|
|
Some of these exploits are from Bugtraq and Security Bugware |
|
To Change Sort Order, Click On A Category.
Sorted By: Last Modified. |
File Name |
Downloads |
File Size |
Last Modified |
| 0003-exploits.tgz | 2524 | 94501 | May 19 2000 10:55:38 |
| Packet Storm new exploits for March, 2000. |
| win98-bluescreen.txt | 2936 | 1876 | Apr 20 2000 13:59:44 |
| More ways to abuse c|/con/con - In mail with html tags, in normal html, serv-u ftp, and win registry. By RUBINHO |
| cgimail.txt | 1105 | 3015 | Apr 19 2000 19:23:42 |
| Anyone who can execute CGIMailer (anyone who can use the forms that use CGIMailer) can specify what configuration file to use and this can be any file on the system CGIMailer is running on. This allows for the existance of private files to be detected. There are more dangerous implications though: this vulnerability could possibly be exploited to obtain private files from the target system. If there is an FTP server running on the target system on which an attacker has upload priviledges, he/she could upload a malicious configuration file, and then run it using CGIMailer. Configuration files can be used to send files to the attacker via e-mail (among other things). By Chopsui-cide. Homepage Here. |
| ircii_exploit.txt | 1498 | 7942 | Apr 19 2000 19:14:41 |
| Two exploits are included in this. It is a dcc chat buffer overflow in seperate exploits for linux and mirc. By bladi & aLmUDeNa. |
| x11amp.txt | 972 | 634 | Apr 19 2000 16:59:21 |
| Vulnerability: Any user can overwrite any file in the system with x11amp ver .70. Found by Grampa Elite. |
| exp-wmcd.c | 372 | 2249 | Apr 19 2000 16:59:21 |
| Local exploit for Linux Mandrake 7.0's wmcdplay 1.0 beta 1. Unlike the Teso exploit for wmcdplay, this code exploits the -position argument. By Dethy |
| irix-objectserver.c | 1672 | 19212 | Apr 3 2000 19:11:51 |
| SGI IRIX objectserver remote exploit - Remotely adds account to the IRIX system. Patched February, 1998. Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2. By Marcy |
| rpc.AMD.FreeBSD3.2RE..> | 2014 | 2924 | Apr 1 2000 14:09:54 |
| FreeBSD 3.2-REL AMD remote root exploit. By Anathema |
| icadecrypt.c.txt | 2147 | 1800 | Mar 31 2000 23:29:07 |
| icadecrypt cracks the weak hash encryption on stored Citrix ICA passwords (in appsrv.ini). Homepage here. By Dug Song |
| ass.pl | 1347 | 1488 | Mar 31 2000 13:04:00 |
| Halloween linux 4 local root exploit script for atsadc. Other distributions may be vulnerable. Homepage here. By S. Krahmer |
| NXT-Howto.txt | 5556 | 14093 | Mar 30 2000 00:24:56 |
| BIND 8.2 - 8.2.2 remote root exploit how-to. Explains how to manipulate DNS records on a primary name server to exploit this vulnerability. Homepage here. By E-Mind |
| winmail305.txt | 1209 | 1008 | Mar 29 2000 13:04:00 |
| Winmail 3.05 for Windows NT allows any file on the system to be read. Exploit code included. By Frankie Zie courtesy of Bugtraq |
| tpgnrock.c | 1021 | 2912 | Mar 29 2000 13:04:00 |
| Crash Exploit for AnalogX SimpleServer v1.03 By Presto |
| kreatur.pl | 1237 | 1622 | Mar 28 2000 16:28:34 |
| kreatecd local root-exploit helper script - Halloween Linux 4.0 and SuSE 6.0 - 6.3. Homepage here or here. |
| position.c | 1776 | 1976 | Mar 28 2000 16:21:43 |
| Overflows the -position arg buffer in wmcdplay due to a bad sprintf call. Homepage here. By Larry W. Cashdollar |
| domain-socket.c | 1882 | 871 | Mar 26 2000 13:04:00 |
