.:[packet storm]:. ArchivesForums
 

 
 
about | forums | assessment | defense | papers | magazines | miscellaneous | links


To change sort order, click on the category. Sorted By: File Name.
.: 0210-exploits
File Name File Size Last Modified MD5 Checksum
0210-exploits.tgz2215227Nov 1 00:49:18 200247543d2f228312316b7dee8cf60d6850
Packet Storm new exploits for October, 2002.
analogx-socks4a.sbal..>11502Oct 14 07:51:26 2002c262c0d90d724ec4b9601631e027d683
This is an exploit for AnalogX Proxy 4.10 configurations running on Windows 2000 Pro (SP2). The exploit binds a shell to port 8008 TCP. By Kanatoko
bearshare.4.0.6.txt2024Oct 4 00:19:54 20024deb6c402a2323bbbb6d32da4944cd84
Bearshare v4.0.6 and below is contains a directory traversal bug which allows remote attackers to view any file on the system by sending a specially crafted HTTP request. Exploit URL's included.  Homepage: http://www.BeyondSecurity.com. By Gluck, Mario Solares, Aviram Jenik
bop.pl1947Oct 20 22:58:26 20029350db07af8a58ea99c7d027033e8a96
PlanetDNS v1.14 remote buffer overflow exploit which sends 6K of data to port 80 of PlanetWeb. By Securma Massine
ChmOverflow.zip12979Oct 9 19:41:06 20023e134633e8a21051ff9f3c15d47c266d
Windows Help Buffer Overflow proof of concept remote exploit in Visual Basic 6. Starts a cmd.exe shell on Microsoft Windows XP Kernel Version 5.1.2600.0. Includes source. By Sylvain Descoteaux
euxploit.zip12709Oct 9 19:51:04 2002796d31fc38fbdbd23f050a46fee29a69
Remote exploit for the Eudora v5.x boundary buffer overflow. Works against Eudora v5.1 and 5.1.1 and is independent of Windows version. By Vecna
GetAd.c3560Oct 16 19:51:13 20025aaf16bbab2ab14dcbff5aa6879af839
GetAd.c is a new Windows 2000 local exploit which gains Local System rights on Win2k SP1-3 be taking advantage of the NetDDE window of winlogon with a shatter attack. Binaries available here. SecurityFocus vulnerability information available here.  Homepage: http://getad.chat.ru. By Serus
gm011-ie.txt3810Oct 16 19:24:10 2002c4e9108a3cc65e6a2d639324e9ba64d3
Internet Explorer 5.5 SP2 and Internet Explorer 6 allow the oIFrameElement.Document reference to return a document with no security restrictions, allowing remote attackers to steal cookies from any site, gain access to content in sites (forging content), read local files and execute arbitrary programs on the client's machine. Exploit HTML included which reads the client's google.com cookie. IE6 SP1 is not affected. Four demonstration exploits are available here.  Homepage: http://security.greymagic.com. By GreyMagic Software
gm012-more-ie.txt4927Oct 24 21:22:39 20021f5a5fed0d2cb400606aef190e3eef9f
Microsoft Internet Explorer versions 5.5 and 6.0 are susceptible to 9 attacks involving object caching. When communicating between windows, security checks ensure that both pages are in the same security zone and on the same domain. These crucial security checks wrongly assume that certain methods and objects are only going to be called through their respective window. This assumption enables some cached methods and objects to provide interoperability between otherwise separated documents.  Homepage: http://security.greymagic.com/. By GreyMagic Software
hackingcitrix.txt17406Oct 2 20:02:00 200261e74e786bf9267b909c01e175a4c699
Citrix is a Remote Desktop application that is becoming widely popular. It is similar to Microsoft's Terminal Services, RDP (Remote Desktop Protocol). Unlike Terminal Services, Citrixs' lines of products allow the administrator to specify certain applications to be run on the server. This allows them to control which programs they want to allow the end user to execute. There exists an interesting gray line for the security of Citrix applications due to the mixing of both Citrix technology, and Microsoft technology. With an application that allows users remote access to not only published programs, but remote desktops, a serious threat arises. By wirepair
iosmash2.c2150Oct 6 17:12:32 20027b28078a9bc5a3407f5939b88d2cf0ec
Iosmash2.c is a local root exploit for the FreeBSD file descriptors kernel bug that resides in all releases of FreeBSD up to and including 4.6-RELEASE. The exploit create 5 valid root passwords that give instant root access trough S/key.  Homepage: http://www.l33tsecurity.com. By Dvdman
kitkat.pl1296Oct 16 22:46:39 2002bf6c938417e1bb5537a706e1f973e070
Kitkat.pl exploits a directory traversal bug in webMathematica v1.0.0 and 1.0.0.1.  Homepage: http://legion2000.security.nu. By NTFX
