Section:  .. / 0307-exploits  /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 64
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0006_AP.CF-rds-dump.txt
The ColdFusion Server versions 4.5 and 5 suffer from multiple vulnerabilities. They range from the default RDS password being blank by default to allowing a normal remote user to reconfigure their website properties to put and get any file on the server.
Author:Victim1, rs2112
File Size:10825
Last Modified:Jul 6 07:24:34 2003
MD5 Checksum:c681b33a362511d647a01f9b46492542

 ///  File Name: 0307-exploits.tgz
Packet Storm new exploits for July, 2003.
File Size:409322
Last Modified:Aug 13 03:46:07 2003
MD5 Checksum:547ce621a6d09bbcafdec2ffa67f4064

 ///  File Name: 0x333-lockdexvul.txt
lockdev 1.0.0 local exploit that escalates privileges to group lock. Tested against RedHat 7.3, 8.0, and 9.0.
File Size:9705
Last Modified:Jul 29 20:14:21 2003
MD5 Checksum:f1abaa914fb3eae21371eee17e50e6ad

 ///  File Name: 0x333bru-fmtx.c
Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow.
File Size:2665
Last Modified:Jul 22 02:18:54 2003
MD5 Checksum:d98819e03bec7237629814af9f5d5a2c

 ///  File Name: 5358gchessfuck.c
gnuchess, if setuid, is vulnerable to a buffer overflow using the -s switch that will allow an attacker to escalate their privileges. Vulnerable versions are 5.0.6 and below.
Author:ace, t0asty
File Size:2944
Last Modified:Jul 7 05:03:58 2003
MD5 Checksum:7ccb9569d981b450e7bcb8a97bfcadd9

 ///  File Name: 5358gnuanx0r.c
gnuan, the utility that produces an analysis of a chess game, has a buffer overflow that allows a local attacker to escalate privileges if the binary is setuid (which it normally is not).
Author:ace, t0asty
File Size:2777
Last Modified:Jul 7 05:07:28 2003
MD5 Checksum:a25af7dcda564b06beb127d57eb304ee

 ///  File Name: 5358isdnrape.c
isdnrep has a buffer overflow in the -t switch that allows a local attacker to escalate privileges if the binary is setuid/setgid (which it normally is not).
Author:ace, t0asty
File Size:2804
Last Modified:Jul 7 05:09:21 2003
MD5 Checksum:734ab28ee02006be169f339c1a516c6c

 ///  File Name: ACME-mitel.txt
An interesting bug in the Mitel Voice Over IP system that allows an attacker to discover phone numbers calling through the DHCP server.
File Size:2111
Last Modified:Jul 28 02:45:51 2003
MD5 Checksum:5b613c224e45a1343f68316310dd2b06

 ///  File Name: benjurry.txt
Thorough analysis of the buffer overrun in the Windows RPC interface that was discovered by the Last Stage of Delirium. Exploit included for Windows 2000 SP4 Chinese version.
Author:Flashsky, Benjurry
Related File:lsdRPC.txt
File Size:17765
Last Modified:Jul 28 05:40:01 2003
MD5 Checksum:bcd9321ac5d7e4a8d74b197efe4a7e07

 ///  File Name: bosen-adv.7.txt
The ProductCart ASP shopping cart is vulnerable to a SQL injection attack which allows administrative access to the control panel.
File Size:4086
Last Modified:Jul 7 21:35:58 2003
MD5 Checksum:234b6dab3675e82a95ed3bbfa3aaaff4

 ///  File Name: ccbill.txt
The CGI script whereami.cgi that gets distributed by CCBill lacks input validation and in return allows for remote command execution as the web uid.
Author:Dayne Jordan
File Size:3064
Last Modified:Jul 6 22:11:00 2003
MD5 Checksum:03e058c869b7c0bd6a2db785177e26d6

 ///  File Name: ccbillx.c
CCBill remote exploit that spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid.
File Size:3872
Last Modified:Jul 9 17:43:11 2003
MD5 Checksum:d16e63fce80c44af0cb31e5bb3b31202

 ///  File Name: cisco-bug-44020.tar.gz
Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x.
Author:Martin Kluge
File Size:4005
Last Modified:Jul 22 01:30:17 2003
MD5 Checksum:1221af8aa6ac91916c03e6b599441b55

 ///  File Name:
Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x using hping.
File Size:1868
Last Modified:Jul 22 01:31:46 2003
MD5 Checksum:5b4d3da440603ada84738a3464e28b7e

