Section: .. / 1002-exploits /
| /// File Name: |
TWSL2010-001.txt |
Description:
|
SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
| | Homepage: | http://www.trustwave.com/ | | File Size: | 11039 | | Last Modified: | Feb 9 20:59:07 2010 |
| MD5 Checksum: | b7a0e2b58df7410038fd965bd2738cc8 |
|
| /// File Name: |
uground-sql.txt |
Description:
|
uGround versions 1.0b and below suffer from a remote SQL injection vulnerability.
| | Author: | Easy Laster | | File Size: | 2084 | | Last Modified: | Feb 17 17:29:14 2010 |
| MD5 Checksum: | 565e533b143d97c6fcf59a866e40c3c7 |
|
| /// File Name: |
uigabp-sqlxss.txt |
Description:
|
Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities.
| | Author: | Sioma Labs | | Homepage: | http://siomalabs.com/ | | File Size: | 1989 | | Last Modified: | Feb 8 20:02:45 2010 |
| MD5 Checksum: | 6b84b3615b36518a491863abe6e2f3a1 |
|
| /// File Name: |
uigafanclub-sql.txt |
Description:
|
Uiga Fan Club versions 1.0 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
| | Author: | cr4wl3r | | File Size: | 991 | | Last Modified: | Feb 28 14:30:03 2010 |
| MD5 Checksum: | 5a538887afdd4678a60a0eb1629cb854 |
|
| /// File Name: |
uigafc-sql.txt |
Description:
|
Uiga Fan Club suffers from a remote SQL injection vulnerability.
| | Author: | Easy Laster | | Related Exploit: | uigafanclub-sql.txt | | File Size: | 1608 | | Last Modified: | Feb 28 15:01:38 2010 |
| MD5 Checksum: | 975db1bf0142d1a812f9b560c44ad10b |
|
| /// File Name: |
uigapersonalportal-sql.txt |
Description:
|
Uiga Personal Portal suffers from a remote SQL injection vulnerability.
| | Author: | Easy Laster | | File Size: | 1647 | | Last Modified: | Feb 28 15:00:37 2010 |
| MD5 Checksum: | c7025a83a60621efe8e42a39594bd317 |
|
| /// File Name: |
ulokiforum-xss.txt |
Description:
|
ULoki Community Forum version 2.1 suffers from a cross site scripting vulnerability.
| | Author: | Sioma Labs | | File Size: | 1434 | | Last Modified: | Feb 10 18:03:21 2010 |
| MD5 Checksum: | 25cc6751dc1c3c790c9ead953d7169e0 |
|
| /// File Name: |
ultrabb-xss.txt |
Description:
|
UltraBB version 1.17 suffers from a cross site scripting vulnerability.
| | Author: | s4r4d0 | | File Size: | 542 | | Last Modified: | Feb 4 02:07:25 2010 |
| MD5 Checksum: | e70ce312039d9c06cb2a1e98484e24b7 |
|
| /// File Name: |
ultraiso.c |
Description:
|
UltraISO version 9.3.6.2750 local buffer overflow exploit.
| | Author: | fl0 fl0w | | File Size: | 707680 | | Last Modified: | Feb 9 17:57:50 2010 |
| MD5 Checksum: | ccfdee94e145a442e745eb9612104bb2 |
|
| /// File Name: |
ultraiso.py.txt |
Description:
|
UltraISO version 9.3.6.2750 local buffer overflow exploit that spawns calc.exe. Written in Python.
| | Author: | Dz_attacker | | File Size: | 334714 | | Last Modified: | Feb 9 19:58:29 2010 |
| MD5 Checksum: | c4e941d6591ab57eefc3217efe704485 |
|
| /// File Name: |
upload-insecure.txt |
Description:
|
UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.
| | Author: | indoushka | | File Size: | 3110 | | Last Modified: | Feb 16 16:56:36 2010 |
| MD5 Checksum: | 9d10afc9f8b0549947f289bea66aaabe |
|
| /// File Name: |
uplusftp1_7-buffer-overflow.txt |
Description:
|
UplusFtp Server version 1.7.0.12 remote buffer overflow exploit that launches calc.exe.
| | Author: | b0telh0 | | File Size: | 2169 | | Last Modified: | Feb 5 18:07:30 2010 |
| MD5 Checksum: | 66a6bda2a906927eaad0b763ae5113bd |
|
| /// File Name: |
usermap_script.rb.txt |
Description:
|
This Metasploit module exploits a command execution vulnerability in Samba versions 3.0.0 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
| | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 2304 | | Related OSVDB(s): | 34700 | | Related CVE(s): | CVE-2007-2447 | | Last Modified: | Feb 17 18:41:21 2010 |
| MD5 Checksum: | 46bfc03e288419f9bc5b3e7317a34c3b |
|
| /// File Name: |
vbseo-lfi.txt |
Description:
|
vBseo version 3.1.0 suffers from a local file inclusion vulnerability.
