.:[packet storm]:.
 

 
 
about | forums | assessment | defense | papers | magazines | miscellaneous | links


To change sort order, click on the category. Sorted By: Last Modified.
.: 0108-exploits
File Name File Size Last Modified MD5 Checksum
lpplus.txt5270Sep 17 2001 19:21:57f8eacbf074a5a8841982762a92fe33dd
LPPlus is Plus Technologies print management system for unix. Versions prior to 3.3.x contain several serious security holes, some of which undermine the integrity of the printing subsystem, others threaten the security of the system on which the product is installed. Upgrade available here. By Echo8
cnn_unsubscribe_bot...>1234Aug 29 2001 22:46:277559650c2e76073b04fb8c48d57ba4ec
The CNN Unsubscribe Bot can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's member_id. By Jay Daniels
RUS-CERT.apache.auth..>5676Aug 29 2001 22:31:129193b07708544bcfec9f707cd421690c
RUS-CERT Advisory - Several Apache authentication modules which use SQL databases have remote vulnerabilities. Any Apache server using database-based authentication with the following modules is vulnerable - AuthPG 1.2b2, mod_auth_mysql 1.9, mod_auth_oracle 0.5.1, mod_auth_pgsql 0.9.5, and mod_auth_pgsql_sys 0.9.4. An attacker can execute arbitrary PostgreSQL or Oracle statements.  Homepage: http://cert.uni-stuttgart.de.
bsdautoroot.c14220Aug 27 2001 23:58:19aed68be6b47a4a4221296d75fabe9899
BSD Auto-rooter - Runs a trojan on many machines using the telnetd exploit. By Goni
patchadd.pl1306Aug 27 2001 23:50:48e82cc2d3f9571ccb3e3fc241ddaebb1a
Solaris 2.8 patchadd local exploit. Takes advantage of a symlink vulnerability to clobber files with output from patchadd. Tested on Solaris 2.8 Sparc with the current patch cluster applied.  Homepage: http://vapid.dhs.org:8080. By Larry W. Cashdollar
aolcrash.c1333Aug 27 2001 23:47:163a23c1a446ea4da1a8848ba87ea5811d
AOLserver v3.0 and 3.2 remote denial of service bug. Sends a long HTTP request. By Exty
alt3kx-advisories-20..>9062Aug 24 2001 19:18:23b835b14e9bd0431144499b6dc3c5e6c7
Ntop v1.1 for Solaris/x86 contains a remotely exploitable buffer overflow in the http server which defaults to tcp port 8080. By Alt3kx
xp.tar.gz1914Aug 24 2001 19:12:47945b1ee84290d2a8d065d059bc740dc3
Sendmail 8.11.5 and below local root exploit for linux. By Lucysoft
alsou.c2598Aug 24 2001 19:08:429ca3b58dee980471ff0c1c8d15d79a94
Sendmail-8.11.x linux x86 local exploit. Takes advantage of a memory access violation when specifying out-of-bounds debug parameters. By Grange
killbsdi.c717Aug 20 2001 19:18:091bb16ade4069cba6748f2563429b8bbc
BSDI v3.0 / 3.1 local dos exploit which reboots the system by running some shellcode.  Homepage: http://www.realhalo.org. By Vade79
ftpd.c3662Aug 19 2001 22:13:3087d572a2ae96a7adfa4f4f7365d3530d
AIX PowerPC v4.3.x ftpd remote exploit (yyerror() bug).  Homepage: http://lsd-pl.net.
pdnsd.c7801Aug 19 2001 22:11:35fc1a5da75298c8259b7a0027949821cb
AIX PowerPC v4.1 and 4.2 remote exploit for pdnsd.  Homepage: http://lsd-pl.net.
setsenv.c2773Aug 19 2001 22:08:52de69263c8a6387806065612ff62b7c7c
AIX PowerPC 4.1, 4.2, and 4.3.x local exploit for /usr/bin/setsenv.  Homepage: http://lsd-pl.net.
portmir.c2298Aug 19 2001 22:07:166517db6eaf1f8adff7b7b39a53b03a9f
AIX PowerPC 4.2 and 4.3.x local exploit for /usr/sbin/portmir.  Homepage: http://lsd-pl.net.
piobe.c2607Aug 19 2001 22:05:2178b06fc6e92bb13de9ff91dca89dec14
AIX PowerPC 4.1, 4.2, and 4.3.x local /usr/lib/lpd/piobe exploit.  Homepage: http://lsd-pl.net.
digest.c3038Aug 19 2001 22:02:521878d266f1c3d3f1d93458ab0ff630a0