l-zonealarm.c7642Oct 22 23:43:22 2002820d0cd440c7a6ca25f87098cfb94cd5
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 remote denial of service exploit which consumes all available CPU via synflooding. To fix, update to the newest zonealarm and run windows update. By Lupsyn
massrooterfinal.tar...>1724731Nov 13 07:43:19 2002f104041ba08694e3bfdd9e511715d7c5
Massrooter takes advantage of remote vulnerabilities in bind, PHP, lpd, rpc, wuftpd, null httpd, telnet, mail, ssl, and ssh on multiple systems.  Homepage: http://www.abouthacking.net. By Daddy_cad
mod_ssl-toolkit.tar...>2311Oct 9 19:59:41 200201386026a91e1adfdfa0829e0c211b3f
Mod_ssl off-by-one bug exploitation toolkit for OpenBSD. Creates a malicious .htaccess file which replaces the apache server process with an included HTTP server. By Grange
neuter.c5419Oct 15 05:39:38 2002309ea638b470473176e87002adebaf66
Remote denial of service exploit that can be used against systems running Apache Tomcat (versions prior to 4.1.10) combined with IIS.  Homepage: http://www.enzotech.net By bmbr.
onelove.c13998Oct 5 09:49:39 2002e063bb014f958db8cdaa416b1bd1e98b
This is proof of concept code that demonstrates how commands can be injected in a ptraced telnet/ssh session. By xenion.
Oracle9iAS.dos.pl1389Oct 29 23:52:04 20025587607f8f49ffd172b5844f93e01670
Oracle9iAS Web Cache Denial of Service exploit in perl, as described in Atstake advisory a102802-1. By Deadbeat
sambar.5.1.pl936Oct 30 21:09:52 2002fd9bc557a02bc20a56871b03f3fb968b
Sambar Webserver v5.1 for Windows Pbcgi.exe remote denial of service exploit in perl.  Homepage: http://www.systat.cl. By Sebastian Breit
sendmail-8-11-x.c7399Oct 22 00:01:13 20022fe9594bfd8aa84b38546e5e85f92b8a
Sendmail 8.11.x linux/x86 local root exploit. Uses gdb to find offsets. By sd[at]sf.cz
solarhell768Oct 29 05:49:29 2002750b7545abb4813fae07fb331e4b0c43
Solarhell is a remote root exploit shell script which abuses the Solaris /bin/login bug by using telnet. Solaris 2.6, 2.7 and 2.8 (7.0 and 8.0) is vulnerable. More information available here.  Homepage: http://www.deloitte.co.za/By Deloitte & Touche SSG (Security Services Group).
solaris.login.txt1203Oct 2 13:35:08 200237c0ebd7f767b321deb20890747689f2
This document describes how to compromise Solaris systems prior to version 9 by using a telnet client only. By Jonathan Stuart.
sortrace.c8207Oct 9 19:39:55 2002b8b7f19d1870423e791ef80cef6f50a7
Linux Traceroute v1.4a5 and below local root exploit which takes advantage of a malloc chunk vulnerability. Uses gdb to find offsets. By Sorbo
sunos_telnet_for_cyg..>431031Oct 9 18:14:59 200219b0e58b22e4cd4e3e8c9cced6a58e76
The Solaris 2.6, 7, and 8 /bin/login TTYPROMPT remote exploit compiled with Cygwin for Windows. Tested against SunOS 5.5, 5.5.1, 5.6, 5.7, 5.8 Sparc and SunOS 5.6, 5.7, 5.8 x86.  Homepage: http://www.cnhonker.net. Ported by Lion
telnet.c6065Oct 4 00:25:15 200268bddb79920400ed85b5fa28ba605aaa
SunOS 5.5, 5.5.1 and Solaris 2.6, 2.7, and 2.8 SPARC and SunOS 5.7 and 5.8 x86 /bin/login TTYPROMPT remote exploit.  Homepage: http://www.cnhonker.com. By Lion
tftp.dos.pl1972Oct 24 22:27:22 2002940a91e472909d558a7cf5bdf8d5360b
Solarwinds TFTP server v5.0.55 and below remote denial of service exploit in perl.  Homepage: http://www.dhgroup.org. By D4rkGr3y
tomcat.dos.sh2317Oct 16 22:52:33 2002d350ab2f1f17570561020752a2d24d68
Apache Tomcat 3.3 and 4.0.4 for Windows NT and 2000 remote denial of service exploit. Uses device names like AUX, LPT1, CON, and PRN to crash the server.  Homepage: http://www.dcert.de. By Olaf Schulz
virgil.txt3922Oct 24 21:41:37 2002db03d67f3f01a9badd1d398868b94862
Virgil CGI Scanner by Mark Ruef has a vulnerability where user input is trusted without being sanitized and is actually populating bash variables which end up getting executed. Simple exploit examples are included. By KALIF research group, Joschka Fischer
wc.tar.gz16231Oct 24 20:58:22 20024c26c877c1f0530353bfc2ef74331c67
Two modified versions of the slapper worm exploit made more user-friendly with simple interaction to define what host and port will be hit with the exploit. By aion
web602dir.pl577Oct 21 23:51:59 2002c3828ca76731be0eeaafc1af5b545a8d
Web602 (Czech version) directory tree exploit. By eip aka deadbeat aka AnGrY_SQl
web602dos.pl417Oct 21 23:52:53 2002073f82729fa7fdf2640bda249a4d2743
Web602 webserver remote denial of service exploit which uses the com1 windows flaw. By eip aka deadbeat aka AnGrY_SQl

 
 
Privacy Statement