Section: .. / 0304-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	0304-exploits.tgz
Description:	Packet Storm new exploits for April, 2003.
File Size:	122177
Last Modified:	Jul 14 20:31:21 2003
MD5 Checksum:	e7ff817b4f14361992054b05c064b6f2

/// File Name:	0x333hate.c
Description:	Samba 2.2.x Remote root exploit. Tested against RedHat 8.0.
Author:	c0wboy
Homepage:	http://www.0x333.org
File Size:	6512
Last Modified:	Apr 30 05:43:14 2003
MD5 Checksum:	b45ad451237a0852cb806d8096116923

/// File Name:	0x82-Local.Qp0ppa55d.c
Description:	Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org
File Size:	6029
Last Modified:	Apr 30 09:29:36 2003
MD5 Checksum:	ed3ad6341005ca980e5b240e9a2694ec

/// File Name:	0x82-Remote.54AAb4.xpl.c
Description:	FreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
Author:	Xpl017Elz
Homepage:	http://x82.inetcop.org
File Size:	15625
Last Modified:	Apr 18 10:18:21 2003
MD5 Checksum:	ec9f643cb6856a51dfa1e9fc75d70906

/// File Name:	0x82-Remote.passlogd_sniff.xpl.c
Description:	Remote exploit for the buffer overrun found in passlogd. Target list includes four flavors of Linux with more to come.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	11034
Last Modified:	Apr 3 17:54:49 2003
MD5 Checksum:	83b091d93ebf795346148208ce789b44

/// File Name:	0x82-Remote.XxxxBSD_passlogd.xpl.c
Description:	Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	13396
Last Modified:	Apr 10 03:40:28 2003
MD5 Checksum:	fc80e62e429a718916250f5fcf6c842f

/// File Name:	abyss.txt
Description:	The Abyss Web Server v1.1.2 and below has a denial of service vulnerability where the server can be crashed remotely via uncompleted fields.
Author:	Auriemma Luigi
Homepage:	http://www.pivx.com/luigi/
File Size:	6010
Last Modified:	Apr 5 19:40:34 2003
MD5 Checksum:	03a2daafc99c121f5d3d6d7588bd0929

/// File Name:	ANHTTPd.txt
Description:	AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
Author:	Matthew Murphy
File Size:	1984
Last Modified:	Apr 22 07:22:18 2003
MD5 Checksum:	bb7b403dffcc890d5a26cfb87b43ff22

/// File Name:	badblue.txt
Description:	BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback).
Author:	appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
File Size:	2350
Last Modified:	Apr 21 20:40:09 2003
MD5 Checksum:	e98dbd9eeaba1247bc190d69fec06b8b

/// File Name:	bysin.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
Author:	bysin.
File Size:	12573
Last Modified:	Apr 30 09:33:15 2003
MD5 Checksum:	df191d0300a456e052e99130d4837115

/// File Name:	bysin2.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
Author:	bysin.
File Size:	5246
Last Modified:	Apr 30 09:36:42 2003
MD5 Checksum:	5ade4c15fee8ada5982a9cad51e3dea1

/// File Name:	coppermine.tgz
Description:	Coppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
Author:	Berend-Jan Wever
Homepage:	http://spoor12.edup.tudelft.nl
File Size:	6446
Last Modified:	Apr 10 05:34:32 2003
MD5 Checksum:	9dff4ed3d9e5f7147f3f1ea940fe8b22

/// File Name:	DDI1012.txt
Description:	Digital Defense Inc. Security Advisory DDI-1012 - A malformed request used against HP Instant TopTools versions below 5.55 can cause a denial of service against a host by having it constantly it request itself.
Author:	Digital Defense Inc.
Homepage:	http://www.digitaldefense.net/
File Size:	4016
Last Modified:	Apr 2 01:00:01 2003
MD5 Checksum:	9450adbf7971ea4c6efc612826915610

/// File Name:	HackTrack-2003-03-001.txt
Description:	A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
Author:	Kachlik Jan
File Size:	1269
Last Modified:	Apr 10 06:31:55 2003
MD5 Checksum:	222a9abd3b16ea36884137398910fb05

/// File Name:	hl-headnut.c
Description:	Denial of service exploit against Half-life servers. After sending 3 specially formed packets the server is unresponsive and there is 100% CPU utilization. Tested against versions 3.1.1.0 under Suse Linux 7.3 and Windows 2000.
Author:	delikon
Homepage:	http://www.delikon.de
File Size:	5367
Last Modified:	Apr 10 05:46:54 2003
MD5 Checksum:	4b7fdf6ea9c385fa1aa0d71210d8f222

/// File Name:	les-exploit.c
Description:	Local root exploit for a stack overflow discovered in the linux-atm binary /usr/local/sbin/les.
Author:	Angelo Rosiello
Homepage:	http://www.dtors.net
File Size:	3762
Last Modified:	Apr 25 06:31:53 2003
MD5 Checksum:	f359e77f4c99e42da154156e7123b11d

/// File Name:	mod_ntlm.txt
Description:	mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
Author:	Matthew Murphy
File Size:	2207
Last Modified:	Apr 21 20:53:43 2003
MD5 Checksum:	ad450fcef6dadc5b28ffbefe83da9432

/// File Name:	monkeyHTTPd.txt
Description:	The Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
Author:	Matthew Murphy
File Size:	3037
Last Modified:	Apr 21 20:44:15 2003
MD5 Checksum:	5605063d4420a60aa0206189fb3365c5

/// File Name:	myptrace.c
Description:	Local root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
File Size:	6296
Last Modified:	Apr 11 03:43:51 2003
MD5 Checksum:	bf597c6b557934d445609b525bd5e82f

/// File Name:	OpenFuckV2.c
Description:	Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux. Updates: More targets have been added and this version of the exploit also attempts to download the ptrace exploit, compile, and execute it in an attempt to gain root privileges.
Author:	Spabam
Homepage:	http://spabam.tk
File Size:	32221
Last Modified:	Apr 5 19:52:29 2003
MD5 Checksum:	74736770ccf70b0a51ab16be165f6884

/// File Name:	p7snort191.sh
Description:	Snort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
Author:	truff
Homepage:	http://www.projet7.org
File Size:	4469
Last Modified:	Apr 24 04:23:31 2003
MD5 Checksum:	63efca99c7a60adabcf0f9933904337e

/// File Name:	passlogd.txt
Description:	A buffer overrun exists in passlogd, the passive syslog capture daemon, in the parse.c code.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org/
File Size:	6094
Last Modified:	Apr 3 07:10:09 2003
MD5 Checksum:	c77f0db00f14f1c4b7ee512c80b1ed23

/// File Name:	poptop-sane.c
Description:	Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
File Size:	10772
Last Modified:	Apr 30 16:24:42 2003
MD5 Checksum:	2b243280f9e11f0791582194ec588922

/// File Name:	ptnews.txt
Description:	PT News v1.7.7 allows access to administrator functionality without authentication via news.inc which is included in the index.php file.
Author:	scrap
Homepage:	http://www.securiteinfo.com
File Size:	3035
Last Modified:	Apr 22 07:18:22 2003
MD5 Checksum:	87798f1e9b8b9a07ac7fd2086b0174f3

/// File Name:	ptrace-kmod.c
Description:	Local root exploit for ptrace/kmod that exploits a race condition which creates a kernel thread in an insecure manner. Works under the 2.2.x and 2.4.x series of kernels.
Author:	Wojciech Purczynski
File Size:	3921
Last Modified:	Apr 2 06:01:21 2003
MD5 Checksum:	62a1d99ea86b0d49a09346cb59589f5c