[ packet storm ] - packetstorm.securify.com

			ArchivesForums

Welcome to the Exploits for December, 2000 Section.

Some of these exploits are from Bugtraq

To change sort order, click on the category.
Sorted By: File Name.

File Name Downloads File Size Last Modified

0012-exploits.tgz 0 154662 Jan 1 22:08:46 2001

Packet Storm new exploits for December, 2000.

7350nxt-v3.tar.gz 0 8729 Dec 18 18:16:52 2000

Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot. Homepage: https://www.team-teso.net.

7350oftpd.tar.gz 0 7127 Dec 18 18:05:22 2000

OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory. Homepage: https://www.team-teso.net. By Caddis

7350wu-v5.tar.gz 0 16229 Dec 31 10:53:49 2000

7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD. Homepage: https://www.team-teso.net. By Scut

apcupsdos.c 0 3492 Dec 11 16:10:19 2000

Apcupsd v3.7.2 local denial of service attack. Can kill any running daemon. By The Itch

bf-code.c 0 1530 Dec 7 10:57:37 2000

Bftpd 1.0.12 contains a remote buffer overflow. Denial of service exploit included. Homepage: http://www.pkcrew.org. By Asynchro

bindview.naptha.txt 0 23509 Dec 21 22:32:04 2000

The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection. Homepage: http://razor.bindview.com.

catman-race.txt 0 4718 Dec 23 15:07:23 2000

Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar

CSA-200012.txt 0 1737 Dec 7 11:04:37 2000

CHINANSL Security Advisory(CSA-200012) - Ultraseek Server 3.0 Vulnerability allows malicious users to see the full pathnames of server addons. Homepage: http://www.chinansl.com.

hhp-expect_adv0017.t..> 0 6236 Dec 30 19:18:48 2000

Expect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application. Homepage: http://www.hhp-programming.net. By Isox and Loophole

hhp-expect_smash.c 0 3079 Dec 30 19:10:52 2000

Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here. Homepage: http://www.hhp-programming.net. By Isox

hhp-fancy_smash.c 0 1268 Dec 30 19:03:24 2000

Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1. Homepage: http://www.hhp-programming.net. By Icesk

hhp-gnomehack_smash...> 0 2397 Dec 30 19:07:05 2000

Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2. Homepage: http://www.hhp-programming.net. By Loophole

hhp-GnomeScott_smash..> 0 1588 Dec 30 19:14:01 2000

GnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0. Homepage: http://www.hhp-programming.net. By Loophole

hhp-kwintv_smash.c 0 2169 Dec 30 19:05:35 2000

Kwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0. Homepage: http://www.hhp-programming.net. By Loophole

hhp-stonx_smash.c 0 2828 Dec 27 17:42:10 2000

STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0. Homepage: http://www.hhp-programming.net. By Loophole

hp-pppd.c 0 2362 Dec 5 18:07:07 2000

HP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit. By K2

identdDoS.c 0 2149 Dec 23 18:19:41 2000

SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL. By Root-Dude

interchange.txt 0 1527 Dec 21 21:05:14 2000

Infinite InterChange is a Win95/98/NT/2k mail server which has a remote denial of service vulnerability where it can be caused to crash via a malformed post request. This has been fixed in Infinite InterChange v3.61. By SNS Research

killntoe.c 0 3567 Dec 14 18:08:00 2000

Nettoe v1.0.5 denial of service attack - Causes the Nettoe server to use all available CPU cycles and lock the game. Homepage: http://www.fakehalo.org. By Vade79

ksh.temp-hole.txt 0 914 Dec 21 21:08:04 2000

The Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included. Homepage: http://www.maths.usyd.edu.au:8000/u/psz. By Paul Szabo

mon_pine.sh 0 2464 Dec 11 16:19:53 2000

Pine v4.30 and below allows outgoing mail to be hijacked if the alternate editor is enabled. Exploit script included. Homepage: http://hacksware.com. By Mat

obsd-ftpd.c 0 20337 Dec 23 21:59:47 2000

OpenBSD v2.6 and 2.7 ftpd remote root exploit. Homepage: http://www.synnergy.net. By Scrippie

omnihttpdex.c 0 2424 Dec 21 22:06:18 2000

Omni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin. Homepage: http://www.Hack-X.org. By Kilrid

