Welcome to the Exploits for August, 2000 Section. | |||
Some of these exploits are from Bugtraq and Security Bugware | |||
To Change Sort Order, Click On A Category. | |||
File Name | Downloads | File Size | Last Modified |
0008-exploits.tgz | 3590 | 1090974 | Sep 8 15:50:47 2000 |
Packet Storm new exploits for August, 2000. | |||
CIMcheck.exe | 336 | 553689 | Aug 30 15:07:22 2000 |
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Homepage: http://TheGovernment.com/cyrax. By Neon | |||
outlookmailxploit.zi..> | 461 | 190823 | Sep 7 15:32:37 2000 |
Microsoft Outlook remote exploit coded in delphi. Includes source code. By Fbyte | |||
linsql.c | 1525 | 39781 | Aug 15 16:32:36 2000 |
Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration. By Herbless courtesy of Bugtraq. | |||
irix.telnetd.txt | 1682 | 21301 | Sep 13 12:11:15 2000 |
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here. Homepage: http://lsd-pl.net. By LSD | |||
FtpdXploit2000.tar | 464 | 20480 | Aug 30 01:41:33 2000 |
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese. Homepage: http://www.geocities.com/cultbh. | |||
statdx.c | 1230 | 19060 | Aug 12 16:00:27 2000 |
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2. By Ron1n | |||
BOHTTPD-0.1.tar.gz | 615 | 17766 | Aug 8 16:50:55 2000 |
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here. Homepage: http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi. By Dan Brumleve | |||
ssexploit502x.pl | 1309 | 15331 | Aug 12 17:29:18 2000 |
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k. Homepage: http://www.deepzone.org. By Nemo | |||
wais.pl.advisory.txt | 926 | 13976 | Aug 14 10:36:58 2000 |
The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86. Homepage: http://www.synnergy.net. By Scrippie | |||
rpc_cmsd.c | 375 | 12135 | Sep 7 13:24:36 2000 |
rpc.cmsd remote root exploit for solaris 2.5 2.5.1 2.6 2.7 sparc. Homepage: http://lsd-pl.net. | |||
named2.c | 292 | 10303 | Sep 7 15:19:49 2000 |
Irix 6.2/5.3 named iquery remote root buffer overflow exploit. Spawns a bindshell. Homepage: http://lsd-pl.net. | |||
ie5-msn.exec.txt | 1810 | 8941 | Aug 15 17:12:00 2000 |
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski | |||
spad02.txt | 0 | 8894 | Aug 24 10:57:43 2000 |
Sorry, a description is unavailable. | |||
rpc_ttdbserverd.c | 337 | 8792 | Sep 7 13:23:37 2000 |
rpc.ttdbserverd remote root exploit for solaris 2.3 2.4 2.5 2.5.1 2.6 sparc. Homepage: http://lsd-pl.net. | |||
daemonic.c | 1078 | 8144 | Aug 28 01:55:49 2000 |
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems. Homepage: http://www.antioffline.com. By Sil | |||
irix_rpc_ttdbserverd..> | 292 | 7902 | Sep 7 14:00:57 2000 |
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2. Homepage: http://lsd-pl.net. | |||
Critical_Path_CSS | 286 | 7803 | Aug 29 17:41:07 2000 |
A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme. By Jeffrey W. Baker | |||
xgopher.c | 1073 | 7768 | Aug 12 15:57:45 2000 |
Gopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd. Homepage: http://www.fakehalo.org. By Vade79 | |||
webmail.txt | 1142 | 7708 | Aug 30 14:45:09 2000 |
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment. By D-Krypt. | |||
srcgrab.pl.txt | 1722 | 7692 | Aug 17 10:28:32 2000 |
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages. By Smiler | |||
wcGoph.c | 800 | 7419 | Aug 13 17:04:33 2000 |
Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0. By WC | |||
bubonic.c | 2135 | 6625 | Aug 28 02:06:39 2000 |
Bubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot. Homepage: http://www.antioffline.com. By Sil | |||
objectserver2.c | 231 | 6357 | Sep 7 14:04:56 2000 |
SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list. Homepage: http://lsd-pl.net. | |||
rpc.statd.x86.c | 2171 | 6169 | Aug 2 12:07:47 2000 |
Linux/x86 rpc.statd remote root exploit. By Doing courtesy of Bugtraq | |||
A090800-1 | 240 | 5930 | Sep 11 10:17:57 2000 |
@stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service. Homepage: http://www.atstake.com/research/advisories/2000/. | |||
