ArchivesForums
 
about usforumsassessmentdefensepapersmagazinesmiscellaneouslinkscareers


Welcome to the Exploits for July, 2000 Section.

Some of these exploits are from Bugtraq and Security Bugware

To change sort order, click on the category.
Sorted By: File Name.

File Name Downloads File Size Last Modified
0007-exploits.tgz2567137051Aug 3 17:28:41 2000
Packet Storm new exploits for July, 2000.
7350qpop.c247813372Jul 15 16:34:29 2000
qpopper 2.53 euidl x86/linux remote exploit. Includes a procedure to abuse format strings to find the correct offset. Tested on Debian 2.1, RedHat 6.1, Slackware 7, Suse 5.2 and 6.0. Homepage: http://teso.scene.at. By Scut
alibaba.txt10612124Jul 18 15:01:06 2000
Alibaba is a http server for Windows 95/98/NT which contains buffer overflows and allow remote users to execute commands remotely. By Prizm
alienform2-xploit.pl5181883Jul 24 11:59:22 2000
AlienForm2 remote cgi exploit - Spawns an xterm from target machine. Homepage: http://teleh0r.cjb.net. By Telehor
bajie.webserver.txt920763Jul 31 13:56:50 2000
Bajie is a freeware HTTP daemon written in Java has vulnerabilities which allow remote users to view any file on the system, and find out the real server path. Homepage: http://www.mdma.za.net. By Wizdumb
bb-14h2.txt1521974Jul 13 10:25:08 2000
Big Brother up to version 1.4H2 contains a remote vulnerability which allows remote users to create a filename with an arbitrary extension. Since the file is droped into a directory accessible via the web server, any file extension that is parsed server side can be abused and commands can be executed remotely. By Xternal
bigbrother-1.4g.txt17251235Jul 12 17:56:29 2000
Big Brother v1.4g and below contains a vulnerability which allows a remote attacker to view any file on the system. By Safety
bitchx.dos.txt25463263Jul 8 16:03:30 2000
A denial of service bug was discovered in BitchX - a nasty user can invite you to a channel with a %s in it, causing the client to coredump. This is a classic case of printf(variable) where variable contains formatting chars. Patch available here. Homepage: htp://www.bitchx.com. By Colten Edwards
bnbform-xploit.pl5211780Jul 24 11:56:41 2000
bnbform.cgi v4.0 and below remote exploit - reads any file on the system. Homepage: http://teleh0r.cjb.net. By Telehor
bulkmail-xploit.pl4321715Jul 24 12:00:51 2000
bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm. Homepage: http://teleh0r.cjb.net. By Telehor
bxexpl.c6071570Jul 28 11:42:49 2000
BitchX-75p3 local exploit, Redhat 6.2 x86. By Flea
clickrespond-xploit...>4491786Jul 24 12:19:27 2000
Click Responder v1.02 remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor
cpd.c31004567Jul 1 14:43:17 2000
CheckPoint IP firewall crashes when it detects packets coming from a different MAC with the same IP address as itself. We simply send a few spoofed UDP packets to it. By Antipent
cvs-1.10.8.txt8164259Jul 28 12:25:55 2000
CVS v1.10.8 allows users to execute any binary on the server using CVS/Checkin.prog or CVS/Update.prog. By Tanaka Akira
d-link.di-701.txt889919Jul 28 11:35:16 2000
The D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password. By Brant Hale
DST2K0019.txt11153284Jul 5 15:21:26 2000
Delphis Consulting Plc Security Team Advisory DST2K0019 - WebBBS v1.17 for Windows NT contains multiple buffer overflows, some of which allow remote code execution. Homepage: http://www.delphisplc.com/thinking/whitepapers/. By Delphis Security Team
dune_poc.c4563815Jul 20 10:53:18 2000
The Dune Webserver v0.6.7 has remotely exploitable buffer overflows. This code is a proof of concept exploit for linux/x86. Homepage: http://www.fakehalo.org. By Vade79
excel2000-exec.txt18042344Jul 13 10:20:40 2000
Excel 2000 serious vulnerability - Excel 2000/Windows 98 (other versions too) allows executing programs when opening an Excel Workbook (.xls file). This may be also be exploited thru IE or Outlook. This can easily lead to taking full control over user's computer. Demonstration available here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski
fawx2.c19177262Jul 24 16:34:35 2000
fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000. Homepage: http://www.slacknet.org. By Heeb
formmail-xploit.pl5651915Jul 24 12:25:00 2000
Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor
FS-071000-5-JWS8545756Jul 12 18:02:22 2000
The Sun Java Web Server for Solaris and Windows NT allows a remote attacker to execute arbitrary commands on the target system. Proof of concept included. Homepage: http://www.foundstone.com. By Saumil Shah
FS-072500-7-ANA.txt6294337Jul 25 16:01:40 2000
Foundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples. Homepage: http://www.foundstone.com. By Robin Keir
FS-072600-8-ANA.txt6724165Jul 26 17:44:30 2000
Foundstone Security Advisory - AnalogX SimpleServer:WWW v1.06 and below is vulnerable to a "relative directory path" attack that allows a remote user to retrieve any known file one the the server. Homepage: http://www.foundstone.com. By Robin Keir
FS-072800-9-BEA.txt9516121Jul 30 02:48:31 2000
Foundstone Security Advisory - Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing an attacker to view the source code of any file within the web document root of the web server. Depending on web application and directory structure attacker can access and view unauthorized files. Proof of concept URL's included. Homepage: http://www.foundstone.com. By Saumil Shah
imeshexp.zip173415785Jul 3 20:41:15 2000
iMesh V1.02 Beta build 117 remote exploit for Windows 98. Exploits a buffer overflow to download a file from a given URL and execute it on the remote host. Includes windows binary and C source. Homepage: http://www.mxeleet.org. By Hitek
Infosec.20000712.wor..>16482508Jul 12 18:07:02 2000
Infosec Security Vulnerability Report - The web server for remote access to e-mail in WorldClient 2.1 for Windows NT is vulnerable for root dot dot. It is possible to read any file if the full path is known. By Christer Staffer
JRUNremoteXploit.tgz12312560Jul 1 13:45:44 2000
JRun 2.3 remote buffer overflow exploit. Runs a shell on the port where the JRun webserver daemon is running. By Wildcoyote
mw-exp.c12341530Jul 15 15:10:20 2000
makewhatis local dos exploit - overwrites /etc/passwd as soon as makewhatis runs, usually from cron. By Grazer1
ncsa1-3.c13281004Jul 31 14:25:09 2000
NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0. Homepage: http://www.r00tabega.com. By Xtremist
netscape.ad.00-0717943324Jul 12 18:28:26 2000
Security Advisory ( netscape.ad.00-07 ) - Netscape Administration Server Password Disclosure. Netscape SuiteSpot running on Netscape webservers has a password file which in the default configuration is readable by remote users. All platforms are affected. By F0bic
netscape.jpg-marker...>82310594Jul 25 11:58:20 2000
Netscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms. Homepage: http://www.openwall.com/advisories. By Solar Designer
netware50-sp5.dos.tx..>10711123Jul 12 22:37:24 2000
NetWare 5.0 with SP 5 has a remote denial of service vulnerability. By sending random data to tcp port 40193, a buffer is overflowed and the server issues a memory allocation error and eventually crashes. By Dimuthu Parussalla
outlook.advisory.txt8483673Jul 19 10:47:28 2000
Microsoft Outlook Advisory and Remote Exploit - A bug in a shared component of Microsoft Outlook and Outlook Express mail clients can allow a remote user to write arbitrary data to the stack. This bug has been found to exist in all versions of MS Outlook and Outlook Express on both Windows 95/98 and Windows NT 4. Includes in depth discussion and proof-of-point exploit that, when placed in the header field of a message or MIME attached message, will download and execute an executable from the web. By Aaron Drew
OW-002-netscape-jpeg..>5286471Jul 25 12:17:10 2000
Netscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape. Homepage: http://www.openwall.com/advisories. By Solar Designer
pasvagg.pl5685679Jul 24 12:47:23 2000
Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups. Homepage: http://www.digitaloffense.net. By H.D. Moore
poll_it.txt18221028Jul 13 10:07:31 2000
Pollit, a cgi application, has a vulnerability which allows remote users to read any file on the system. A URL such as /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 will spit out /etc/passwd. By Adrian Daminato
pop2d.fold.txt16672173Jul 15 14:30:01 2000
Pop2d any file on the system can be read remotely on a pop2 server with a valid pop account due to a bug in the fold command. By Dotslash
proftpX.c21115175Jul 1 13:51:53 2000
ProFTPD 1.2pre4 remote buffer overflow exploit. Requires a writable directory. By Wildcoyote
ralfchat12.txt9363050Jul 11 21:51:13 2000
Ralf Chat 1.2, a free CGI based chat system has remote vulnerabilities. User passwords can be retrieved in plain text and the default admin password is rarely changed. By Daniel Wischnewski
razor.password.txt62310692Jul 5 15:10:39 2000
Razor is a configuration management tool which has a serious flaw with the Razor password file, rz_passwd. It can be decrypted with dumprazorpasswd.c or passwd_rz.pl which are included. By Shawn Clifford
SA2000-02.ism.dll10082040Jul 25 17:28:51 2000
ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included. Homepage: http://www.isbase.com. By Isbase Security Team