 ///  File Name: CLIVITT-2003-4-Citadel-exploit.c
Citadel/UX BBS version 6.07 remote exploit that yields a bindshell of the user id running the software.
Author:Carl Livitt
Related File:CLIVITT-2003-4-Citadel.txt
File Size:15789
Last Modified:Jul 18 01:31:00 2003
MD5 Checksum:99ae9b5f60fd6a0d523cb10d618886d9

 ///  File Name: CLIVITT-2003-5.txt
Apache 1.3.x using the mod_mylo module version 0.2.1 and below is vulnerable to a buffer overflow. The mod_mylo module is designed to log HTTP requests to a MySQL database and insufficient bounds checking in mylo_log() allows a remote attacker to gain full webserver uid access. Remote exploit for SuSE 8.1 Linux with Apache 1.3.27, RedHat 7.2/7.3 Linux with Apache 1.3.20, and FreeBSD 4.8 with Apache 1.3.27 included.
Author:Carl Livitt
File Size:14775
Last Modified:Jul 29 19:33:50 2003
MD5 Checksum:b6a0cd78d32dfe4d978f56c3436cdb69

 ///  File Name:
Core Security Technologies Advisory ID: CORE-2003-0305-03 - The Microsoft Active Directory functionality is remotely and locally vulnerable to a stack overflow that allows an attacker to crash and force a reboot of any Windows 2000 server. Vulnerable package: Windows 2000 Server with Active Directory SP3. Fixed with Service Pack 4.
Author:Eduardo Arias, Gabriel Becedillas, Ricardo Quesada, Damian Saura
File Size:5744
Last Modified:Jul 4 19:16:01 2003
MD5 Checksum:9104d6686a8f0483995df11c58854fd3

 ///  File Name: core.netmeeting.txt
Core Security Technologies Advisory ID: CORE-2003-0305-04 - Windows NetMeeting is vulnerable to a directory traversal attack that allows remote arbitrary code execution. Vulnerable version: NetMeeting 3.01 (4.4.3385), possibly others. Fixed in Service Pack 4.
Author:Hernán Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, Pablo Rubinstein
File Size:6522
Last Modified:Jul 4 20:29:25 2003
MD5 Checksum:b1953ba5b79dc97db6f6fc38c2531733

 ///  File Name: CSSoft-EZTRansI-Eng.txt
STG Security Advisory SSA-20030701-03: ezTrans Server, the popular portal software used throughout Korea, lacks input validation in the file download module. Due to this, a remote attacker can download any file on the system that the webserver uid can access.
Author:SSR Team
File Size:2787
Last Modified:Jul 9 17:30:54 2003
MD5 Checksum:5e5b9d4fb6b5adcb71f4b3a0a9f97782

 ///  File Name: dcom.c
Remote exploit utilizing the DCOM RPC overflow discovered by LSD. Includes targets for Windows 2000 and XP. Binds a shell on port 4444.
Author:H D Moore
File Size:15014
Last Modified:Jul 28 02:51:24 2003
MD5 Checksum:a731771b1cd73887da81c33d2f48471f

 ///  File Name:
Windows port of the remote exploit utilizing the DCOM RPC overflow originally coded by H D Moore.
Author:Benjamin Lauzičre
File Size:18336
Last Modified:Jul 28 02:52:51 2003
MD5 Checksum:4dadfb9aafb1cdac05ab734453dcee88

 ///  File Name: dcomsploit.tgz
DCOM remote exploit utilizing the issue discussed here. Covers Microsoft Windows NT SP6/6a (cn), as well as Windows 2000 SP0-4 (cn) SP0-2 (jp) SP0-2,4 (kr) SP0-1 (mx) SP3-4 (Big 5) SP0-4 (english) SP0 Server (english), and Windows XP SP0-1 (english) SP1 (cn) SP0-1 (Big 5). Modified by sbaa
Author:FlashSky, Benjurry
File Size:6126
Last Modified:Jul 29 20:07:02 2003
MD5 Checksum:330e19366c8d5664a7f2a55efc3a8e78

 ///  File Name:
Remote denial of service exploit making use of the vulnerability found in DCOM under Windows.
File Size:2404
Last Modified:Jul 24 23:48:09 2003
MD5 Checksum:1098316c80fe73f7861565b0b8ec61ef

 ///  File Name: diginews.txt
Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.
Author:Arnaud Jacques aka scrap
File Size:2290
Last Modified:Jul 18 03:42:40 2003
MD5 Checksum:cbbef802af4f26114deb0b40e22828ec

 ///  File Name:
Hilariously amusing and simple exploit that makes use of the fact that the cuxs binary on InterSystems Corp. Cache management system executes a binary as root without that binary having a static path.
Related File:intersystems.txt
File Size:525
Last Modified:Jul 3 07:36:22 2003
MD5 Checksum:329a7a5129be9aefbe9ce9427f75d63e