suidperlhack.pl | 1715 | 5797 | Aug 9 01:18:25 2000 |
suidperlhack.pl is a Suidperl v5.00503 and below local root exploit which hsa been ported to perl to increase portability. Tested against BSD. Homepage: http://www.cs.uni-potsdam.de/homepages/students/linuxer. By Sebastian Krahmer | |||
xperl.sh | 2482 | 5756 | Aug 8 17:19:43 2000 |
Suidperl v5.00503 and below local root exploit which exploits an undocumented /bin/mail feature when perl wants to notify root on inode race conditions. Tested on Redhat 6.x/7.0. Homepage: http://lcamtuf.na.export.pl. By Michal Zalewski | |||
xitdos.c | 888 | 5547 | Aug 8 16:05:50 2000 |
Xitami Webserver v2.4d3 and below are vulnerable to a remote dos attack. Sending malformed data to port 81 will cause the server to stop responding. Tested agasinst Xitami on Win95/98/NT4.0. By Mozy | |||
crackncftp.c | 1127 | 5056 | Aug 16 18:45:04 2000 |
The ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string. Homepage: http://zorgon.freeshell.org. By Zorgon | |||
FS-073100-10-BEA.txt | 693 | 5037 | Aug 2 11:44:19 2000 |
Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems. Homepage: http://www.foundstone.com/advisories.htm. By Shreeraj Shah | |||
tin_bof.c | 1180 | 5033 | Aug 4 18:41:05 2000 |
Tin v1.4.3 local linux/x86 buffer overflow exploit which spawns a gid=news shell if /usr/bin/tin is setgid. Homepage: http://www.fakehalo.org. By Vade79 | |||
fpage-DoS.pl | 616 | 4865 | Aug 30 14:24:30 2000 |
Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl. Homepage: www.raza-mexicana.org. By alt3kx | |||
labs51.txt | 776 | 4816 | Aug 24 09:53:33 2000 |
USSR Labs Advisory #51 - There is a remote denial of service caused by a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000 for Windows NT/2000. The included shell code causes the system to crash. Homepage: http://www.ussrback.com. | |||
libc2-x86.c | 223 | 4779 | Sep 7 13:58:44 2000 |
libc.so LC_MESSAGES local exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net. | |||
darxite.tar.gz | 671 | 4738 | Aug 22 17:03:59 2000 |
Darxite, a daemon that retrieves files via FTP or HTTP, has several vulnerabilities throughout the code that allow a local/remote user to crash the servers, as well as a passwd authentication remote overflow, allowing remote shell access as the uid of the darxite daemon. Exploit and advisory included. Tested against Linux x86 systems. Homepage: http://www.synnergy.net. By dethy | |||
arrayd.c | 284 | 4658 | Sep 7 15:17:00 2000 |
Irix 6.5/6.4/6.3/6.2 arrayd remote buffer overflow exploit as described in CA-99-09-arrayd.txt. Homepage: http://lsd-pl.net. | |||
012.txt | 1251 | 4572 | Aug 2 12:44:15 2000 |
Pgxconfig is a Raptor graphics card configuration tool for Solaris which has multiple local vulnerabilities. The environment is not sanitized and root privileges are not dropped, allowing commands to be run as root. Local root exploit included. Homepage: http://www.suid.kg. By Suid courtesy of Bugtraq | |||
libc2.c | 243 | 4268 | Sep 7 13:22:43 2000 |
libc.so LC_MESSAGES local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net. | |||
nlps_server.c | 232 | 3669 | Sep 7 13:29:13 2000 |
listen/nlps_server remote buffer overflow exploit for solaris 2.4 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
libc-x86.c | 219 | 3608 | Sep 7 13:39:17 2000 |
libc.so getopt() local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
websitepro.txt | 306 | 3528 | Sep 11 09:58:50 2000 |
WebSite Pro is a Web Server for Win95/98/NT platforms. The vulnerability (or bad server administration) allows any user to create arbitrary files with arbitrary text on the victim machine, from the Internet web browser. By a default installation, any user can create or uploads files to the victim machine running a vulnerable version of WebSite Pro. The problem is a bad "protection access" of the main directories on the machine. By Crono | |||
dtprintinfo.c | 234 | 3389 | Sep 7 13:36:20 2000 |
/usr/dt/bin/dtprintinfo local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net. | |||
