ArchivesForums
 
about usforumsassessmentdefensepapersmagazinesmiscellaneouslinkscareers


Welcome to the Exploits for August, 2000 Section.

Some of these exploits are from Bugtraq and Security Bugware

To Change Sort Order, Click On A Category.
Sorted By: File Size.

File Name Downloads File Size Last Modified
0008-exploits.tgz35901090974Sep 8 15:50:47 2000
Packet Storm new exploits for August, 2000.
CIMcheck.exe336553689Aug 30 15:07:22 2000
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Homepage: http://TheGovernment.com/cyrax. By Neon
outlookmailxploit.zi..>461190823Sep 7 15:32:37 2000
Microsoft Outlook remote exploit coded in delphi. Includes source code. By Fbyte
linsql.c152539781Aug 15 16:32:36 2000
Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration. By Herbless courtesy of Bugtraq.
irix.telnetd.txt168221301Sep 13 12:11:15 2000
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here. Homepage: http://lsd-pl.net. By LSD
FtpdXploit2000.tar46420480Aug 30 01:41:33 2000
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese. Homepage: http://www.geocities.com/cultbh.
statdx.c123019060Aug 12 16:00:27 2000
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2. By Ron1n
BOHTTPD-0.1.tar.gz61517766Aug 8 16:50:55 2000
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here. Homepage: http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi. By Dan Brumleve
ssexploit502x.pl130915331Aug 12 17:29:18 2000
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k. Homepage: http://www.deepzone.org. By Nemo
wais.pl.advisory.txt92613976Aug 14 10:36:58 2000
The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86. Homepage: http://www.synnergy.net. By Scrippie
rpc_cmsd.c37512135Sep 7 13:24:36 2000
rpc.cmsd remote root exploit for solaris 2.5 2.5.1 2.6 2.7 sparc. Homepage: http://lsd-pl.net.
named2.c29210303Sep 7 15:19:49 2000
Irix 6.2/5.3 named iquery remote root buffer overflow exploit. Spawns a bindshell. Homepage: http://lsd-pl.net.
ie5-msn.exec.txt18108941Aug 15 17:12:00 2000
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski
spad02.txt08894Aug 24 10:57:43 2000
Sorry, a description is unavailable.
rpc_ttdbserverd.c3378792Sep 7 13:23:37 2000
rpc.ttdbserverd remote root exploit for solaris 2.3 2.4 2.5 2.5.1 2.6 sparc. Homepage: http://lsd-pl.net.
daemonic.c10788144Aug 28 01:55:49 2000
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems. Homepage: http://www.antioffline.com. By Sil
irix_rpc_ttdbserverd..>2927902Sep 7 14:00:57 2000
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2. Homepage: http://lsd-pl.net.
Critical_Path_CSS2867803Aug 29 17:41:07 2000
A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme. By Jeffrey W. Baker
xgopher.c10737768Aug 12 15:57:45 2000
Gopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd. Homepage: http://www.fakehalo.org. By Vade79
webmail.txt11427708Aug 30 14:45:09 2000
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment. By D-Krypt.
srcgrab.pl.txt17227692Aug 17 10:28:32 2000
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages. By Smiler
wcGoph.c8007419Aug 13 17:04:33 2000
Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0. By WC
bubonic.c21356625Aug 28 02:06:39 2000
Bubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot. Homepage: http://www.antioffline.com. By Sil
objectserver2.c2316357Sep 7 14:04:56 2000
SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list. Homepage: http://lsd-pl.net.
rpc.statd.x86.c21716169Aug 2 12:07:47 2000
Linux/x86 rpc.statd remote root exploit. By Doing courtesy of Bugtraq
A090800-12405930Sep 11 10:17:57 2000
@stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service. Homepage: http://www.atstake.com/research/advisories/2000/.
suidperlhack.pl17155797Aug 9 01:18:25 2000
suidperlhack.pl is a Suidperl v5.00503 and below local root exploit which hsa been ported to perl to increase portability. Tested against BSD. Homepage: http://www.cs.uni-potsdam.de/homepages/students/linuxer. By Sebastian Krahmer
xperl.sh24825756Aug 8 17:19:43 2000
Suidperl v5.00503 and below local root exploit which exploits an undocumented /bin/mail feature when perl wants to notify root on inode race conditions. Tested on Redhat 6.x/7.0. Homepage: http://lcamtuf.na.export.pl. By Michal Zalewski
xitdos.c8885547Aug 8 16:05:50 2000
Xitami Webserver v2.4d3 and below are vulnerable to a remote dos attack. Sending malformed data to port 81 will cause the server to stop responding. Tested agasinst Xitami on Win95/98/NT4.0. By Mozy
crackncftp.c11275056Aug 16 18:45:04 2000
The ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string. Homepage: http://zorgon.freeshell.org. By Zorgon
FS-073100-10-BEA.txt6935037Aug 2 11:44:19 2000
Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems. Homepage: http://www.foundstone.com/advisories.htm. By Shreeraj Shah
tin_bof.c11805033Aug 4 18:41:05 2000
Tin v1.4.3 local linux/x86 buffer overflow exploit which spawns a gid=news shell if /usr/bin/tin is setgid. Homepage: http://www.fakehalo.org. By Vade79
fpage-DoS.pl6164865Aug 30 14:24:30 2000
Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl. Homepage: www.raza-mexicana.org. By alt3kx
labs51.txt7764816Aug 24 09:53:33 2000
USSR Labs Advisory #51 - There is a remote denial of service caused by a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000 for Windows NT/2000. The included shell code causes the system to crash. Homepage: http://www.ussrback.com.
