Section:  .. / 0304-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0304-exploits.tgz
Packet Storm new exploits for April, 2003.
File Size:122177
Last Modified:Jul 14 20:31:21 2003
MD5 Checksum:e7ff817b4f14361992054b05c064b6f2

 ///  File Name: 0x333hate.c
Samba 2.2.x Remote root exploit. Tested against RedHat 8.0.
File Size:6512
Last Modified:Apr 30 05:43:14 2003
MD5 Checksum:b45ad451237a0852cb806d8096116923

 ///  File Name: 0x82-Local.Qp0ppa55d.c
Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
File Size:6029
Last Modified:Apr 30 09:29:36 2003
MD5 Checksum:ed3ad6341005ca980e5b240e9a2694ec

 ///  File Name: 0x82-Remote.54AAb4.xpl.c
FreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
File Size:15625
Last Modified:Apr 18 10:18:21 2003
MD5 Checksum:ec9f643cb6856a51dfa1e9fc75d70906

 ///  File Name: 0x82-Remote.passlogd_sniff.xpl.c
Remote exploit for the buffer overrun found in passlogd. Target list includes four flavors of Linux with more to come.
File Size:11034
Last Modified:Apr 3 17:54:49 2003
MD5 Checksum:83b091d93ebf795346148208ce789b44

 ///  File Name: 0x82-Remote.XxxxBSD_passlogd.xpl.c
Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
File Size:13396
Last Modified:Apr 10 03:40:28 2003
MD5 Checksum:fc80e62e429a718916250f5fcf6c842f

 ///  File Name: abyss.txt
The Abyss Web Server v1.1.2 and below has a denial of service vulnerability where the server can be crashed remotely via uncompleted fields.
Author:Auriemma Luigi
File Size:6010
Last Modified:Apr 5 19:40:34 2003
MD5 Checksum:03a2daafc99c121f5d3d6d7588bd0929

 ///  File Name: ANHTTPd.txt
AN HTTPd versions 1.42h and prior ships with a script called which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
Author:Matthew Murphy
File Size:1984
Last Modified:Apr 22 07:22:18 2003
MD5 Checksum:bb7b403dffcc890d5a26cfb87b43ff22

 ///  File Name: badblue.txt
BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from (the loopback).
Author:appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
File Size:2350
Last Modified:Apr 21 20:40:09 2003
MD5 Checksum:e98dbd9eeaba1247bc190d69fec06b8b

 ///  File Name: bysin.c
Remote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
File Size:12573
Last Modified:Apr 30 09:33:15 2003
MD5 Checksum:df191d0300a456e052e99130d4837115

 ///  File Name: bysin2.c
Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
File Size:5246
Last Modified:Apr 30 09:36:42 2003
MD5 Checksum:5ade4c15fee8ada5982a9cad51e3dea1

 ///  File Name: coppermine.tgz
Coppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
Author:Berend-Jan Wever
File Size:6446
Last Modified:Apr 10 05:34:32 2003
MD5 Checksum:9dff4ed3d9e5f7147f3f1ea940fe8b22

 ///  File Name: DDI1012.txt
Digital Defense Inc. Security Advisory DDI-1012 - A malformed request used against HP Instant TopTools versions below 5.55 can cause a denial of service against a host by having it constantly it request itself.
Author:Digital Defense Inc.
File Size:4016
Last Modified:Apr 2 01:00:01 2003
MD5 Checksum:9450adbf7971ea4c6efc612826915610

 ///  File Name: HackTrack-2003-03-001.txt
A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected:
Author:Kachlik Jan
File Size:1269
Last Modified:Apr 10 06:31:55 2003
MD5 Checksum:222a9abd3b16ea36884137398910fb05

 ///  File Name: hl-headnut.c
Denial of service exploit against Half-life servers. After sending 3 specially formed packets the server is unresponsive and there is 100% CPU utilization. Tested against versions under Suse Linux 7.3 and Windows 2000.
File Size:5367
Last Modified:Apr 10 05:46:54 2003
MD5 Checksum:4b7fdf6ea9c385fa1aa0d71210d8f222

 ///  File Name: les-exploit.c
Local root exploit for a stack overflow discovered in the linux-atm binary /usr/local/sbin/les.
Author:Angelo Rosiello
File Size:3762
Last Modified:Apr 25 06:31:53 2003
MD5 Checksum:f359e77f4c99e42da154156e7123b11d

 ///  File Name: mod_ntlm.txt
mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
Author:Matthew Murphy
File Size:2207
Last Modified:Apr 21 20:53:43 2003
MD5 Checksum:ad450fcef6dadc5b28ffbefe83da9432

 ///  File Name: monkeyHTTPd.txt
The Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
Author:Matthew Murphy
File Size:3037
Last Modified:Apr 21 20:44:15 2003
MD5 Checksum:5605063d4420a60aa0206189fb3365c5

 ///  File Name: myptrace.c
Local root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
File Size:6296
Last Modified:Apr 11 03:43:51 2003
MD5 Checksum:bf597c6b557934d445609b525bd5e82f

 ///  File Name: OpenFuckV2.c
Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux. Updates: More targets have been added and this version of the exploit also attempts to download the ptrace exploit, compile, and execute it in an attempt to gain root privileges.
File Size:32221
Last Modified:Apr 5 19:52:29 2003
MD5 Checksum:74736770ccf70b0a51ab16be165f6884

 ///  File Name:
Snort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
File Size:4469
Last Modified:Apr 24 04:23:31 2003
MD5 Checksum:63efca99c7a60adabcf0f9933904337e

 ///  File Name: passlogd.txt
A buffer overrun exists in passlogd, the passive syslog capture daemon, in the parse.c code.
File Size:6094
Last Modified:Apr 3 07:10:09 2003
MD5 Checksum:c77f0db00f14f1c4b7ee512c80b1ed23

 ///  File Name: poptop-sane.c
Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
File Size:10772
Last Modified:Apr 30 16:24:42 2003
MD5 Checksum:2b243280f9e11f0791582194ec588922

 ///  File Name: ptnews.txt
PT News v1.7.7 allows access to administrator functionality without authentication via which is included in the index.php file.
File Size:3035
Last Modified:Apr 22 07:18:22 2003
MD5 Checksum:87798f1e9b8b9a07ac7fd2086b0174f3

 ///  File Name: ptrace-kmod.c
Local root exploit for ptrace/kmod that exploits a race condition which creates a kernel thread in an insecure manner. Works under the 2.2.x and 2.4.x series of kernels.
Author:Wojciech Purczynski
File Size:3921
Last Modified:Apr 2 06:01:21 2003
MD5 Checksum:62a1d99ea86b0d49a09346cb59589f5c