horde.txt | 242 | 3312 | Sep 11 10:09:56 2000 |
The $from-bug is in the horde library file 'horde.lib', (on debian systems installed in /usr/share/horde/lib/horde.lib) in line 1108 belonging to function "mailfrom". In this file there is a call to "popen" with an unchecked "from:"-line as argument. Bug found and exploited by Jens "atomi" Steube, Fixed and documentated by Christian "thepoet" Winter | |||
libnsl-x86.c | 217 | 3125 | Sep 7 13:56:58 2000 |
libnsl.so gethostbyname() for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
ufsdump-x86.c | 215 | 3114 | Sep 7 13:47:58 2000 |
/usr/lib/fs/ufs/ufsdump local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net. | |||
irix-libc.c | 219 | 3111 | Sep 7 15:26:12 2000 |
libc.so NLSPATH local exploit for Irix 6.2. Homepage: http://lsd-pl.net. | |||
word-access.txt | 1132 | 2984 | Aug 9 16:23:51 2000 |
Georgi Guninski security advisory #17 - MS Word and MS Access 2000 (with or without Service Release 1a) allow executing arbitrary programs if a Word document is opened. This may be exploited also by visiting a web page with IE or opening/previewing HTML email message with Outlook. In order this to work, the user must be able to access a mdb file, which resides either on an UNC share or a local drive. This allows taking full control over user's computer. Demonstration exploit available here or here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski | |||
clientagent662.txt | 374 | 2968 | Aug 31 16:01:58 2000 |
Client Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run. Homepage: http://www.nightbird.free.fr. By zorgon | |||
tip.c | 229 | 2961 | Sep 7 13:50:32 2000 |
/usr/bin/tip local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net. | |||
awcrash.c | 337 | 2830 | Sep 7 12:57:15 2000 |
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only. By Wildcoyote | |||
HWA-warpcrash.c | 398 | 2802 | Aug 30 16:56:28 2000 |
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt. Homepage: http://www.hwa-security.net. By eth0 | |||
PHP-Nuke.c | 1606 | 2800 | Aug 21 15:29:53 2000 |
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc By Fabian Clone | |||
totalbill.c | 324 | 2742 | Aug 10 15:40:07 2000 |
Totalbill is a complete billing and provisioning system for ISPs which contains remote root vulnerabilities. By Brian Masney | |||
mail.c | 224 | 2616 | Sep 7 15:22:04 2000 |
/usr/bin/mail local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net. | |||
gtkicq.c | 256 | 2547 | Sep 7 13:30:51 2000 |
gtkicq-0.62 local exploit. Overflows the HOME environment variable. By Sebastien Roy | |||
vpn-root.txt | 477 | 2506 | Aug 31 15:55:18 2000 |
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn. By Loki | |||
netpr-x86.c | 213 | 2480 | Sep 7 13:57:54 2000 |
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net. | |||
libxt2.c | 214 | 2471 | Sep 7 15:29:14 2000 |
libxt.so HOME environment variable local buffer overflow exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net. | |||
rapidstream.vpn.txt | 759 | 2409 | Aug 15 16:41:19 2000 |
RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn. By Loki courtesy of Bugtraq. | |||
htgrep.c | 849 | 2386 | Aug 21 14:04:12 2000 |
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program. By n30 | |||
CIMcheck.pl | 494 | 2352 | Aug 30 15:24:11 2000 |
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here. Homepage: http://TheGovernment.com/cyrax. By Neon | |||
dmplay.c | 235 | 2352 | Sep 7 15:40:01 2000 |
/usr/sbin/dmplay local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net. | |||
dtprint-info.c | 251 | 2341 | Sep 7 13:02:45 2000 |
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7. Homepage: http://lsd-pl.net. | |||
lp.c | 222 | 2321 | Sep 7 13:59:48 2000 |
/usr/bin/lp local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net. | |||
pset2.c | 215 | 2295 | Sep 7 15:28:02 2000 |
/sbin/pset local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net. | |||
libgl.c | 216 | 2287 | Sep 7 15:25:04 2000 |
libgl.so HOME environment variable local exploit for irix 6.2. Homepage: http://lsd-pl.net. | |||