libc2-x86.c2234779Sep 7 13:58:44 2000
libc.so LC_MESSAGES local exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net.
darxite.tar.gz6714738Aug 22 17:03:59 2000
Darxite, a daemon that retrieves files via FTP or HTTP, has several vulnerabilities throughout the code that allow a local/remote user to crash the servers, as well as a passwd authentication remote overflow, allowing remote shell access as the uid of the darxite daemon. Exploit and advisory included. Tested against Linux x86 systems. Homepage: http://www.synnergy.net. By dethy
arrayd.c2844658Sep 7 15:17:00 2000
Irix 6.5/6.4/6.3/6.2 arrayd remote buffer overflow exploit as described in CA-99-09-arrayd.txt. Homepage: http://lsd-pl.net.
012.txt12514572Aug 2 12:44:15 2000
Pgxconfig is a Raptor graphics card configuration tool for Solaris which has multiple local vulnerabilities. The environment is not sanitized and root privileges are not dropped, allowing commands to be run as root. Local root exploit included. Homepage: http://www.suid.kg. By Suid courtesy of Bugtraq
libc2.c2434268Sep 7 13:22:43 2000
libc.so LC_MESSAGES local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net.
nlps_server.c2323669Sep 7 13:29:13 2000
listen/nlps_server remote buffer overflow exploit for solaris 2.4 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
libc-x86.c2193608Sep 7 13:39:17 2000
libc.so getopt() local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
websitepro.txt3063528Sep 11 09:58:50 2000
WebSite Pro is a Web Server for Win95/98/NT platforms. The vulnerability (or bad server administration) allows any user to create arbitrary files with arbitrary text on the victim machine, from the Internet web browser. By a default installation, any user can create or uploads files to the victim machine running a vulnerable version of WebSite Pro. The problem is a bad "protection access" of the main directories on the machine. By Crono
dtprintinfo.c2343389Sep 7 13:36:20 2000
/usr/dt/bin/dtprintinfo local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net.
horde.txt2423312Sep 11 10:09:56 2000
The $from-bug is in the horde library file 'horde.lib', (on debian systems installed in /usr/share/horde/lib/horde.lib) in line 1108 belonging to function "mailfrom". In this file there is a call to "popen" with an unchecked "from:"-line as argument. Bug found and exploited by Jens "atomi" Steube, Fixed and documentated by Christian "thepoet" Winter
libnsl-x86.c2173125Sep 7 13:56:58 2000
libnsl.so gethostbyname() for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
ufsdump-x86.c2153114Sep 7 13:47:58 2000
/usr/lib/fs/ufs/ufsdump local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net.
irix-libc.c2193111Sep 7 15:26:12 2000
libc.so NLSPATH local exploit for Irix 6.2. Homepage: http://lsd-pl.net.
word-access.txt11322984Aug 9 16:23:51 2000
Georgi Guninski security advisory #17 - MS Word and MS Access 2000 (with or without Service Release 1a) allow executing arbitrary programs if a Word document is opened. This may be exploited also by visiting a web page with IE or opening/previewing HTML email message with Outlook. In order this to work, the user must be able to access a mdb file, which resides either on an UNC share or a local drive. This allows taking full control over user's computer. Demonstration exploit available here or here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski
clientagent662.txt3742968Aug 31 16:01:58 2000
Client Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run. Homepage: http://www.nightbird.free.fr. By zorgon
tip.c2292961Sep 7 13:50:32 2000
/usr/bin/tip local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net.
awcrash.c3372830Sep 7 12:57:15 2000
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only. By Wildcoyote
HWA-warpcrash.c3982802Aug 30 16:56:28 2000
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt. Homepage: http://www.hwa-security.net. By eth0
PHP-Nuke.c16062800Aug 21 15:29:53 2000
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc By Fabian Clone
totalbill.c3242742Aug 10 15:40:07 2000
Totalbill is a complete billing and provisioning system for ISPs which contains remote root vulnerabilities. By Brian Masney
mail.c2242616Sep 7 15:22:04 2000
/usr/bin/mail local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net.
