |
Description:
|
XAMPP versions 1.6.8 and below suffer from cross site request forgery, cross site scripting, path disclosure, remote SQL injection and directory traversal vulnerabilities.
| | Author: | MustLive | | File Size: | 10254 | | Last Modified: | Jan 29 18:21:58 2010 |
| MD5 Checksum: | d934d9380ec1f23797936d5bc2f1c657 |
|
| /// File Name: |
safecentral-unharden-v2.c |
Description:
|
Authentium SafeCentral versions 2.6 and below shdrv.sys local kernel ring0 SYSTEM proof of concept exploit. Version 2 of this exploit.
| | Author: | mu-b | | Homepage: | http://www.digit-labs.org/ | | File Size: | 9915 | | Last Modified: | Jan 17 18:34:18 2010 |
| MD5 Checksum: | 4bc1701a8953e59e7a82269586643986 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