xslrnpull.c | 898 | 2272 | Aug 22 16:39:37 2000 |
Slrnpull.c exploits a local buffer overflow vulnerability in slrnpull version 0.9.6.2, which is setgid news. Tested against RedHat 6.2. Homepage: http://www.fakehalo.org. By Vade79 | |||
robpoll-cgi-problem...> | 757 | 2266 | Aug 9 14:31:28 2000 |
Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID. Homepage: http://www.hertmx.org. By Alt3kx | |||
CIMcheck2.pl | 410 | 2264 | Sep 1 10:08:07 2000 |
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Homepage: http://TheGovernment.com/cyrax. By Neon. | |||
autofsd.c | 254 | 2254 | Sep 7 15:17:52 2000 |
Autofsd remote buffer overflow exploit for Irix 6.4 and 6.5. Homepage: http://lsd-pl.net. | |||
libxt.c | 206 | 2244 | Sep 7 13:06:34 2000 |
libxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
kcms_configure.c | 212 | 2237 | Sep 7 13:18:46 2000 |
/usr/openwin/bin/kcms_configure local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net. | |||
vqserver.dos.txt | 225 | 2228 | Aug 28 20:25:00 2000 |
vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected. Homepage: http://dhcorp.cjb.net. By nemesystm | |||
fdformat-x86.c | 222 | 2222 | Sep 7 13:54:56 2000 |
/bin/fdformat for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
kcms_configure-x86.c | 217 | 2217 | Sep 7 13:54:13 2000 |
/usr/openwin/bin/kcms_configure for solaris 2.5.1 2.7 x86. Homepage: http://lsd-pl.net. | |||
dtaction2.c | 232 | 2196 | Sep 7 13:27:51 2000 |
/usr/dt/bin/dtaction local root exploit for solaris 2.6 x86. Homepage: http://lsd-pl.net. | |||
dtaction.c | 232 | 2154 | Sep 7 13:26:51 2000 |
/usr/dt/bin/dtaction local root exploit for solaris 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
xlock-x86.c | 223 | 2152 | Sep 7 13:49:34 2000 |
/usr/openwin/bin/xlock local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
xsun-x86.c | 220 | 2138 | Sep 7 13:33:09 2000 |
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net. | |||
rdist.c | 199 | 2124 | Sep 7 13:11:52 2000 |
/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
eject-x86.c | 228 | 2120 | Sep 7 13:37:23 2000 |
/usr/bin/eject local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net. | |||
lpstat-x86.c | 221 | 2114 | Sep 7 13:52:37 2000 |
/usr/bin/lpstat local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net. | |||
libxaw.c | 217 | 2109 | Sep 7 15:23:14 2000 |
libxaw.so inputmethod local exploit for irix 6.2. Homepage: http://lsd-pl.net. | |||
VIGILANTE-2000005.tx..> | 627 | 2090 | Aug 15 15:44:08 2000 |
Vigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here. Homepage: http://www.vigilante.com. By Vigilante | |||
ufs-restore.c | 208 | 2081 | Sep 7 13:10:28 2000 |
/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc. Homepage: http://lsd-pl.net. | |||
netpr.c | 210 | 2080 | Sep 7 13:16:29 2000 |
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net. | |||
subscribeme.txt | 0 | 2010 | Aug 24 13:29:08 2000 |
Sorry, a description is unavailable. | |||
libc.c | 213 | 1897 | Sep 7 13:07:37 2000 |
libc.so getopt() local root exploit for Solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
ntop.advisory.txt | 925 | 1897 | Aug 2 11:59:43 2000 |
Ntop -w allows remote users who have permission to view traffic stats to view any file on the system as root. Homepage: http://www.hackerslab.org. By Dubhe courtesy of Bugtraq | |||
form-totaller.txt | 1195 | 1879 | Aug 14 13:29:59 2000 |
Form-Totaller version 1.0 (form-totaller.cgi) trusts user input for filenames, allowing a remote user to read any file on the webserver. By Signal 9 | |||
VIGILANTE-2000007 | 619 | 1871 | Aug 28 02:16:01 2000 |
Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64. Homepage: http://www.vigilante.com. By Vigilante | |||
everythingform.txt | 1599 | 1850 | Aug 14 13:25:42 2000 |
The Everything Form (everythingform.cgi) contains remote vulnerabilities which allow any file on the sytem to be read. By Signal 9 | |||
ffbconfig.c | 223 | 1801 | Sep 7 13:19:33 2000 |
/usr/sbin/ffbconfig local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