gtkicq.c2562547Sep 7 13:30:51 2000
gtkicq-0.62 local exploit. Overflows the HOME environment variable. By Sebastien Roy
vpn-root.txt4772506Aug 31 15:55:18 2000
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn. By Loki
netpr-x86.c2132480Sep 7 13:57:54 2000
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net.
libxt2.c2142471Sep 7 15:29:14 2000
libxt.so HOME environment variable local buffer overflow exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net.
rapidstream.vpn.txt7592409Aug 15 16:41:19 2000
RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn. By Loki courtesy of Bugtraq.
htgrep.c8492386Aug 21 14:04:12 2000
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program. By n30
CIMcheck.pl4942352Aug 30 15:24:11 2000
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here. Homepage: http://TheGovernment.com/cyrax. By Neon
dmplay.c2352352Sep 7 15:40:01 2000
/usr/sbin/dmplay local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net.
dtprint-info.c2512341Sep 7 13:02:45 2000
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7. Homepage: http://lsd-pl.net.
lp.c2222321Sep 7 13:59:48 2000
/usr/bin/lp local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net.
pset2.c2152295Sep 7 15:28:02 2000
/sbin/pset local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net.
libgl.c2162287Sep 7 15:25:04 2000
libgl.so HOME environment variable local exploit for irix 6.2. Homepage: http://lsd-pl.net.
xslrnpull.c8982272Aug 22 16:39:37 2000
Slrnpull.c exploits a local buffer overflow vulnerability in slrnpull version 0.9.6.2, which is setgid news. Tested against RedHat 6.2. Homepage: http://www.fakehalo.org. By Vade79
robpoll-cgi-problem...>7572266Aug 9 14:31:28 2000
Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID. Homepage: http://www.hertmx.org. By Alt3kx
CIMcheck2.pl4102264Sep 1 10:08:07 2000
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Homepage: http://TheGovernment.com/cyrax. By Neon.
autofsd.c2542254Sep 7 15:17:52 2000
Autofsd remote buffer overflow exploit for Irix 6.4 and 6.5. Homepage: http://lsd-pl.net.
libxt.c2062244Sep 7 13:06:34 2000
libxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
kcms_configure.c2122237Sep 7 13:18:46 2000
/usr/openwin/bin/kcms_configure local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net.
vqserver.dos.txt2252228Aug 28 20:25:00 2000
vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected. Homepage: http://dhcorp.cjb.net. By nemesystm
fdformat-x86.c2222222Sep 7 13:54:56 2000
/bin/fdformat for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
kcms_configure-x86.c2172217Sep 7 13:54:13 2000
/usr/openwin/bin/kcms_configure for solaris 2.5.1 2.7 x86. Homepage: http://lsd-pl.net.
dtaction2.c2322196Sep 7 13:27:51 2000
/usr/dt/bin/dtaction local root exploit for solaris 2.6 x86. Homepage: http://lsd-pl.net.
dtaction.c2322154Sep 7 13:26:51 2000
/usr/dt/bin/dtaction local root exploit for solaris 2.5.1 x86. Homepage: http://lsd-pl.net.
xlock-x86.c2232152Sep 7 13:49:34 2000
/usr/openwin/bin/xlock local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
xsun-x86.c2202138Sep 7 13:33:09 2000
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 x86. Homepage: http://lsd-pl.net.
rdist.c1992124Sep 7 13:11:52 2000
/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
eject-x86.c2282120Sep 7 13:37:23 2000
/usr/bin/eject local root exploit for solaris 2.5 2.5.1 x86. Homepage: http://lsd-pl.net.
lpstat-x86.c2212114Sep 7 13:52:37 2000
/usr/bin/lpstat local root exploit for solaris 2.7 x86. Homepage: http://lsd-pl.net.
libxaw.c2172109Sep 7 15:23:14 2000
libxaw.so inputmethod local exploit for irix 6.2. Homepage: http://lsd-pl.net.
VIGILANTE-2000005.tx..>6272090Aug 15 15:44:08 2000
Vigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here. Homepage: http://www.vigilante.com. By Vigilante
ufs-restore.c2082081Sep 7 13:10:28 2000
/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc. Homepage: http://lsd-pl.net.
netpr.c2102080Sep 7 13:16:29 2000
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net.
subscribeme.txt02010Aug 24 13:29:08 2000
Sorry, a description is unavailable.
