Section:  .. / 0412-exploits  /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 74
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: wins.c
Description:
Remote Microsoft Windows 2000 WINS exploit that has connectback shellcode. Works on SP3/SP4.
Author:zuc
File Size:4260
Related CVE(s):CAN-2004-1080
Last Modified:Jan 2 21:43:36 2005
MD5 Checksum:bca4ce46995ede27531c85fe556c98c2

 ///  File Name: HOD-ms04031-netdde-expl.c
Description:
Remote proof of concept exploit for the NetDDE buffer overflow vulnerability as described in MS04-031. Tested on: Windows XP Professional SP0, Windows XP Professional SP1, Windows 2000 Professional SP2, Windows 2000 Professional SP3, Windows 2000 Professional SP4, Windows 2000 Advanced Server SP4.
Author:houseofdabus
File Size:19637
Last Modified:Jan 2 21:35:26 2005
MD5 Checksum:d8d4090c728f4295d8bb51908e941671

 ///  File Name: KorWeblog.txt
Description:
KorWeblog suffers from a directory traversal vulnerability that enables malicious attackers to access files and include malicious php files. Versions 1.6.2-cvs and below are susceptible.
Author:Mins
File Size:3436
Last Modified:Jan 2 21:32:14 2005
MD5 Checksum:aef213cbdc2bb62aa2b5f0700792a633

 ///  File Name: ftpd-iexpl.c
Description:
Proof of concept exploit for Internet Explorer version 6.0.3790.0 that demonstrates an FTP download path disclosure flaw.
Author:Albert Puigsech Galicia
Related File:7a69-17.txt
File Size:3350
Last Modified:Jan 2 21:25:38 2005
MD5 Checksum:c396765c5b95db527753b59b0cb4cfcb

 ///  File Name: isec-0020-mozilla.txt
Description:
A heap overflow in Mozilla browser versions 1.7.3 and below in the NNTP code may allow for arbitrary code execution.
Author:Maurycy Prodeus
Homepage:http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
File Size:3057
Last Modified:Jan 2 21:10:27 2005
MD5 Checksum:28f2d5a8e2e4029a4b83de4ea3ca607e

 ///  File Name: phpcalendar.txt
Description:
PHP-Calendar suffers from a file inclusion vulnerability. All versions are affected.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:2438
Last Modified:Jan 2 21:07:16 2005
MD5 Checksum:f3d2a2da12855b70374d273e68526a83

 ///  File Name: WHM-autopilot.txt
Description:
WHM AutoPilot version 2.4.6.5 and below suffer from information disclosure, cross site scripting, and file inclusion vulnerabilities.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:3899
Last Modified:Jan 2 20:54:26 2005
MD5 Checksum:90e228da786478f8e243ab912ca962f1

 ///  File Name: moodle142.txt
Description:
Moodle versions 1.4.2 and below suffer from cross site scripting and file inclusion vulnerabilities.
Author:Bartek Nowotarski
File Size:3831
Last Modified:Jan 2 20:41:32 2005
MD5 Checksum:b9eca4daf115cfb19a91e59348bc0731

 ///  File Name: netcat-exp.txt
Description:
A buffer overflow in netcat can allow for remote compromise. Full exploit provided.
Author:class101
File Size:15514
Last Modified:Jan 2 20:13:29 2005
MD5 Checksum:a2b6b784698e602e8fb3cea8f8d99e58

 ///  File Name: CMDExe.txt
Description:
Internet Explorer remote command execution exploit that is a variant of the Auto SP2 RC exploit.
File Size:1708
Last Modified:Jan 2 20:04:22 2005
MD5 Checksum:5c2251efedbcbdd1b6e5732e0a09cfcf

 ///  File Name: ANI-DoS.txt
Description:
Simple html code that exploits the Microsoft Windows Kernel ANI file parsing denial of service vulnerability.
File Size:139
Last Modified:Jan 2 20:00:27 2005
MD5 Checksum:75dcb2797164dd15d32e2e311ff56097

 ///  File Name: PhpIncludeWorm.txt
Description:
New PHP based worm that targets any vulnerable page or script with a remote file inclusion vulnerability.
File Size:3602
Last Modified:Jan 2 19:55:57 2005
MD5 Checksum:7d59d83dd3eed703eff0dda98b9c9632

 ///  File Name: MSXPSP2-ieEXP.txt
Description:
Internet Explorer HTML Help Control Local Zone bypass exploit that can be used against Microsoft Windows XP versions SP2 and below.
Author:Michael Evanchik, Paul from Greyhats, http-equiv
Homepage:http://www.michaelevanchik.com
File Size:28646
Last Modified:Jan 1 03:39:57 2005
MD5 Checksum:5aabc81cc7ff559369ba72b039815c3a

