Files ≈ Packet Storm

2005-exploits.tgz

Sun, 01 Jan 2006 21:41:27 GMT

Complete comprehensive archive of all exploits posted to Packet Storm for 2005.

0512-exploits.tgz

Sun, 01 Jan 2006 21:36:42 GMT

Packet Storm new exploits for December, 2005.

k-rad3.c

Sat, 31 Dec 2005 09:05:55 GMT

Linux kernel 2.6.11 and below CPL 0 local exploit. Third version/variant of this exploit.

cijfer-ccxpl.pl.txt

Sat, 31 Dec 2005 09:02:57 GMT

Remote command execution exploit for CubeCart versions 3.0.6 and below that makes use of an input sanitization flaw in orderSuccess.inc.php.

ie_xp_pfv_metafile.pm.txt

Sat, 31 Dec 2005 08:59:58 GMT

This Metasploit module exploits a vulnerability in the Windows Picture and Fax Viewer found in Windows XP and 2003. This vulnerability uses a corrupt Windows Metafile to execute arbitrary code.

kapda-18.txt

Sat, 31 Dec 2005 07:16:23 GMT

KAPDA Advisory #18 - Various WebWiz scripts suffer from SQL injection vulnerabilities due to a lack of input sanitization in check_user.asp. Details on exploitation provided.

ie_6_sp2_crash.html

Sat, 31 Dec 2005 02:28:07 GMT

Internet Explorer Version 6.0.2900.2180.xpsp_sp2 mshtml.dll

denial of service exploit.

phpdocumentor_130rc4_incl_expl.txt

Sat, 31 Dec 2005 02:26:14 GMT

Remote command execution exploit for phpDocumentor versions 1.3.0 rc4 and below.

gmailXSSinject.txt

Sat, 31 Dec 2005 02:24:35 GMT

Google's GMailSite script is susceptible to cross site scripting attacks. Details provided. Versions 1.0.4 and below are affected.

dBpowerAMPv11.5.txt

Thu, 29 Dec 2005 02:16:47 GMT

BpowerAMP Music Converter v11.5 and prior local buffer overflow exploit.

Dev_15_sql_xpl.php.txt

Thu, 29 Dec 2005 00:47:54 GMT

Dev Web versions less than of equal to 1.5 'cat' SQL injection and admin MD5 password hash disclosure exploit.

Microsoft.IIS.Malformed.URI.cpp

Wed, 28 Dec 2005 22:28:38 GMT

Microsoft IIS 5.1 malformed URI denial of service exploit.

mIRCexploitXPSP2eng.c

Wed, 28 Dec 2005 22:23:55 GMT

mIRC exploit for versions 6.16 and below. Proof of concept exploit that does not actually increase privileges but could be useful in restricted environments.

Tolva.txt

Wed, 28 Dec 2005 21:23:23 GMT

Tolva PHP website system version 0.1.0 suffers from a remote php include vulnerability.

Acidcat-bypass.txt

Wed, 28 Dec 2005 20:46:38 GMT

Several vulnerabilities in Acidcat CMS v 2.1.13 and below have been found which can be used to discover the admin credentials or download the database.

PHPGedView.php.txt

Wed, 28 Dec 2005 20:40:01 GMT

PHPGedView versions less than or equal to 3.3.7 arbitrary local and remote code execution and php injection exploit.

ACSSEC-2005-11-25-3.txt

Wed, 28 Dec 2005 05:25:00 GMT

FTGate 4.4 [Build 4.4.000 Oct 26 2005] is vulnerable to specially crafted XSS requests. A remote attacker could trick a user into viewing a vulnerable page which could then lead to remote compromise.

muts_mailenable_imap_examine.pm.txt

Wed, 28 Dec 2005 05:11:51 GMT

Metasploit exploit for a remote buffer overflow that exists in the MailEnable Enterprise 1.1 IMAP EXAMINE command. This vulnerability affects MailEnable Enterprise 1.1 without the ME-10009.EXE patch.

mailenable-imap-examine.py.txt

Wed, 28 Dec 2005 05:10:21 GMT

Python exploit for a remote buffer overflow that exists in the MailEnable Enterprise 1.1 IMAP EXAMINE command. This vulnerability affects MailEnable Enterprise 1.1 without the ME-10009.EXE patch.

excelBugs.tgz

Wed, 28 Dec 2005 04:56:46 GMT

Two Microsoft Excel xls files that demonstrate null pointer bugs.

cerberusHelp.txt

Tue, 27 Dec 2005 08:31:57 GMT

Cerberus HelpDesk is susceptible to SQL injection and cross site scripting flaws. cerberus-gui 2.649 is affected. support-center 2.649 through 3.2.0pr2 is also affected. Full exploitation details provided.

phpBB2018.txt

Tue, 27 Dec 2005 08:22:48 GMT

phpBB 2.0.18 is susceptible to cross site scripting and path disclosure issues.

playsmsXSS.txt

Tue, 27 Dec 2005 08:21:26 GMT

PlaySMS is susceptible to cross site scripting attacks.

phpMyAdminSQL.txt

Tue, 27 Dec 2005 08:20:32 GMT

phpMyAdmin version 2.7.0 is susceptible to SQL injection attacks via the server_privileges.php script. Details provided.

webcalXSS.txt

Tue, 27 Dec 2005 08:14:08 GMT

WebCal versions 1.11 through 3.04 are susceptible to cross site scripting attacks.