libc.c2131897Sep 7 13:07:37 2000
libc.so getopt() local root exploit for Solaris 2.4 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
ntop.advisory.txt9251897Aug 2 11:59:43 2000
Ntop -w allows remote users who have permission to view traffic stats to view any file on the system as root. Homepage: http://www.hackerslab.org. By Dubhe courtesy of Bugtraq
form-totaller.txt11951879Aug 14 13:29:59 2000
Form-Totaller version 1.0 (form-totaller.cgi) trusts user input for filenames, allowing a remote user to read any file on the webserver. By Signal 9
VIGILANTE-20000076191871Aug 28 02:16:01 2000
Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64. Homepage: http://www.vigilante.com. By Vigilante
everythingform.txt15991850Aug 14 13:25:42 2000
The Everything Form (everythingform.cgi) contains remote vulnerabilities which allow any file on the sytem to be read. By Signal 9
ffbconfig.c2231801Sep 7 13:19:33 2000
/usr/sbin/ffbconfig local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
php-nuke.txt5241799Aug 24 10:09:49 2000
A short advisory on how to manipulate a bug in the PHP-nuke Web Portal System to allow you to gain administrative access. By Starman_Jones
fdformat.c2291782Sep 7 13:20:54 2000
/bin/fdformat local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
msw2ktelnetdos.sh2541763Sep 7 12:59:27 2000
Windows 2000 telnet server denial of service exploit. By Wildcoyote
VIGILANTE-2000006.tx..>6581763Aug 15 15:48:42 2000
Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here. Homepage: http://www.vigilante.com. By Vigilante
gr_osview.c2181758Sep 7 15:27:15 2000
/usr/sbin/gr_osview local exploit for Irix 6.2 and 6.3. Homepage: http://lsd-pl.net.
lpset.c2291747Sep 7 13:14:06 2000
/usr/bin/lpset local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net.
irix-xlock.c2201744Sep 7 15:21:02 2000
Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit. Homepage: http://lsd-pl.net.
lpstat.c2211732Sep 7 13:15:46 2000
/usr/bin/lpstat local root exploit for solaris 2.7 sparc. Homepage: http://lsd-pl.net.
eject3.c2191692Sep 7 15:30:10 2000
/usr/sbin/eject local exploit for Irix 6.2. Homepage: http://lsd-pl.net.
xsun.c2441683Sep 7 13:09:30 2000
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 sparc. Homepage: http://lsd-pl.net.
eject.c2381650Sep 7 13:21:45 2000
/bin/eject local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
passwd.c2271642Sep 7 13:05:25 2000
/bin/passwd local root exploit for Solaris 2.5 / 2.5.1. Homepage: http://lsd-pl.net.
libnsl.c2231619Sep 7 13:25:26 2000
libnsl.so gethostbyname() local root exploit for solaris 2.5 2.5.1 sparc. Homepage: http://lsd-pl.net.
servu25e.txt23301600Aug 3 17:30:36 2000
FTP Serv-U 2.5e for Windows will stack fault if sent a string containing a large number of null bytes. The system Serv-U is running on may become sluggish/unstable and eventually bluescreen. A valid user/pass combination is not required to take advantage of this vulnerability. Perl proof of exploit code included. Homepage: http://bluepanda.box.sk. By Blue Panda
login2.c2211594Sep 7 15:24:02 2000
/usr/lib/iaf/scheme (login) local exploit for Irix 5.3. Homepage: http://lsd-pl.net.
WDK_v1.0.vuln.txt2411517Aug 28 20:34:19 2000
The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given. By Kevin Finisterre
AccountManSploit.zip7661412Aug 30 17:36:50 2000
Product: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making. By n30
bohttpd.vulnerabilit..>7981344Aug 8 20:18:35 2000
A vulnerability has been found in Dan Brumleve's Brown Orifice HTTPD (BOHTTPD) which is a web server and file sharing tool that runs as a Java Applet in Netscape Navigator. By specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. Homepage: http://www.etl.go.jp/~takagi. By Hiromitsu Takagi
inpview.c2231265Sep 7 15:30:59 2000
/usr/lib/InPerson/inpview local exploit for irix 6.5 and 6.5.8. Homepage: http://lsd-pl.net.
trans.pl3301154Sep 7 15:34:23 2000
Win2k IIS remote exploit - Retrieves files using the Translate: f bug. By Roelof Temmingh
pgxconfig.sh2201093Sep 7 13:45:13 2000
TechSource Raptor GFX configurator (pgxconfig) local root exploit. By Suid
hpux.ftpd.txt3551080Aug 10 15:59:15 2000
HPUX's ftpd contains a remotely exploitable format string vulnerability in the PASS command. Homepage: http://www.freebsd.lublin.pl. By Venglin
dievqs.pl405744Aug 31 18:50:41 2000
DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it. Homepage: http://www.ro0t.nu/csl. By sinfony
lyris.3-4.txt769721Aug 14 22:22:23 2000
Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here. By Adam Hupp courtesy of Bugtraq.
cmctl_exp453587Aug 31 19:01:46 2000
This script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution. By Kevin Wenchel