PhoneBook.c 0 3048 Dec 8 00:56:44 2000

Microsoft Phonebook Server Remote Exploit - Tests for the pbserver.dll buffer overflow. By David Litchfield

phpxpl.c 0 9439 Dec 5 17:44:57 2000

PHP 3.0.16/4.0.2 remote root format string overflow exploit for Linux/x86. Tested against Slackware 7.0 and Red Hat 6.0. By gneisenau@berlin.com

rdC-LPRng.c 0 10325 Dec 15 15:08:48 2000

LPRng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against the default install of Redhat 7.0 (LPRng-3.6.24-1) and LPRng3.6.22-1 installed on Slackware 7.0. Homepage: http://www.rdcrew.com.ar. By Venomous

rpc-everythingform.t..> 0 914 Dec 18 18:43:45 2000

everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included. By RPC

sa_09.txt 0 3682 Dec 14 18:03:16 2000

NSFOCUS Security Advisory (SA2000-09) - EZshopper v2.0 and v3.0 from AHG contains remote CGI vulnerabilities which allow an attacker to get directory listings and sensitive file contents. Exploit URL's included. Homepage: http://www.nsfocus.com.

scx-sa-10.txt 0 4490 Dec 8 01:16:16 2000

Securax Security Advisory #10 - The Watchguard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. Local and Remote users can crash the Watchguard SOHO Firewall using multiple get requests to the webserver. Perl exploit included. This attack will not show up in the logfile except for a reboot notice. Homepage: http://securax.org. By Vorlon

scx-sa-11.txt 0 4310 Dec 31 21:45:06 2000

Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code. Homepage: http://securax.org. By Root-dude

scx-sa-12.txt 0 6659 Dec 30 17:49:04 2000

Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log. Homepage: http://securax.org. By Incubus

scx-sa-13.txt 0 3813 Jan 1 10:19:53 2001

Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code. Homepage: http://securax.org. By Root-dude

SEClpd.c 0 10961 Dec 30 19:41:34 2000

Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset. Homepage: http://www.netcat.it. By Netcat

Securax-SA-09.serv-u 0 4676 Dec 5 15:36:23 2000

Securax Security Advisory Securax-SA-09 - The Serv-U FTP server for Windows v 2.4a, 2.5h, and 3.0b (all versions tested) have vulnerabilities stemming from improper handling of hex encoded characters in ftp commands. The server will reveal the full path to the ftproot, allow read/write/execute/list access to any other file on the partition, and allow listing of all hidden files. Fix available here. Homepage: http://www.securax.org. By Zoa_Chien

shop.pl.txt 0 721 Dec 11 16:08:09 2000

Hassan Consulting's Shopping Cart Version 1.x (cgi-bin/shop.pl) contains remote vulnerabilities, including directory transversal with file read ability, listing files, and path disclosure. Exploit URL's included. By Dotslash

sonata-teleconf-2.tx..> 0 2220 Dec 21 22:11:46 2000

Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar

sqladv-poc.c 0 9908 Dec 2 21:15:31 2000

Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000. Homepage: http://www.atstake.com.

sqladv2-poc.c 0 3076 Dec 2 21:09:46 2000

SQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password. Homepage: http://www.atstake.com.