| | Author: | ViRuSMaN | | File Size: | 1201 | | Last Modified: | Feb 20 14:19:49 2010 |
| MD5 Checksum: | 372aa0c7a496a2bee62b4492d386796a |
|
| /// File Name: |
vbulletin401-xss.txt |
Description:
|
vBulletin version 4.0.1 appears to suffer from a cross site scripting vulnerability in calendar.php.
| | Author: | W4n73d | | File Size: | 347 | | Last Modified: | Feb 15 17:28:16 2010 |
| MD5 Checksum: | 3337cd17a421ef6a7758ed185e92d0ef |
|
| /// File Name: |
vbulletin402-xss.txt |
Description:
|
vBulletin version 4.0.2 suffers from a cross site scripting vulnerability.
| | Author: | indoushka | | File Size: | 3428 | | Last Modified: | Feb 20 13:54:26 2010 |
| MD5 Checksum: | 36a5005ae53eb8772ae6e2a6f1192a52 |
|
| /// File Name: |
vbulletinadsense-sql.txt |
Description:
|
vBulletin Adsense suffers from a remote SQL injection vulnerability.
| | Author: | jiko | | File Size: | 657 | | Last Modified: | Feb 9 19:33:42 2010 |
| MD5 Checksum: | 0ce13bc40731ec3f64f4a98e6aeb3405 |
|
| /// File Name: |
vermillion_ftpd_port.rb.txt |
Description:
|
This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using "vftpd.exe install". If so, the service does not restart automatically, giving an attacker only one attempt.
| | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 5806 | | Related OSVDB(s): | 62163 | | Last Modified: | Feb 9 21:13:30 2010 |
| MD5 Checksum: | 0dbcd2c3469f1061e7b7ab3d2f7daa4c |
|
| /// File Name: |
videodb-xss.txt |
Description:
|
VideoDB version 3.0.3 suffers from a cross site scripting vulnerability.
| | Author: | vr | | File Size: | 271 | | Last Modified: | Feb 8 18:50:37 2010 |
| MD5 Checksum: | 5cca8727e1698956e82321f47f812571 |
|
| /// File Name: |
videogamesrental-sql.txt |
Description:
|
Video Games Rentals Script suffers from a remote SQL injection vulnerability.
| | Author: | JaMbA | | File Size: | 1293 | | Last Modified: | Feb 12 02:38:13 2010 |
| MD5 Checksum: | c146f341cd2a4990ff48b67972068deb |
|
| /// File Name: |
vitocms-sql.txt |
Description:
|
Vito CMS suffers from a remote SQL injection vulnerability.
| | Author: | hacker at sr.gov.yu | | File Size: | 1091 | | Last Modified: | Feb 12 16:05:41 2010 |
| MD5 Checksum: | 986f222bb76d292c138a8cccc10758ec |
|
| /// File Name: |
vkplayer-dos.txt |
Description:
|
VKPlayer version 1.0 local denial of service exploit that creates a malicious .mid file.
| | Author: | cr4wl3r | | File Size: | 1521 | | Last Modified: | Feb 23 02:40:09 2010 |
| MD5 Checksum: | 4ea4f1bf676b8fc12a23278b320bedbd |
|
| /// File Name: |
vlc_smb_uri.rb.txt |
Description:
|
This Metasploit module exploits a stack-based buffer overflow in the Win32AddConnection function of the VideoLAN VLC media player. Versions 0.9.9 throught 1.0.1 are reportedly affected. This vulnerability is only present in Win32 builds of VLC. This payload was found to work with the windows/exec and windows/meterpreter/reverse_tcp payloads. However, the windows/meterpreter/reverse_ord_tcp was found not to work.
| | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 3908 | | Related OSVDB(s): | 55509 | | Related CVE(s): | CVE-2009-2494 | | Last Modified: | Feb 15 17:09:31 2010 |
| MD5 Checksum: | 02c364203a4d1094c2b1e9c21f293ef3 |
|
| /// File Name: |
voxblog-xss.txt |
Description:
|
Vox Blog suffers from a cross site scripting vulnerability.
| | Author: | Phenom | | File Size: | 2051 | | Last Modified: | Feb 15 17:23:06 2010 |
| MD5 Checksum: | 895c15b53ccf60da2010c315ab6a0962 |
|
| /// File Name: |
vss-xss.txt |
Description:
|
VideoSearchScript Pro version 3.5 suffers from a cross site scripting vulnerability.
| | Author: | listi kurdistani | | File Size: | 219 | | Last Modified: | Feb 20 14:00:42 2010 |
| MD5 Checksum: | 9941f2cc175fc630645236a59b24df7c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
