Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

epay - Backup

epay - Backup ======================================================================================== | Title : epay Backup Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | Web Site : www.iq-ty.c...

PHPhotoalbum 0.5 - SQL Injection

PHPhotoalbum 0.5 - SQL Injection Title: PHPhotoalbum Remote sql injection Vulnerability Tested on: windows http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user-- http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+loadfile/directory...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

com506.py.txt

Hi all, The simple code below can be used to reproduce one of CommuniGate 5.0.6 LDAP vulnerabilities http://www.gleg.net/cgadvisory.txt !/usr/bin/env python Use this code at your own risk. It may crash your server! Author: Evgeny Legerov import sys import socket HELP=""" CommuniGate Pro 5.0.6...

Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/1453/info A buffer overflow exists in the Savant Web Server. It is possible to exploit this overflow by sending an unusually long GET request to the server. / The MDMA Crew's proof-of-concept code for the buffer overflow in Savant Written by Wizdumb The...

nftp-bof.txt

Date: Mon, 16 Nov 1998 18:02:43 -0700 Reply-To: Eric Wanner Sender: Bugtraq List From: Eric Wanner Subject: nftp vulnerability fwd Content-Type:MULTIPART/MIXED; nftp is a shareware ftp program available at ftp://crydee.sai.msu.su/pub/comp/software/asv/nftp/ that is becoming more and more widely...