SRADV00005.txt 0 3247 Dec 6 21:59:56 2000

Secure Reality Pty Ltd. Security Advisory #5 - All 3.x versions of MailMan Webmail below v3.0.26 contain remote command execution vulnerabilities. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user which is in most cases 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality

SRADV00006.txt 0 5249 Dec 6 22:04:06 2000

Secure Reality Pty Ltd. Security Advisory #6 - phpGroupWare is a multi-user web based groupware suite written in PHP. Versions below 0.9.7 under Unix make insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality

SRADV00007.txt 0 2247 Dec 6 22:14:11 2000

Secure Reality Pty Ltd. Security Advisory #7 - MarkVision is a printer administration package from Lexmark. Versions previous to v4.4 contain local root buffer overflow vulnerabilities. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality

wingate.c 0 3065 Dec 3 21:01:57 2000

Wingate 4.01 remote denial of service attack - Opens multiple connections and sends large amounts of MSG_OOB data, causing an "Out of buffers" error. By God-

wu-ftpd-solsparc.c 0 8686 Jan 1 22:07:40 2001

Solaris Wu-ftpd wu-2.4(1) remote root exploit which uses the site exec format string vulnerability. Tuned for Solaris Sparc v2.8 w/ inetd. By Kalou

xckermit.c 0 4671 Dec 18 17:49:52 2000

Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid. Homepage: http://www.fakehalo.org. By Vade79

xitami-2.5b4.txt 0 7951 Dec 2 17:47:41 2000

Xitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible. Homepage: http://www.nssolution.net. By Zerologic

xitetris.c 0 4386 Dec 18 18:24:51 2000

Itetris v1.6.2 local root exploit - Exploits a vulnerable system() call. Homepage: http://www.fakehalo.org. By Vade79

xlockfmt.c 0 8579 Dec 5 18:09:09 2000

Xlock local format string exploit for Linux/x86. Tested on Slackware 7.1 and Redhat 6.2. By Ben Williams

xsold.c 0 1544 Dec 15 17:25:26 2000

Linux Xsoldier local root buffer overflow exploit. Overflows the -display command line option. Homepage: http://www.nightbird.free.fr. By Zorgon

xxconq.c 0 5050 Dec 26 14:18:48 2000

Linux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware. Homepage: http://www.fakehalo.org. By Vade79

ypbind.tgz 0 16159 Dec 5 18:05:41 2000

Linux/x86 remote root exploit for ypbind (ypbind-mt). Tested against Red Hat 7, SuSe 6.x, and Debian. By Digit