AIX PowerPC 4.1, 4.2, and 4.3 local exploit for /usr/lib/lpd/digest.  Homepage: http://lsd-pl.net.
xlock.c2643Aug 19 2001 22:00:1031f5870f393a6e156a20c61243890a7f
xlock.c - Proof of Concept Code for xlock heap overflow bug. Tested in Solaris 8 x86.  Homepage: http://www.nsfocus.com.
mailex.c4361Aug 19 2001 21:58:245d7612e078c5e26ab2a4f5710c5bd2fc
Mailex.c is a Solaris x86 mail HOME environment variable buffer overflow exploit. Tested on Solaris 8 (x86).  Homepage: http://www.xfocus.org. By Virtualcat
kcms.c3437Aug 19 2001 21:53:54a5c2ec7e56db53af52ff19608a06d752
Solaris 7/8 kcms_configure command line buffer overflow on both sparc/Intel platforms.  Homepage: http://www.xfocus.org.
top.c1854Aug 19 2001 21:51:450541d60fbd5725a324bab97615d1c1a7
FreeBSD 3.3 x86 top format string exploit. Tested against top-3.5beta9. By Truefinder
idqrafa.pl6505Aug 19 2001 21:42:2936c21688844e275f4f528a8716e9dd22
Windows 2000 + IIS .ida exploit in perl. Binds a shell to port 8008. By Rafa
exp_w3m.pl2079Aug 18 2001 22:07:10544144fce48058a131724c9c40bfd1fb
w3m remote buffer overflow exploit for FreeBSD. Runs as a daemon and waits for w3m to connect. FreeBSD advisory about w3m here.  Homepage: http://ttj.virtualave.net. By White_E
sa2001_06.txt4801Aug 18 2001 21:40:279ced457870402db712f9b5caf630cd0a
NSFOCUS Security Advisory SA2001-06 - A buffer overflow vulnerability has been found in ssinc.dll which is triggered when Microsoft IIS 4.0/5.0 when processes server side include files. An attacker could obtain SYSTEM privilege if he can save html on the server. Discussed in ms01-046.  Homepage: http://www.nsfocus.com.
groupwise.disclosure..>5449Aug 15 2001 23:49:483b5768becf6d2f625d569d0330371237
NetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.  Homepage: http://www.nmrc.org. By Simple Nomad
sendmail.php.txt1169Aug 15 2001 22:14:2966597f55d0a77fbc8df3117555e97aad
PHP-Nuke Written by Sequioa Software contains sendmail.php, which allows remote users to execute commands and see files on the web server.  Homepage: http://www.bitland.net. By Jwilkins
remedy.txt3286Aug 15 2001 21:56:515c48154ab626f429546c5800ecf8745d
Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well. By Echo8
mf.txt2945Aug 15 2001 21:48:089778e6ce20893c0b7b2b95cf6e26b141
Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem. By Echo8
store.cgi.txt759Aug 14 2001 23:24:33b5fe139874a2485e4674f327a832705a
Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included. By Tack
dbsnmp-8.1.6.c2014Aug 5 2001 01:50:106e33bef8563be524e253fb2b40cfba6f
Oracle 8.1.6.0.0 local exploit for the dbsnmp binary. Gives uid=oracle shell. Tested on Red Hat 6.2. By Juan Manuel Pascual Escriba
otrcrep-8.0.5.c1302Aug 5 2001 01:46:5102cc6eafae368311be8667f6696611d2
Oracle 8.0.5 local exploit - Gives UID=oracle via a buffer overflow in otrcrep binary. Tested on Linux. By Juan Manuel Pascual Escriba
scx-sa-21.txt5851Aug 3 2001 16:02:329d5f40859512e8ec6a74ad8eda9b4dff
Securax Security Advisory #21 - Globalscape's CuteFTP, a popular FTP client, uses a weak encryption scheme, allowing plaintext login and password recovery from the address book. Includes cuteftpd.c which calculates the plaintext.  Homepage: http://securax.org. By Incubus
hypo_linksys_advisor..>4387Aug 2 2001 13:24:0278f60b1239b3eef1be75d02be094ec0a
Hypoclear Security Advisory - The Linksys "EtherFast 4-Port Cable/DSL Router" has a security flaw which allows router passwords and ISP account passwords to be viewed in the HTML source stored on the router, allowing password sniffing attacks.  Homepage: http://hypoclear.cjb.net. By Hypoclear

 
 
Privacy Statement