snoop.servlet.txt5022091Jul 20 10:56:12 2000
The Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from Apache Software Foundation reveals the full path to the webserver and OS. By Efrain Torres
SuSeLocaltmpXploit.c15102920Jul 1 14:04:12 2000
SuSe 6.1 through 6.4 local exploit - when root switches users, /tmp/ will be the $HOME. This exploit will create a suid (user) shell when root su's to a user account. By Wildcoyote
SX-20000620-111011533Jul 6 22:10:53 2000
SecureXpert Labs Advisory [SX-20000620-1] - Denial of Service vulnerability in Microsoft Windows 2000 Telnet Server. A remote user can cause the telnet server to stop responding to requests by sending a stream of binary zeros to the telnet server. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc target.host 23 < /dev/zero". Homepage: http://www.securexpert.com.
SX-20000620-214141736Jul 6 22:14:24 2000
SecureXpert Labs Advisory [SX-20000620-2] - Multiple services on Windows 2000 Server are vulnerable to a simple attack which allows remote network users to drive the CPU utilization to 100% in an extremely short period of time, at little cost to the attacker's machine. Homepage: http://www.securexpert.com.
SX-20000620-314161872Jul 6 22:16:32 2000
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT. The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%. Homepage: http://www.securexpert.com.
telsrv.txt8875564Jul 17 15:47:05 2000
GAMSoft's TelSrv 1.4/1.5 contains a remote denial of service vulnerability. If supplied with a very large login name, the service will crash. By Prizm
tetrinet_dos.c4672890Jul 12 14:12:44 2000
Tetrinet v0.6 for linux denial of service exploit. If a user on the local network sends an encrypted string and disconnects before the login is completed, the Tetrinet server exits with a broken pipe. Homepage: http://www.fakehalo.org. By Vade79
tomcat-3.1.path.txt483542Jul 19 21:57:29 2000
Tomcat v3.1 from the Apache Software Foundation displays the full path of the web server. By ET LoWNOISE
VIGILANTE-2000003.tx..>21222338Jul 15 16:50:39 2000
Microsoft IIS v4.0 and 5.0 contain a remote denial of service vulnerability if the server has been upgraded from v3.0. Issuing a malformed request for a certain file contained in /scripts/iisadmin can result in the webserver going into to an infinite loop, causing the web server to no longer accept requests. Microsoft bulletin available here. Homepage: http://www.vigilante.com. By Vigilante
VIGILANTE-2000004.tx..>5032446Jul 19 13:07:58 2000
Vigilante Advisory #4 - HP Jetdirect FTP service has a remote denial of service vulnerability affecting versions 8.20 and below. A long quote command causes the printer to crash, requiring a power cycle. Homepage: http://www.vigilante.com. By Vigilante
webactive.txt4631660Jul 13 10:17:13 2000
WEBactive HTTP Server 1.00 contains a remote denial of service vulnerability. By Prizm
wftpd241-11.tgz5451686Jul 24 16:43:12 2000
WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each. Homepage: http://bluepanda.box.sk. By Blue Panda
wftpd241.txt11481801Jul 11 14:30:12 2000
WFTPD and WFTPD Pro 2.41 RC10 are vulnerable to a dos attack which requires a valid account. An out of sequence RNTO command will cause WFTPD to crash. Perl exploit included. Homepage: http://bluepanda.box.sk. By Blue Panda
winamp.m3u.txt12852389Jul 27 13:59:09 2000
Winamp contains a buffer overflow in its M3U playlist parser. It is possible to execute arbitrary code on a remote computer via a malicious playlist. Proof of concept playlist included. By Pauli Ojanpera
wn-ex.c4267238Jul 21 10:46:52 2000
Remote buffer overflow exploit for the wn webserver for linux version v2.0.9 and below. Homepage: http://www.ccc.de. By Dvorak
wu-ftpd-v2.4.4.c9092206Jul 21 11:51:15 2000
Wu-ftpd v2.4(4) remote root exploit. Exploits the SITE EXEC buffer overflow. By Pascal Bouchareine
wu-ftpd26.c20077882Jul 17 16:34:58 2000
Remote root exploit for Wu-ftpd 2.6.0 from the ports collection running on FreeBSD v3.3, 3.4 and 4.0. Homepage: http://www.hack.co.za. By Glitch
wuftpd-god.c576920305Jul 8 21:35:24 2000
Fixed version of the wu-ftpd 2.6.0 exploit. Now gets the return address correct much more often. By god-@efnet
Xnapster.c33643240Jul 1 13:58:14 2000
Gnapster 1.3.8 and Knapster 0.9 remote view file exploit. By Wildcoyote
xpbitchx.c5841327Jul 21 11:56:28 2000
BitchX (75p3/1.0c16) local exploit. Homepage: http://www.undersec.com. By Raise
xppnc.c5702579Jul 21 11:41:24 2000
PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0. Homepage: http://www.undersec.com. By Raise
 
 
Privacy Statement