Section:  .. / 0305-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 41
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0305-exploits.tgz
Packet Storm new exploits for May, 2003.
File Size:77671
Last Modified:Jul 14 20:25:00 2003
MD5 Checksum:723abc458b5ea3d570004d5677c44135

 ///  File Name: 05.22.03.txt
iDEFENSE Security Advisory 05.22.03 - iisPROTECT is a utility designed to provide password protection to web directories similar to the htaccess method utilized by Apache. When protected files are referenced through different URL-encoded representations, this authentication can be completely bypassed.
File Size:2767
Last Modified:May 23 10:32:29 2003
MD5 Checksum:3b4927deb5e89ac467996a11b1770203

 ///  File Name: 0x333maelstrom.c
Maelstrom local exploit that gives gid for user games making use of the overflow found in the -server switch. Tested against /usr/bin/Maelstrom on Red Hat 9.0
File Size:1001
Last Modified:Dec 14 13:20:13 2003
MD5 Checksum:a935d6a8cc4501c955311239727e64af

 ///  File Name: a-WsMPdvuln.txt
INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.
File Size:2302
Last Modified:May 23 11:00:18 2003
MD5 Checksum:1ff2d86a592f92c1751dc263dab6ada1

 ///  File Name: AudixShell.txt
The Intuity Audix voicemail system by default is maintained over port 23 (telnet) in a restricted command interface. If an attacker has a known account/password, they can circumvent this interface and get an unrestricted shell using rexec.
File Size:2812
Last Modified:May 9 02:14:38 2003
MD5 Checksum:2c3a7d50bf7c2fc248591ce4639f8b04

 ///  File Name: b-WsMP3dvuln.txt
INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.
File Size:20661
Last Modified:May 23 11:06:24 2003
MD5 Checksum:fee1e5ee6009d22f0754405163419c14

 ///  File Name: b2cafelog.txt
b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.
File Size:1522
Last Modified:May 30 12:08:41 2003
MD5 Checksum:ea5c0bc0de678c217be1cbe85a7d9052

 ///  File Name: baby.txt
Baby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.
Author:dr insane
File Size:5034
Last Modified:May 29 07:22:07 2003
MD5 Checksum:6a83ff2f09457fbac90e7f8623734cee

 ///  File Name: badblue052003.txt
BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.
Author:Matthew Murphy
File Size:3384
Last Modified:May 23 18:01:40 2003
MD5 Checksum:54488984601b3f7a45a3c8af421f9df2

 ///  File Name: bncDoS.txt
bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.
Author:Angelo Rosiello
File Size:2591
Last Modified:May 28 10:06:28 2003
MD5 Checksum:19b82bf820cb2ac8cc6dc2cea49ef122

 ///  File Name: core.axis.txt
Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.
Author:Juliano Rizzo
File Size:6940
Last Modified:May 28 10:54:05 2003
MD5 Checksum:a5e3469f753ba4068c41d8a4e0396b5b

 ///  File Name: dsr-adv001.txt
Firebird has 3 binaries: gds_inet_server, gds_drop, and gds_lock_mgr, which all use insufficent bounds checking in conjunction with getenv(), making each one susceptible to local exploitation. Enclosed are two local root exploits tested against versions 1.0.0 and 1.0.2 on FreeBSD.
Author:Bob, Knud Erik H jgaard
File Size:10539
Last Modified:May 12 07:31:01 2003
MD5 Checksum:3b1e72930195b5834044974c51c259aa

 ///  File Name:
Local root exploit for the bounds checking vulnerability found in the utility youbin.
Author:Knud Erik Højgaard
File Size:663
Last Modified:May 8 00:08:15 2003
MD5 Checksum:f203edcdeb0fc25c584d6a2684a02845

 ///  File Name: eserv-mem.txt
eServ's connection handling routine contains a memory leak that may be exploited to cause the eServ daemon to become unavailable. After several thousand successful connections, memory use on the system becomes exceedingly high, resulting in a denial of service.
Author:Matthew Murphy
File Size:2595
Last Modified:May 12 07:01:16 2003
MD5 Checksum:d14f30e4dcd002805c816b5f0e2c6e01