Privacy Statement

Welcome to the Exploits for December, 2000 Section.
Some of these exploits are from Bugtraq
		To change sort order, click on the category. Sorted By: File Name.
File Name	Downloads	File Size	Last Modified
0012-exploits.tgz	0	154662	Jan 1 22:08:46 2001
Packet Storm new exploits for December, 2000.
7350nxt-v3.tar.gz	0	8729	Dec 18 18:16:52 2000
Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot. Homepage: https://www.team-teso.net.
7350oftpd.tar.gz	0	7127	Dec 18 18:05:22 2000
OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory. Homepage: https://www.team-teso.net. By Caddis
7350wu-v5.tar.gz	0	16229	Dec 31 10:53:49 2000
7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD. Homepage: https://www.team-teso.net. By Scut
apcupsdos.c	0	3492	Dec 11 16:10:19 2000
Apcupsd v3.7.2 local denial of service attack. Can kill any running daemon. By The Itch
bf-code.c	0	1530	Dec 7 10:57:37 2000
Bftpd 1.0.12 contains a remote buffer overflow. Denial of service exploit included. Homepage: http://www.pkcrew.org. By Asynchro
bindview.naptha.txt	0	23509	Dec 21 22:32:04 2000
The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection. Homepage: http://razor.bindview.com.
catman-race.txt	0	4718	Dec 23 15:07:23 2000
Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar
CSA-200012.txt	0	1737	Dec 7 11:04:37 2000
CHINANSL Security Advisory(CSA-200012) - Ultraseek Server 3.0 Vulnerability allows malicious users to see the full pathnames of server addons. Homepage: http://www.chinansl.com.
hhp-expect_adv0017.t..>	0	6236	Dec 30 19:18:48 2000
Expect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application. Homepage: http://www.hhp-programming.net. By Isox and Loophole
hhp-expect_smash.c	0	3079	Dec 30 19:10:52 2000
Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here. Homepage: http://www.hhp-programming.net. By Isox
hhp-fancy_smash.c	0	1268	Dec 30 19:03:24 2000
Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1. Homepage: http://www.hhp-programming.net. By Icesk
hhp-gnomehack_smash...>	0	2397	Dec 30 19:07:05 2000
Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2. Homepage: http://www.hhp-programming.net. By Loophole
hhp-GnomeScott_smash..>	0	1588	Dec 30 19:14:01 2000
GnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0. Homepage: http://www.hhp-programming.net. By Loophole
hhp-kwintv_smash.c	0	2169	Dec 30 19:05:35 2000
Kwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0. Homepage: http://www.hhp-programming.net. By Loophole
hhp-stonx_smash.c	0	2828	Dec 27 17:42:10 2000
STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0. Homepage: http://www.hhp-programming.net. By Loophole
hp-pppd.c	0	2362	Dec 5 18:07:07 2000
HP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit. By K2
identdDoS.c	0	2149	Dec 23 18:19:41 2000
SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL. By Root-Dude
interchange.txt	0	1527	Dec 21 21:05:14 2000
Infinite InterChange is a Win95/98/NT/2k mail server which has a remote denial of service vulnerability where it can be caused to crash via a malformed post request. This has been fixed in Infinite InterChange v3.61. By SNS Research
killntoe.c	0	3567	Dec 14 18:08:00 2000
Nettoe v1.0.5 denial of service attack - Causes the Nettoe server to use all available CPU cycles and lock the game. Homepage: http://www.fakehalo.org. By Vade79
ksh.temp-hole.txt	0	914	Dec 21 21:08:04 2000
The Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included. Homepage: http://www.maths.usyd.edu.au:8000/u/psz. By Paul Szabo
mon_pine.sh	0	2464	Dec 11 16:19:53 2000
Pine v4.30 and below allows outgoing mail to be hijacked if the alternate editor is enabled. Exploit script included. Homepage: http://hacksware.com. By Mat
obsd-ftpd.c	0	20337	Dec 23 21:59:47 2000
OpenBSD v2.6 and 2.7 ftpd remote root exploit. Homepage: http://www.synnergy.net. By Scrippie
omnihttpdex.c	0	2424	Dec 21 22:06:18 2000
Omni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin. Homepage: http://www.Hack-X.org. By Kilrid
PhoneBook.c	0	3048	Dec 8 00:56:44 2000
Microsoft Phonebook Server Remote Exploit - Tests for the pbserver.dll buffer overflow. By David Litchfield
phpxpl.c	0	9439	Dec 5 17:44:57 2000
PHP 3.0.16/4.0.2 remote root format string overflow exploit for Linux/x86. Tested against Slackware 7.0 and Red Hat 6.0. By gneisenau@berlin.com
rdC-LPRng.c	0	10325	Dec 15 15:08:48 2000
LPRng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against the default install of Redhat 7.0 (LPRng-3.6.24-1) and LPRng3.6.22-1 installed on Slackware 7.0. Homepage: http://www.rdcrew.com.ar. By Venomous
rpc-everythingform.t..>	0	914	Dec 18 18:43:45 2000
everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included. By RPC