 ///  File Name: yacyXSS.txt
Description:
yacy version 0.31 is susceptible to a cross site scripting attack.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1383
Last Modified:Jan 1 03:35:15 2005
MD5 Checksum:6f7bf1db4751a945aa301c29170cbf16

 ///  File Name: phpbbworm2.tgz
Description:
New version of the phpBB worm that successfully works against a patched phpBB 2.0.11. The scripts in this tarball are the worm itself and the bot that is installed. Found by Herman Sheremetyev.
File Size:6414
Last Modified:Dec 31 23:23:21 2004
MD5 Checksum:3e25607b656731c8902642da039f0697

 ///  File Name: SSA-20041220-16.txt
Description:
STG Security Advisory: An input validation flaw in ZeroBoard versions 4.1pl4 and below can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
Author:Jeremy Bae
Homepage:http://stgsecurity.com/
File Size:3683
Last Modified:Dec 31 23:08:01 2004
MD5 Checksum:f266dea6fadc6bcb9dcc65dd55ae1090

 ///  File Name: phpbb-url.pl
Description:
Simple tool to automate the creation of the URL needed to exploit phpBB versions below 2.0.11 using the viewtopic.php vulnerability.
Author:Trivero
Homepage:http://albythebest.altervista.org/
File Size:1780
Last Modified:Dec 31 23:02:11 2004
MD5 Checksum:f54e59d659820db210376da4a83090c8

 ///  File Name: shoutcast194.c
Description:
SHOUTcast DNAS/Linux version 1.9.4 format string remote exploit. Tested on slackware 9.1 and 10.0. Bind a shell to port 7000.
Author:Damian Put, Tomasz Trojanowski
Homepage:http://www.cc-team.org
File Size:5347
Last Modified:Dec 31 22:57:59 2004
MD5 Checksum:10a9677625a70dc41e3a961b0e06168d

 ///  File Name: WPkontakt.txt
Description:
WPKontakt versions 3.0.1 and below suffer from a parsing error that allows for remote script execution.
Author:Blazej Miga, Jaroslaw Sajko
Homepage:http://www.man.poznan.pl/security/wpkontakt.html
File Size:840
Last Modified:Dec 31 22:09:01 2004
MD5 Checksum:c2467df336a25f30ca56b0e86b287451

 ///  File Name: crystalPoC.c
Description:
Crystal FTP Pro version 2.8 proof of concept exploit that makes use of a flaw in the LIST command.
Author:cybertronic
Related File:crystalftp.txt
File Size:16647
Last Modified:Dec 31 21:56:35 2004
MD5 Checksum:384ea878b20d258c64dacd1a2c438f5d

 ///  File Name: bruteforce.webmin.txt
Description:
Webmin remote bruteforce and command execution exploit.
Author:Di42lo
File Size:3492
Last Modified:Dec 31 21:50:56 2004
MD5 Checksum:c5fab111968a480a8eab88750e4deecf

 ///  File Name: raptor_udf.c
Description:
Local root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.
Author:Marco Ivaldi
Homepage:http://www.0xdeadbeef.info/
File Size:2470
Last Modified:Dec 31 21:43:34 2004
MD5 Checksum:3793c024d44ae4873abb9da8a046b264

 ///  File Name: raptor_rlogin.c
Description:
Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
Author:Marco Ivaldi
Homepage:http://www.0xdeadbeef.info/
File Size:12532
Related CVE(s):CVE-2001-0797
Last Modified:Dec 31 21:40:48 2004
MD5 Checksum:e6308246578fe5d9eb5dcd19eee0b260

 ///  File Name: raptor_passwd.c
Description:
Local root exploit for a vulnerability in the passwd circ() function under Solaris/SPARC 8/9. This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
Author:Marco Ivaldi
Homepage:http://www.0xdeadbeef.info
File Size:13960
Related CVE(s):CAN-2004-0360
Last Modified:Dec 31 21:38:36 2004
MD5 Checksum:9d4de237075ceb5ffa390f845ff73748

 ///  File Name: raptor_libdthelp2.c
Description:
Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9. This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
Author:Marco Ivaldi
Homepage:http://www.0xdeadbeef.info
File Size:9254
Related CVE(s):CAN-2003-0834
Last Modified:Dec 31 21:35:42 2004
MD5 Checksum:be55e3c1fd954ee10f92a9a1376a141e