 ///  File Name: FTGatePro.txt
Multiple buffer overflow vulnerabilities have been found in FTGate Pro Mail Server v. 1.22 (1328). The SMTP server for FTGate has unchecked buffers for the MAIL FROM and RCPT TO commands that allows for a remote attacker to overwrite the stack pointer and can lead to remote code execution.
Author:Dennis Rand
File Size:5410
Last Modified:May 8 23:05:00 2003
MD5 Checksum:cb05dcfcd6da501e8cc1862aed2b8cac

 ///  File Name: geeklog.txt
Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.
File Size:4831
Last Modified:May 30 12:05:29 2003
MD5 Checksum:3dd132c2b949914f5bf8010768bf739e

 ///  File Name:
OpenSSH <= 3.6.1p1 user identification remote exploit shell script which tells you whether or not a user exists by using a timing attack. Accurate against Redhat.
Author:Nicolas Couture
File Size:2671
Last Modified:May 8 09:35:57 2003
MD5 Checksum:5eca1d8e2bc55d0020ba3bb15d7a79b2

 ///  File Name: happymall-adv.txt
Happymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.
File Size:990
Last Modified:May 15 04:23:10 2003
MD5 Checksum:747291e08548a2e6cf2f161a68843c34

 ///  File Name: hotmailpassport.txt
Microsoft's Hotmail and Passport .NET accounts are vulnerable to having their password reset by a remote attacker due to lack of input validation for a secondary email address.
Author:Muhammad Faisal Rauf Danka
File Size:1607
Last Modified:May 9 02:21:31 2003
MD5 Checksum:b275a8a919e673f04ebd9d5fdd5ca0ea

 ///  File Name: iisDoS.txt
Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.
Author:SPI Labs
File Size:1450
Last Modified:May 29 07:14:34 2003
MD5 Checksum:466be4f57551e6a920e9059e50eaddf3

 ///  File Name: jscriptdll.txt
Microsoft's Windows Script Engine within the Windows operating system has a flaw in its implementation of jscript.dll. When a malicious web page is loaded with code that points to self.window() random errors and lock ups occur in Internet Explorer. Tested against IE versions: 5.01 (Win2000), 5.5(Win98SE), 6.0(WinXP). Vulnerable jscript.dll versions: (Win2000), (Win98SE), (WinXP Pro), (Win2000).
Author:Gregory R. Panakkal
File Size:2699
Last Modified:May 13 04:00:09 2003
MD5 Checksum:5207dde07c93e540b2fe22ace39d7c89

 ///  File Name: katax.c
Local root exploit for Leksbot binary KATAXWR that was accidentally packaged setuid. Tested against Debian Linux 3.0.
File Size:3003
Last Modified:May 13 03:18:55 2003
MD5 Checksum:7fc6383cee7a290c0d224a52030c144a

 ///  File Name: kerio.c
Kerio Personal Firewall 2.1.4 and below remote code execution exploit that makes use of a replay attack against the channel for remote administration. Tested against Windows XP + SP1.
File Size:11092
Last Modified:May 8 22:46:35 2003
MD5 Checksum:4ac52cfaa74d985b4484112a6cc52ee8

 ///  File Name: kerio563.txt
Kerio Mail Server 5.6.3 remote buffer overflow exploit. Adds wide open root account to /etc/passwd. Written based upon the vulnerability discussed here.
File Size:6595
Last Modified:Jun 25 05:33:56 2003
MD5 Checksum:842c5e7826baf9519f128b2ea7d11c1b

 ///  File Name:
Microsoft LSASS vulnerability auto rooter. Downloads and executes code from a FTP server.
File Size:6891
Last Modified:May 17 16:24:57 2004
MD5 Checksum:54785e01d3034f714dbe01506d1c699f