Section: .. / 0311-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	0311-exploits.tgz
Description:	Packet Storm new exploits for November, 2003.
File Size:	121822
Last Modified:	Dec 10 03:25:05 2003
MD5 Checksum:	98a752eda0e42dae02e16f317b81af46

/// File Name:	85mod_gzip.c
Description:	Remote exploit for mod_gzip when in debug mode for versions 1.2.26.1a and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.
Author:	xCrZx
Related File:	ZH2003-3SP
File Size:	7364
Last Modified:	Nov 20 21:03:33 2003
MD5 Checksum:	ccd4dcff6acad5955766d739f2551aff

/// File Name:	85NIPrint.c
Description:	Remote exploit for Windows that makes use of the buffer overflow vulnerability in NIPrint discussed here.
Author:	xCrZx
File Size:	6010
Last Modified:	Nov 4 18:14:36 2003
MD5 Checksum:	067bbc3934292c0e48f3957e9ae13d9a

/// File Name:	_BSSADV-0000.txt
Description:	Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad.
Author:	The Bugtraq Team
Homepage:	http://www.bugtraq.org
File Size:	12774
Related CVE(s):	CAN-2003-0970, CAN-2003-0971
Last Modified:	Dec 1 03:08:52 2003
MD5 Checksum:	d75b0941421c1810583106423f646868

/// File Name:	badc0ded-DSR-ensim.sh
Description:	Virthostmail (part of the Ensim WEBppliance Pro) local exploit for Linux/x86. Tested on Ensim 3.5.20-7 and others. Bug found by Kokanin.
Author:	Joel Eriksson
File Size:	696
Last Modified:	Nov 8 03:20:28 2003
MD5 Checksum:	dfc06bc790ea5e5dcbea2f03b8eb6269

/// File Name:	boomerang.tgz
Description:	Local exploit for the ListBox/ComboBox vulnerabilities in Win32 platforms. Included is an example of a vulnerable program.
Author:	xCrZx
Related File:	MS03-045
File Size:	3638
Last Modified:	Nov 14 03:05:55 2003
MD5 Checksum:	2535d98788c7d94b7b1bc63be67d9adf

/// File Name:	cf_exp.c
Description:	Cfservd v2.0.7 and below remote stack overflow exploit. Includes connect-back and port binding shellcode. Tested against cfservd v2.0.7 on Redhat 8.0. Info on the bug available here.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
File Size:	12665
Last Modified:	Nov 8 03:10:25 2003
MD5 Checksum:	217fbdd97894588d7e1efd1f536b044e

/// File Name:	chemtrailX.c
Description:	Proof of concept local root exploit for iwconfig that is normally not setuid by default. Tested on RedHat Linux 9.0.
Author:	Knight420
File Size:	1728
Last Modified:	Nov 14 02:42:59 2003
MD5 Checksum:	b3da4e4973f8442505f7f11bb2442480

/// File Name:	commerceSQL.txt
Description:	CommerceSQL shopping cart allows remote file reading via a directory traversal vulnerability in its index.cgi.
Author:	Mariusz Ciesla
File Size:	602
Last Modified:	Nov 25 05:09:35 2003
MD5 Checksum:	5a17b3f5332c2e8437aa225dc2841a71

/// File Name:	DSR-wmapm.sh
Description:	Wmapm v3.1 local exploit - Gives a shell with UID=operator in FreeBSD if compiled via ports collection, or UID=root if compiled from source on FreeBSD or Linux. Requires a valid X display.
Author:	Knud Erik Højgaard
Homepage:	http://kokanins.homepage.dk
File Size:	831
Last Modified:	Nov 8 03:16:52 2003
MD5 Checksum:	9c96e222a97fbced2e4789d67c4f010f

/// File Name:	epic4-exp.c
Description:	EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.
Author:	Li0n7
File Size:	14651
Last Modified:	Nov 27 01:19:16 2003
MD5 Checksum:	60364157eaa053fedb0f4fd986a98e85

