|
|
Some of these exploits are from Bugtraq |
|
To Change Sort Order, Click On A Category.
Sorted By: Last Modified. |
File Name |
Downloads |
File Size |
Last Modified |
| 0012-exploits.tgz | 0 | 154662 | Jan 1 2001 22:08:46 |
| Packet Storm new exploits for December, 2000. |
| wu-ftpd-solsparc.c | 0 | 8686 | Jan 1 2001 22:07:40 |
| Solaris Wu-ftpd wu-2.4(1) remote root exploit which uses the site exec format string vulnerability. Tuned for Solaris Sparc v2.8 w/ inetd. By Kalou |
| scx-sa-13.txt | 0 | 3813 | Jan 1 2001 10:19:53 |
| Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code. Homepage: http://securax.org. By Root-dude |
| scx-sa-11.txt | 0 | 4310 | Dec 31 2000 21:45:06 |
| Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code. Homepage: http://securax.org. By Root-dude |
| 7350wu-v5.tar.gz | 0 | 16229 | Dec 31 2000 10:53:49 |
| 7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD. Homepage: https://www.team-teso.net. By Scut |
| SEClpd.c | 0 | 10961 | Dec 30 2000 19:41:34 |
| Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset. Homepage: http://www.netcat.it. By Netcat |
| hhp-expect_adv0017.t..> | 0 | 6236 | Dec 30 2000 19:18:48 |
| Expect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application. Homepage: http://www.hhp-programming.net. By Isox and Loophole |
| hhp-GnomeScott_smash..> | 0 | 1588 | Dec 30 2000 19:14:01 |
| GnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0. Homepage: http://www.hhp-programming.net. By Loophole |
| hhp-expect_smash.c | 0 | 3079 | Dec 30 2000 19:10:52 |
| Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here. Homepage: http://www.hhp-programming.net. By Isox |
| hhp-gnomehack_smash...> | 0 | 2397 | Dec 30 2000 19:07:05 |
| Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2. Homepage: http://www.hhp-programming.net. By Loophole |
| hhp-kwintv_smash.c | 0 | 2169 | Dec 30 2000 19:05:35 |
| Kwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0. Homepage: http://www.hhp-programming.net. By Loophole |
| hhp-fancy_smash.c | 0 | 1268 | Dec 30 2000 19:03:24 |
| Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1. Homepage: http://www.hhp-programming.net. By Icesk |
| scx-sa-12.txt | 0 | 6659 | Dec 30 2000 17:49:04 |
| Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log. Homepage: http://securax.org. By Incubus |
| hhp-stonx_smash.c | 0 | 2828 | Dec 27 2000 17:42:10 |
| STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0. Homepage: http://www.hhp-programming.net. By Loophole |
| xxconq.c | 0 | 5050 | Dec 26 2000 14:18:48 |
| Linux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware. Homepage: http://www.fakehalo.org. By Vade79 |
| obsd-ftpd.c | 0 | 20337 | Dec 23 2000 21:59:47 |
| OpenBSD v2.6 and 2.7 ftpd remote root exploit. Homepage: http://www.synnergy.net. By Scrippie |
| identdDoS.c | 0 | 2149 | Dec 23 2000 18:19:41 |
| SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL. By Root-Dude |
| catman-race.txt | 0 | 4718 | Dec 23 2000 15:07:23 |
| Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar |
| bindview.naptha.txt | 0 | 23509 | Dec 21 2000 22:32:04 |
| The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection. Homepage: http://razor.bindview.com. |
| sonata-teleconf-2.tx..> | 0 | 2220 | Dec 21 2000 22:11:46 |
| Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root. Homepage: http://vapid.betteros.org. By Larry W. Cashdollar |
| omnihttpdex.c | 0 | 2424 | Dec 21 2000 22:06:18 |
| Omni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin. Homepage: http://www.Hack-X.org. By Kilrid |
| ksh.temp-hole.txt | 0 | 914 | Dec 21 2000 21:08:04 |
| The Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included. Homepage: http://www.maths.usyd.edu.au:8000/u/psz. By Paul Szabo |
| interchange.txt | 0 | 1527 | Dec 21 2000 21:05:14 |