php-nuke.txt | 524 | 1799 | Aug 24 10:09:49 2000 |
A short advisory on how to manipulate a bug in the PHP-nuke Web Portal System to allow you to gain administrative access. By Starman_Jones | |||
fdformat.c | 229 | 1782 | Sep 7 13:20:54 2000 |
/bin/fdformat local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
msw2ktelnetdos.sh | 254 | 1763 | Sep 7 12:59:27 2000 |
Windows 2000 telnet server denial of service exploit. By Wildcoyote | |||
VIGILANTE-2000006.tx..> | 658 | 1763 | Aug 15 15:48:42 2000 |
Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here. Homepage: http://www.vigilante.com. By Vigilante | |||
gr_osview.c | 218 | 1758 | Sep 7 15:27:15 2000 |
/usr/sbin/gr_osview local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net. | |||
lpset.c | 229 | 1747 | Sep 7 13:14:06 2000 |
/usr/bin/lpset local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net. | |||
irix-xlock.c | 220 | 1744 | Sep 7 15:21:02 2000 |
Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit. Homepage: http://lsd-pl.net. | |||
lpstat.c | 221 | 1732 | Sep 7 13:15:46 2000 |
/usr/bin/lpstat local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net. | |||
eject3.c | 219 | 1692 | Sep 7 15:30:10 2000 |
/usr/sbin/eject local exploit for Irix 6.2. Homepage: http://lsd-pl.net. | |||
xsun.c | 244 | 1683 | Sep 7 13:09:30 2000 |
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net. | |||
eject.c | 238 | 1650 | Sep 7 13:21:45 2000 |
/bin/eject local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
passwd.c | 227 | 1642 | Sep 7 13:05:25 2000 |
/bin/passwd local root exploit for Solaris 2.5 / 2.5.1. Homepage: http://lsd-pl.net. | |||
libnsl.c | 223 | 1619 | Sep 7 13:25:26 2000 |
libnsl.so gethostbyname() local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net. | |||
servu25e.txt | 2330 | 1600 | Aug 3 17:30:36 2000 |
FTP Serv-U 2.5e for Windows will stack fault if sent a string containing a large number of null bytes. The system Serv-U is running on may become sluggish/unstable and eventually bluescreen. A valid user/pass combination is not required to take advantage of this vulnerability. Perl proof of exploit code included. Homepage: http://bluepanda.box.sk. By Blue Panda | |||
login2.c | 221 | 1594 | Sep 7 15:24:02 2000 |
/usr/lib/iaf/scheme (login) local exploit for Irix 5.3. Homepage: http://lsd-pl.net. | |||
WDK_v1.0.vuln.txt | 241 | 1517 | Aug 28 20:34:19 2000 |
The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given. By Kevin Finisterre | |||
AccountManSploit.zip | 766 | 1412 | Aug 30 17:36:50 2000 |
Product: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making. By n30 | |||
bohttpd.vulnerabilit..> | 798 | 1344 | Aug 8 20:18:35 2000 |
A vulnerability has been found in Dan Brumleve's Brown Orifice HTTPD (BOHTTPD) which is a web server and file sharing tool that runs as a Java Applet in Netscape Navigator. By specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. Homepage: http://www.etl.go.jp/~takagi. By Hiromitsu Takagi | |||
inpview.c | 223 | 1265 | Sep 7 15:30:59 2000 |
/usr/lib/InPerson/inpview local exploit for irix 6.5 and 6.5.8. Homepage: http://lsd-pl.net. | |||
trans.pl | 330 | 1154 | Sep 7 15:34:23 2000 |
Win2k IIS remote exploit - Retrieves files using the Translate: f bug. By Roelof Temmingh | |||
pgxconfig.sh | 220 | 1093 | Sep 7 13:45:13 2000 |
TechSource Raptor GFX configurator (pgxconfig) local root exploit. By Suid | |||
hpux.ftpd.txt | 355 | 1080 | Aug 10 15:59:15 2000 |
HPUX's ftpd contains a remotely exploitable format string vulnerability in the PASS command. Homepage: http://www.freebsd.lublin.pl. By Venglin | |||
dievqs.pl | 405 | 744 | Aug 31 18:50:41 2000 |
DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it. Homepage: http://www.ro0t.nu/csl. By sinfony | |||
lyris.3-4.txt | 769 | 721 | Aug 14 22:22:23 2000 |
Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here. By Adam Hupp courtesy of Bugtraq. | |||
cmctl_exp | 453 | 587 | Aug 31 19:01:46 2000 |
This script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution. By Kevin Wenchel | |||