multiple exploits
Page 1 of 593 exploits
 |
Title | Author | Platform | Source | Description | Date |
|---|---|---|---|---|---|---|
|
nginx 0.6.x Arbitrary Code Execution NullByte Injection | Neal Poole | multiple | exploit-db.com | Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version: 0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37 | April 19 |
|
|
SAP ConfigServlet OS Command Execution | Dmitry Chastuhin . | multiple | exploit-db.com | require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner def initialize(info = {}) super(update_info(info, 'Name' => 'SAP ConfigServlet OS command execution', 'Description' => %q{ This | April 18 |
|
|
Adobe ColdFusion APSB13-03 Remote Exploit | metasploit | multiple | exploit-db.com | This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1' require 'op | April 10 |
|
|
OTRS FAQ Module - Persistent XSS | Luigi Vezzoso | multiple | exploit-db.com | Exploit Title: [OTRS Faq Module - Persistent XSS] Date: [2-Apr-2013] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [http://www.otrs.com] Version: [OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x] Tested on: [Perl] CVE : [CVE-2013-2637] OVERVIEW The OTRS ITSM FAQ Module | April 8 |
|
|
Google AD Sync Tool - Exposure of Sensitive Information Vulnerability | Sense of Security | multiple | exploit-db.com | Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync (GADS) Tool Platform. Windows, Linux, Solaris | April 8 |
|
|
Google Chrome Silent HTTP Authentication | T355 | multiple | exploit-db.com | Exploit Title: [Google Chrome Silent HTTP Authentication] Date: [2-5-2013] Exploit Author: [T355] Vendor Homepage: [http://www.google.com/chrome] Version: [24.0.1312.57] Tested on: [Tested on: Windows 7 & Mac OSX Mountain Lion] CVE : [n/a] VULNERABILITY DETAILS The latest ver | February 11 |
|
|
GIMP 2.8.0 FIT File Format DoS | Joseph Sheridan | multiple | exploit-db.com | Summary = There is a file handling DoS in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to and including 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. CV | June 30 |
|
|
Airlock WAF 4.2.4 Overlong UTF-8 Sequence Bypass | SEC Consult | multiple | exploit-db.com | SEC Consult Vulnerability Lab Security Advisory < 20120618-1 > = title: Airlock WAF overlong UTF-8 sequence bypass product: Airlock vulnerable version: <= 4.2.4 (without hotfix HF4213) fixed version: 4.2.5 impact: critical | June 19, 2012 |
|
|
Adobe Illustrator CS5.5 Memory Corruption Exploit | Felipe Andres Man. | multiple | exploit-db.com | Felipe Andres Manzano * felipe.andres.manzano@gmail.com ''' The vulnerable function follows... ------------------------------- | June 14, 2012 |
|
|
Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow | LiquidWorm | multiple | exploit-db.com | !/usr/bin/perl Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow Vendor: Apple Inc. Product web page: http://www.apple.com Affected version: 10.6.1.7 and 10.6.0.40 Summary: iTunes is a free application for your Mac or PC. It lets you organize and | June 13, 2012 |
|
|
MySQL Remote Root Authentication Bypass | David Kennedy (Re. | multiple | exploit-db.com | !/usr/bin/python This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little. Title: MySQL Remote Root Authentication Bypass Written by: Dave Kennedy (ReL1K) http://www.secmaniac.com Original advisory here: seclists.org/oss-sec/2012/q2/493 im | June 12, 2012 |
|
|
Wireshark Multiple Dissector Denial of Service Vulnerabilities | Laurent Butti | multiple | exploit-db.com | Source: http://www.securityfocus.com/bid/53651/info Wireshark is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 thro | May 24, 2012 |
|
|
Wireshark Misaligned Memory Denial of Service Vulnerability | Klaus Heckelmann | multiple | exploit-db.com | Source: http://www.securityfocus.com/bid/53653/info Wireshark is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 | May 24, 2012 |
|
|
Wireshark DIAMETER Dissector Denial of Service | Wireshark | multiple | exploit-db.com | Source: http://www.securityfocus.com/bid/53652/info Wireshark is prone to a denial-of-service vulnerability because it fails to properly allocate memory. Successful exploits may allow attacker to crash the affected application, denying service to legitimate users. Wireshark 1.4.0 to 1.4.1 | May 24, 2012 |
|
|
Trigerring Java Code from a SVG Image | Nicolas Gregoire | multiple | exploit-db.com | SVG is a XML-based file format for static or animated images. Some SVG specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some Java code when the SVG file is opened. Given that I had to look at these features for a customer, I developed some PoC codes which are now available onli | May 16, 2012 |