| Domain Socket Denial of Service Vulnerability affecting Linux kernel 2.3.99-pre2, Linux kernel 2.2.14, Linux kernel 2.2.12, RedHat Linux 6.2, RedHat Linux 6.1 sparc, RedHat Linux 6.1 i386, and RedHat Linux 6.1 alpha. Homepage here. |
| browser-bug.txt | 1659 | 2905 | Mar 25 2000 20:41:56 |
| Linux web browsers are affected by accessing devices, this bug may be considered similar to the \con\con bug except that the technological superiority of Linux will prevent a system crash. Homepage here. By SET |
| win98-con-lan.txt | 5441 | 784 | Mar 24 2000 21:04:48 |
| A windows 9x machine that shares any of its files, even read only, can be crashed remotely via the con/con issue. By Toxic Waste |
| netscape-wp.dir-list | 2251 | 2619 | Mar 23 2000 23:59:17 |
| ZSH Advisory - Netscape WebPublisher Allows Directory Listing and Access. Netscape Webpublisher is an addon to Netscape's Enterprise webserver which allows remote file modifications, uploads and downloads. A third party user can access the WebPublisher via downloading a number of java applets and the webserver's directory structure without having a valid account on the system. Netscape v3.5.1 / 3.6 SP1-3 under solaris are vulnerable. Homepage here. By F0bic |
| wmcdplay-exp.c | 1702 | 10904 | Mar 23 2000 22:11:48 |
| 5 exploits for wmcdplay (A cd player designed for WindowMaker - Release 1.0 Beta1) Tested on Mandrake 7.0. Homepage here. By Larry W. Cashdollar |
| pam-mdk.c | 2735 | 1588 | Mar 21 2000 14:22:00 |
| PAM/userhelper exploit - Ported to Mandrake 6.1. Also works on Red Hat 6.0 and 6.1, gives uid 0. By Paulo Ribeiro |
| spoon.c | 2709 | 5033 | Mar 21 2000 03:41:56 |
| spoon.c - (ab)use dig.cgi to proxy DNS dig requests. Useful to request a zone transfer without revealing your IP. Homepage here. By Obecian |
| wmexp.c | 1183 | 2315 | Mar 20 2000 13:04:00 |
| Halloween Linux 4.0 and Debian Linux 2.1 local root exploit for wmcdplay. Other distros are maybe affected as well. Homepage here. By S. Krahmer & Stealth |
| spawncmd.pl | 1626 | 1270 | Mar 20 2000 13:04:00 |
| Spawn a command shell on remote host with MSADC. Homepage here. |
| reset_state.c | 1319 | 10605 | Mar 20 2000 13:04:00 |
| reset_state.c exploits a recent bug in pix firewalls which drops an entry in the state table when a rst packet is received. By Andrew Alston |
| printtool.sh | 1249 | 822 | Mar 20 2000 13:04:00 |
| printtool is an X11 printer configuration tool shipped with RedHat Linux and possibly other linux distributions. When configuring a printer with printtool, the permissions of the config file are set world-readable. When this happens, this script will kick in and give you the password. Homepage here. By Phonic |
| led_color.c | 1187 | 1965 | Mar 20 2000 13:04:00 |
| Overflows the -l arg buffer in wmcdplay due to a bad sprintf call. Tested on Mandrake. Homepage here. By Larry W. Cashdollar |
| imexp.c | 1205 | 2630 | Mar 20 2000 13:04:00 |
| Halloween 4 local root exploit for imwheel-solo. Other distros maybe affected as well. Homepage here. By S. Krahmer & Stealth |
| gpm-root.sh | 2486 | 931 | Mar 20 2000 13:04:00 |
| A vulnerability exists in the gpm-root program, part of the gpm package. A local console user can obtain root. Tested under RedHat Linux (6.2 / 6.1 / 6.0 / 6.0 / 5.2 / 5.1) and Debian Linux (2.2 / 2.1 / 2.0). Homepage here. |
| ftpwarez.c | 2247 | 5614 | Mar 15 2000 13:04:00 |
| wu-ftpd beta17 remote root overflow (non-chroot). By Anathema |
| x-dumper.sh | 1010 | 1666 | Mar 13 2000 13:04:00 |
| x-dumper.sh remote xwin exploit - Will attempt to dump a screen via xwd. By c0sa_n0stra |
