what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files Date: 2004-02-17

yabb.infoleak.txt

Posted Feb 17, 2004

Authored by David Cantrell

YaBB version 1, SP 1.3.1, leaks whether or not a username is valid when an invalid password is given.

tags | advisory

SHA-256 | 0d70bafba0a639f6722836028ca2dd30287e6dee65c61d566fe251cf6a21f9ef

Download | Favorite | View

ZH2004-06SA.txt

Posted Feb 17, 2004

Authored by G00db0y | Site zone-h.org

ShopCartCGI version 2.3 has multiple directory traversal vulnerabilities that allow for remote attackers to gain access to files outside of the webroot.

tags | exploit, remote, vulnerability

SHA-256 | 3eeebaf9d2b5e316af46dacc9f5e43e3514a13a208d6dd32174dafe0c219bc6d

Download | Favorite | View

rsync_local.c

Posted Feb 17, 2004

Authored by abhisek

Local exploit for rsync 2.5.7 and below. Note: This exploit only escalates privileges if rsync is setuid, which it is not by default.

tags | exploit, local

SHA-256 | 270bdea5748826ce67adcc4b529f6cd1b686e05b8b2e8c44d1da806d67bad852

Download | Favorite | View

sp-advisory-x10.txt

Posted Feb 17, 2004

Authored by Badpack3t | Site security-protocols.com

A specifically crafted HTTP GET request which contains over 4096 bytes of data will cause the KarjaSoft Sami HTTP server to crash. Versions affected: 1.0.4, possibly earlier versions as well.

tags | exploit, web

SHA-256 | dc2928c9421bbb30e94ea02193251f37fba7827280f552f237e486db9b59936f

Download | Favorite | View

yabbSE2.txt

Posted Feb 17, 2004

Authored by BaCkSpAcE

YaBB SE versions 1.54 and 1.55 are susceptible to a SQL injection vulnerability that allows a remote attacker to execute malicious SQL statements on the database remotely.

tags | advisory, remote, sql injection

SHA-256 | 0cb034ef99caa617751564217c86b7aa293f12c1a2e323fbaed9a9eb14a1dc80

Download | Favorite | View