Section: .. / 0305-exploits /

Page 2 of 2
<< 1 2 >> Files 25 - 41 of 41

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	posterv2.txt
Description:	Poster version.two, the PHP news posting system, suffers from a vulnerability in the index.php file that allows a user to edit their account. Since the user is allowed to change the embedded information in the code, they can achieve privilege escalation to an administrative level.
Author:	Peter Winter-Smith
File Size:	2603
Last Modified:	May 15 04:14:25 2003
MD5 Checksum:	914c5f7dce23e127f627fad40eaca90f

/// File Name:	priv8cdr.pl
Description:	Local root exploit for Cdrecord versions 2.0 and below under Linux. Version 1.10 is not vulnerable.
Author:	wsxz
Homepage:	http://www.priv8security.com
File Size:	3448
Last Modified:	May 14 00:19:43 2003
MD5 Checksum:	c95424f34a72c67b6e9626c83e17528f

/// File Name:	jscriptdll.txt
Description:	Microsoft's Windows Script Engine within the Windows operating system has a flaw in its implementation of jscript.dll. When a malicious web page is loaded with code that points to self.window() random errors and lock ups occur in Internet Explorer. Tested against IE versions: 5.01 (Win2000), 5.5(Win98SE), 6.0(WinXP). Vulnerable jscript.dll versions: 5.1.0.8513 (Win2000), 5.5.0.8513 (Win98SE), 5.6.0.6626 (WinXP Pro), 5.6.0.8513 (Win2000).
Author:	Gregory R. Panakkal
Homepage:	http://www.evilcreations.net/junkcode/
File Size:	2699
Last Modified:	May 13 04:00:09 2003
MD5 Checksum:	5207dde07c93e540b2fe22ace39d7c89

/// File Name:	snitz_exec.txt
Description:	Snitz Forums v3.3.3 has an SQL injection vulnerability in its register.asp page with its Email variable. Because register.asp does not check user input, remote users can execute stored procedures, such as xp_cmdshell, to arbitrarily run non-interactive commands on the system.
Author:	sharpiemarker
File Size:	3240
Last Modified:	May 13 03:29:07 2003
MD5 Checksum:	e42ffa559af965cebbaf2148bf04a648

/// File Name:	katax.c
Description:	Local root exploit for Leksbot binary KATAXWR that was accidentally packaged setuid. Tested against Debian Linux 3.0.
Author:	gunzip
File Size:	3003
Last Modified:	May 13 03:18:55 2003
MD5 Checksum:	7fc6383cee7a290c0d224a52030c144a

/// File Name:	dsr-adv001.txt
Description:	Firebird has 3 binaries: gds_inet_server, gds_drop, and gds_lock_mgr, which all use insufficent bounds checking in conjunction with getenv(), making each one susceptible to local exploitation. Enclosed are two local root exploits tested against versions 1.0.0 and 1.0.2 on FreeBSD.
Author:	Bob, Knud Erik H jgaard
Homepage:	http://www.dtors.net
File Size:	10539
Last Modified:	May 12 07:31:01 2003
MD5 Checksum:	3b1e72930195b5834044974c51c259aa

/// File Name:	eserv-mem.txt
Description:	eServ's connection handling routine contains a memory leak that may be exploited to cause the eServ daemon to become unavailable. After several thousand successful connections, memory use on the system becomes exceedingly high, resulting in a denial of service.
Author:	Matthew Murphy
File Size:	2595
Last Modified:	May 12 07:01:16 2003
MD5 Checksum:	d14f30e4dcd002805c816b5f0e2c6e01

/// File Name:	PFExploit.c
Description:	Kerio Personal Firewall <= 2.1.4 and Tiny Personal Firewall <= 2.0.15 remote exploit that makes use of a buffer overflow condition discovered in the PFEngine used for both products.
Author:	ThreaT
Homepage:	http://s0h.cc/~threat
File Size:	5500
Last Modified:	May 9 02:50:00 2003
MD5 Checksum:	c99e149fa6534d096f0bf1946334d73e

/// File Name:	hotmailpassport.txt
Description:	Microsoft's Hotmail and Passport .NET accounts are vulnerable to having their password reset by a remote attacker due to lack of input validation for a secondary email address.
Author:	Muhammad Faisal Rauf Danka
File Size:	1607
Last Modified:	May 9 02:21:31 2003
MD5 Checksum:	b275a8a919e673f04ebd9d5fdd5ca0ea

/// File Name:	AudixShell.txt
Description:	The Intuity Audix voicemail system by default is maintained over port 23 (telnet) in a restricted command interface. If an attacker has a known account/password, they can circumvent this interface and get an unrestricted shell using rexec.
Author:	Cushman
File Size:	2812
Last Modified:	May 9 02:14:38 2003
MD5 Checksum:	2c3a7d50bf7c2fc248591ce4639f8b04

/// File Name:	unhappycgi.txt
Description:	Happymall E-Commerce software versions 4.3 and 4.4 are vulnerable to remote command execution due to a lack of input validation in the normal_html.cgi script.
Author:	revin aldi
File Size:	3924
Last Modified:	May 9 02:06:22 2003
MD5 Checksum:	eea4bf616681ba3ff211c469fb4e6771

/// File Name:	FTGatePro.txt
Description:	Multiple buffer overflow vulnerabilities have been found in FTGate Pro Mail Server v. 1.22 (1328). The SMTP server for FTGate has unchecked buffers for the MAIL FROM and RCPT TO commands that allows for a remote attacker to overwrite the stack pointer and can lead to remote code execution.
Author:	Dennis Rand
Homepage:	http://www.Infowarfare.dk
File Size:	5410
Last Modified:	May 8 23:05:00 2003
MD5 Checksum:	cb05dcfcd6da501e8cc1862aed2b8cac

/// File Name:	kerio.c
Description:	Kerio Personal Firewall 2.1.4 and below remote code execution exploit that makes use of a replay attack against the channel for remote administration. Tested against Windows XP + SP1.
Author:	Burebista
Homepage:	http://www.reversedhell.net
File Size:	11092
Last Modified:	May 8 22:46:35 2003
MD5 Checksum:	4ac52cfaa74d985b4484112a6cc52ee8

/// File Name:	gossh.sh
Description:	OpenSSH <= 3.6.1p1 user identification remote exploit shell script which tells you whether or not a user exists by using a timing attack. Accurate against Redhat.
Author:	Nicolas Couture
File Size:	2671
Last Modified:	May 8 09:35:57 2003
MD5 Checksum:	5eca1d8e2bc55d0020ba3bb15d7a79b2

/// File Name:	DSR-youbin.pl
Description:	Local root exploit for the bounds checking vulnerability found in the utility youbin.
Author:	Knud Erik H�jgaard
Homepage:	http://www.dtors.net
File Size:	663
Last Modified:	May 8 00:08:15 2003
MD5 Checksum:	f203edcdeb0fc25c584d6a2684a02845

/// File Name:	rk.zip
Description:	A vulnerability exists in the TFTP protocol implementation of the Polycom 6100-4 NetEngine 3.4.8 ADSL router that allows a specially crafted packet to cause a denial of service.
Author:	Lorenzo Cerulli, Fabio Annunziato
File Size:	3148
Last Modified:	May 7 23:41:42 2003
MD5 Checksum:	5c2fae63a7418ad6e85bbba769f75539