| unpassworded.dsl.rou..> | 1153 | 3779 | Mar 11 2000 04:14:00 |
| In the deployment of the Cayman-DSL router and many others, technitions are failing to reset the default password which in many cases default to no password at all. A malicious user could scan for such devices and on a DSL providers network. Worst case scenerio, the static routing tables can be altered to permit remote sniffing. By Andrew R. Siverly |
| Flying.txt | 1607 | 837 | Mar 10 2000 12:39:48 |
| Vulnerability in the game Flying rev 6.20 - read any file on the system. Tested on Redhat 5.2, possibly others. By Grampa Elite |
| redhat-printtool.txt | 2861 | 850 | Mar 9 2000 12:28:40 |
| By default, printtool leaves world readable printer passwords on Redhat 6.1 and 6.2B. By Cho Kyong-won courtesy of Bugtraq |
| ms-clipart.txt | 3858 | 10793 | Mar 9 2000 11:25:25 |
| L0pht Research Labs Advisory - Microsoft ClipArt Gallery Overflow. An attacker can seize control of a Windows 95, 98, NT, or 2000 machine via any HTML source, including Microsoft Outlook e-mail. Proof of conccept exploit included. Homepage here. By Dildog |
| iis-enumerate.txt | 3917 | 1267 | Mar 9 2000 11:25:07 |
| Another new way to find the web root directory of an IIS 4.0 webserver, if it is run on a share, by requesting a .idq file. By Jason Lutz |
| pocsag.txt | 2608 | 1029 | Mar 9 2000 11:25:00 |
| Pocsag v2.05, a popular pager decoding software by default accepts connections on port 8000 with a default password, even remote access is not enabled, allowing anyone to view the decoded data. By Kuji courtesy of Bugtraq |
| flog.c | 3307 | 2961 | Mar 7 2000 04:40:35 |
| Flog.c crashes Win95/98/se webservers by sending GET /con/con HTTP/1.0. Changes: This one works. By Infernal Pulse |
| infradig_1225_5-3-00..> | 2933 | 1464 | Mar 6 2000 12:49:12 |
| Infradig 1.225 for Windows remote security hole - The administration server on port 81 allows anyone to edit accounts, add users, and set all kinds of things. Homepage here. By Nemesystm |
| SCX-SA-01.txt | 3276 | 7855 | Mar 6 2000 12:48:32 |
| Securax Advisory - Many windows applications can be made to blue screen upon parsing special crafted path-strings refering to device drivers. |
| RLbison.tgz | 1719 | 2279 | Mar 6 2000 03:27:29 |
| Roses Labs has discovered a remote buffer overflow in BisonWare FTP Server. Includes DoS exploit, remote code execution may be possible. English and spanish versions included. Homepage here. By Conde Vampiro |
| binds.c | 3504 | 6923 | Mar 3 2000 22:35:39 |
| IRIX 5.3 and 6.2 remote bind iquery overflow. Homepage here. By LSD |
| sXe.c | 4971 | 7898 | Mar 3 2000 22:31:34 |
| sXe sends IGMP packets, denying service to windows machines. If you can figure out how to use this, you can create quite an effective attack from even a 14kbs modem. Homepage here. By l-n1nja |
| irix-infosrch.cgi.tx..> | 2777 | 550 | Mar 3 2000 20:20:40 |
| Irix 6.5 InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. infosrch.cgi can execute commands remotely. By Jared courtesy of Bugtraq |
| AIM-dos.txt | 6304 | 1178 | Mar 3 2000 20:17:18 |
| AOL Instant Messenger can be crashed remotely with upper ascii symbols, version 3.5 tested, others most likely vulnerable. Unofficial patch available on the homepage, here. By Cruz courtesy of Bugtraq |
| officescan.txt | 3046 | 8966 | Mar 3 2000 20:12:33 |