sa_09.txt	0	3682	Dec 14 18:03:16 2000
NSFOCUS Security Advisory (SA2000-09) - EZshopper v2.0 and v3.0 from AHG contains remote CGI vulnerabilities which allow an attacker to get directory listings and sensitive file contents. Exploit URL's included. Homepage: http://www.nsfocus.com.
scx-sa-10.txt	0	4490	Dec 8 01:16:16 2000
Securax Security Advisory #10 - The Watchguard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. Local and Remote users can crash the Watchguard SOHO Firewall using multiple get requests to the webserver. Perl exploit included. This attack will not show up in the logfile except for a reboot notice. Homepage: http://securax.org. By Vorlon
scx-sa-11.txt	0	4310	Dec 31 21:45:06 2000
Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code. Homepage: http://securax.org. By Root-dude
scx-sa-12.txt	0	6659	Dec 30 17:49:04 2000
Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log. Homepage: http://securax.org. By Incubus
scx-sa-13.txt	0	3813	Jan 1 10:19:53 2001
Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code. Homepage: http://securax.org. By Root-dude
SEClpd.c	0	10961	Dec 30 19:41:34 2000
Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset. Homepage: http://www.netcat.it. By Netcat
Securax-SA-09.serv-u	0	4676	Dec 5 15:36:23 2000
Securax Security Advisory Securax-SA-09 - The Serv-U FTP server for Windows v 2.4a, 2.5h, and 3.0b (all versions tested) have vulnerabilities stemming from improper handling of hex encoded characters in ftp commands. The server will reveal the full path to the ftproot, allow read/write/execute/list access to any other file on the partition, and allow listing of all hidden files. Fix available here. Homepage: http://www.securax.org. By Zoa_Chien
shop.pl.txt	0	721	Dec 11 16:08:09 2000
Hassan Consulting's Shopping Cart Version 1.x (cgi-bin/shop.pl) contains remote vulnerabilities, including directory transversal with file read ability, listing files, and path disclosure. Exploit URL's included. By Dotslash
sonata-teleconf-2.tx..>	0	2220	Dec 21 22:11:46 2000
Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar
sqladv-poc.c	0	9908	Dec 2 21:15:31 2000
Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000. Homepage: http://www.atstake.com.
sqladv2-poc.c	0	3076	Dec 2 21:09:46 2000
SQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password. Homepage: http://www.atstake.com.
SRADV00005.txt	0	3247	Dec 6 21:59:56 2000
Secure Reality Pty Ltd. Security Advisory #5 - All 3.x versions of MailMan Webmail below v3.0.26 contain remote command execution vulnerabilities. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user which is in most cases 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality
SRADV00006.txt	0	5249	Dec 6 22:04:06 2000
Secure Reality Pty Ltd. Security Advisory #6 - phpGroupWare is a multi-user web based groupware suite written in PHP. Versions below 0.9.7 under Unix make insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality
SRADV00007.txt	0	2247	Dec 6 22:14:11 2000
Secure Reality Pty Ltd. Security Advisory #7 - MarkVision is a printer administration package from Lexmark. Versions previous to v4.4 contain local root buffer overflow vulnerabilities. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality
wingate.c	0	3065	Dec 3 21:01:57 2000
Wingate 4.01 remote denial of service attack - Opens multiple connections and sends large amounts of MSG_OOB data, causing an "Out of buffers" error. By God-
wu-ftpd-solsparc.c	0	8686	Jan 1 22:07:40 2001
Solaris Wu-ftpd wu-2.4(1) remote root exploit which uses the site exec format string vulnerability. Tuned for Solaris Sparc v2.8 w/ inetd. By Kalou
xckermit.c	0	4671	Dec 18 17:49:52 2000
Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid. Homepage: http://www.fakehalo.org. By Vade79
xitami-2.5b4.txt	0	7951	Dec 2 17:47:41 2000
Xitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible. Homepage: http://www.nssolution.net. By Zerologic
xitetris.c	0	4386	Dec 18 18:24:51 2000
Itetris v1.6.2 local root exploit - Exploits a vulnerable system() call. Homepage: http://www.fakehalo.org. By Vade79
xlockfmt.c	0	8579	Dec 5 18:09:09 2000
Xlock local format string exploit for Linux/x86. Tested on Slackware 7.1 and Redhat 6.2. By Ben Williams
xsold.c	0	1544	Dec 15 17:25:26 2000
Linux Xsoldier local root buffer overflow exploit. Overflows the -display command line option. Homepage: http://www.nightbird.free.fr. By Zorgon
xxconq.c	0	5050	Dec 26 14:18:48 2000
Linux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware. Homepage: http://www.fakehalo.org. By Vade79
ypbind.tgz	0	16159	Dec 5 18:05:41 2000
Linux/x86 remote root exploit for ypbind (ypbind-mt). Tested against Red Hat 7, SuSe 6.x, and Debian. By Digit



Privacy Statement