/// File Name:	execdror5-Demo.zip
Description:	Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here and here.
Author:	Liu Die Yu
Homepage:	http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
File Size:	26429
Last Modified:	Nov 15 01:22:27 2003
MD5 Checksum:	61fe983e637f9bb67381751df8664ae7

/// File Name:	FBHterminator.c
Description:	Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
Author:	Bobby
Related File:	outsiders-terminatorX-001.txt
File Size:	4751
Last Modified:	Nov 15 19:00:39 2003
MD5 Checksum:	a2817a1ad499a35cdb5469a0b032ce00

/// File Name:	fp30reg.c
Description:	Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.
Author:	Adik
Homepage:	http://netninja.to.kg
File Size:	9281
Last Modified:	Nov 17 20:30:07 2003
MD5 Checksum:	e28d8512b7f0f40aa755ac0c05d43e14

/// File Name:	gEEk-0verkill.c
Description:	0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.
Author:	demz
Homepage:	http://geekz.nl/
File Size:	2258
Last Modified:	Nov 15 18:53:13 2003
MD5 Checksum:	ee4378534a1ac7e7c6ff82037218678f

/// File Name:	gEEk-unace.c
Description:	UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.
Author:	demz
Homepage:	http://geekz.nl/
File Size:	2225
Last Modified:	Nov 15 18:49:31 2003
MD5 Checksum:	2b33f62481726d5a0a5ecbdf48ec57e1

/// File Name:	iawebmail.pl
Description:	IA WebMail Server v3.1 and below (iaregdll.dll version 1.0.0.5) remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.
Author:	Peter Winter-Smith
Homepage:	http://www.elitehaven.net
File Size:	6615
Last Modified:	Nov 19 20:29:42 2003
MD5 Checksum:	2e7f7b1bf13faa2e9a6f5a50715033eb

/// File Name:	iw-config.c
Description:	Proof of concept local root exploit for iwconfig, which is not setuid by default.
Author:	heka
File Size:	1344
Last Modified:	Nov 14 02:17:07 2003
MD5 Checksum:	5a3507650d6a7aa825d9cc3694338c88

/// File Name:	kill-Taidu.c
Description:	webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.
Author:	jsk
File Size:	13395
Last Modified:	Nov 25 03:58:25 2003
MD5 Checksum:	5d7053881beaf39ab594c60a0b0cd44c

/// File Name:	kpopup.txt
Description:	Kpopup version 0.9.1 is susceptible to allowing privilege escalation due to format string bugs and an unsafe system() call. Local root exploit included.
Author:	b0f
Homepage:	http://www.b0f.net
File Size:	3743
Last Modified:	Nov 4 08:16:18 2003
MD5 Checksum:	ef5877dfcaad27f0f1cbd792ee2650aa

/// File Name:	Mircxpl.pl
Description:	Remote exploit for mIRC versions below 6.12 that will cause the victim's client to crash.
Author:	Jackal.
File Size:	1112
Last Modified:	Nov 5 06:01:00 2003
MD5 Checksum:	afd42a6a9c7cc811f4b482ebdeb88690

/// File Name:	msnbug.txt
Description:	A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.
Author:	Brice aka THR, Hi_Tech_Assassin
File Size:	4839
Last Modified:	Nov 25 03:41:16 2003
MD5 Checksum:	20299636636f63dc45c73c692442d9d2

/// File Name:	msuxobsd2.c
Description:	OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here and v3.4 here. Also works against OpenBSD v2.x.
Author:	Georgi Guninski
Homepage:	http://www.guninski.com/
File Size:	6929
Last Modified:	Nov 19 20:41:08 2003
MD5 Checksum:	d2c5ec9e1b0e56417a1369edc4c038f3

/// File Name:	myegallery.txt
Description:	My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.
Author:	Bojan Zdrnja
File Size:	1564
Last Modified:	Nov 27 01:09:53 2003
MD5 Checksum:	b43abc56c3104b46370ca73811988658

/// File Name:	netserve107.txt
Description:	NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
Author:	nimber
Homepage:	http://www.nimber.plux.ru
File Size:	7034
Last Modified:	Nov 17 23:28:57 2003
MD5 Checksum:	8ff8a7c0a6c99ee99b37b46c84a0bbd6