| Trendmicro Officescan 3.5 has severe remote vulnerabilities, allowing a malicious user to remotely uninstall the anti virus, remotely stop the scan, remotely make the anti virus inefficient by modifying the scan configuration file through the network on the target pc, and finally, remotely write anywhere on the target file system! Includes exploit instructions. Homepage here. By Gregory Duchemin"> courtesy of Bugtraq |
| win98-con.txt | 6788 | 1463 | Mar 3 2000 18:58:58 |
| Many Windows programs crash if they access c:/con/con. IE and servU-FTP v 2.4a among others are vulnerable. By Zoa_Chien |
| sps3.c | 2572 | 2086 | Mar 3 2000 18:17:18 |
| sps3.c - Spaghetti Proxy Server 3.0 DoS attack. It does not appear as though arbitrary code could be execute using this vulnerability. Homepage here. By Chopsui-cide |
| win98_con_exploit.ht..> | 2421 | 1408 | Mar 3 2000 01:24:18 |
| Variation of the win98 con exploit that crashes netscape as well. Homepage here. By Neonlenz |
| unsigned.cab.exploit..> | 3362 | 19089 | Mar 2 2000 13:42:15 |
| Vulnerability details and example exploit for Microsoft Active Setup control's unsigned CAB file execution vulnerability. Patched in November, 1999, the vulnerability was so severe that almost any kind of break-in was possible into unpatched IE client machines. By Mukand |
| ie5-chm.txt | 3514 | 1258 | Mar 2 2000 13:31:46 |
| Georgi Guninski security advisory #8 - There is a vulnerability in IE 5.x for Win95/WinNT (probably others) which allows executing arbitrary programs using .chm files. Microsoft Networking must be installed. Demonstration which starts wordpad here. Homepage here. By Georgi Guninski"> courtesy of Bugtraq |
| bsd-sm884.c | 3390 | 3055 | Mar 2 2000 10:24:08 |
| FreeBSD Sendmail 8.8.4 mime 7to8 remote exploit. Homepage here. |
| mailer.c | 2980 | 5441 | Mar 2 2000 10:18:39 |
| Remote exploit for Mailer 4.3 - Win 9x/NT. Homepage here. By Cybz |
| getpop3.txt | 3217 | 2827 | Mar 1 2000 20:33:20 |
| Getpop3 POP client for linux local root exploit - make any local file world writable. Homepage here. By r3p3nt |
| dosemu.sh | 1964 | 948 | Mar 1 2000 15:53:52 |
| Corel Linux dosemu config error. Local root compromise. By Suid |
| setxconf.sh | 1877 | 303 | Mar 1 2000 15:52:54 |
| Corel xconf utils local root (among others) vulnerability. By Suid |
| Infosec.20000229.axi..> | 2472 | 2242 | Mar 1 2000 01:24:30 |
| Infosec Security Vulnerability Report - Bypassing authentication on Axis StorPoint CD. By modifying an URL, outsiders can access administrator URLs without entering username and password, allowing unauthorized access. By Ian Vitek courtesy of Bugtraq |
| hp-omniback.pl | 2181 | 1803 | Mar 1 2000 01:17:49 |
| HP Openview Omniback software listens to port 5555, can be caused to run out of memory. Demonstration exploit in perl included. By Jon Hittner courtesy of Bugtraq |
| xterm-logfile.txt | 2258 | 1173 | Mar 1 2000 01:10:46 |
| It used to be Well Known that xterm's way of opening a log file was insecure. Well, that was 5+ years ago so I decided to take a look at the current state of affairs. Things have changed, but mostly to "different" rather than "better". Symlink attack can overwrite any file with the UID of the xterm process. By Morten Welinder courtesy of Bugtraq |
| manxpl.c | 2581 | 1178 | Mar 1 2000 00:55:59 |
| Linux x86 man exploit - exploits the stack overflow in man (PAGER env var) yielding egid man. Tested on Redhat 6.2. By Anathema |
| htdig.txt | 3546 | 1348 | Mar 1 2000 00:55:59 |
| Htdig 3.1.4 search engine allows any file on the system to be read via CGI binary htsearch. Exploit information included. By Geoff Hutchison courtesy of Bugtraq |
 |
| |
| |
 |