| Infinite InterChange is a Win95/98/NT/2k mail server which has a remote denial of service vulnerability where it can be caused to crash via a malformed post request. This has been fixed in Infinite InterChange v3.61. By SNS Research |
| rpc-everythingform.t..> | 0 | 914 | Dec 18 2000 18:43:45 |
| everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included. By RPC |
| xitetris.c | 0 | 4386 | Dec 18 2000 18:24:51 |
| Itetris v1.6.2 local root exploit - Exploits a vulnerable system() call. Homepage: http://www.fakehalo.org. By Vade79 |
| 7350nxt-v3.tar.gz | 0 | 8729 | Dec 18 2000 18:16:52 |
| Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot. Homepage: https://www.team-teso.net. |
| 7350oftpd.tar.gz | 0 | 7127 | Dec 18 2000 18:05:22 |
| OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory. Homepage: https://www.team-teso.net. By Caddis |
| xckermit.c | 0 | 4671 | Dec 18 2000 17:49:52 |
| Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid. Homepage: http://www.fakehalo.org. By Vade79 |
| xsold.c | 0 | 1544 | Dec 15 2000 17:25:26 |
| Linux Xsoldier local root buffer overflow exploit. Overflows the -display command line option. Homepage: http://www.nightbird.free.fr. By Zorgon |
| rdC-LPRng.c | 0 | 10325 | Dec 15 2000 15:08:48 |
| LPRng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against the default install of Redhat 7.0 (LPRng-3.6.24-1) and LPRng3.6.22-1 installed on Slackware 7.0. Homepage: http://www.rdcrew.com.ar. By Venomous |
| killntoe.c | 0 | 3567 | Dec 14 2000 18:08:00 |
| Nettoe v1.0.5 denial of service attack - Causes the Nettoe server to use all available CPU cycles and lock the game. Homepage: http://www.fakehalo.org. By Vade79 |
| sa_09.txt | 0 | 3682 | Dec 14 2000 18:03:16 |
| NSFOCUS Security Advisory (SA2000-09) - EZshopper v2.0 and v3.0 from AHG contains remote CGI vulnerabilities which allow an attacker to get directory listings and sensitive file contents. Exploit URL's included. Homepage: http://www.nsfocus.com. |
| mon_pine.sh | 0 | 2464 | Dec 11 2000 16:19:53 |
| Pine v4.30 and below allows outgoing mail to be hijacked if the alternate editor is enabled. Exploit script included. Homepage: http://hacksware.com. By Mat |
| apcupsdos.c | 0 | 3492 | Dec 11 2000 16:10:19 |
| Apcupsd v3.7.2 local denial of service attack. Can kill any running daemon. By The Itch |
| shop.pl.txt | 0 | 721 | Dec 11 2000 16:08:09 |
| Hassan Consulting's Shopping Cart Version 1.x (cgi-bin/shop.pl) contains remote vulnerabilities, including directory transversal with file read ability, listing files, and path disclosure. Exploit URL's included. By Dotslash |
| scx-sa-10.txt | 0 | 4490 | Dec 8 2000 01:16:16 |
| Securax Security Advisory #10 - The Watchguard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. Local and Remote users can crash the Watchguard SOHO Firewall using multiple get requests to the webserver. Perl exploit included. This attack will not show up in the logfile except for a reboot notice. Homepage: http://securax.org. By Vorlon |
| PhoneBook.c | 0 | 3048 | Dec 8 2000 00:56:44 |
| Microsoft Phonebook Server Remote Exploit - Tests for the pbserver.dll buffer overflow. By David Litchfield |
| CSA-200012.txt | 0 | 1737 | Dec 7 2000 11:04:37 |
| CHINANSL Security Advisory(CSA-200012) - Ultraseek Server 3.0 Vulnerability allows malicious users to see the full pathnames of server addons. Homepage: http://www.chinansl.com. |
| bf-code.c | 0 | 1530 | Dec 7 2000 10:57:37 |
| Bftpd 1.0.12 contains a remote buffer overflow. Denial of service exploit included. Homepage: http://www.pkcrew.org. By Asynchro |
| SRADV00007.txt | 0 | 2247 | Dec 6 2000 22:14:11 |
| Secure Reality Pty Ltd. Security Advisory #7 - MarkVision is a printer administration package from Lexmark. Versions previous to v4.4 contain local root buffer overflow vulnerabilities. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality |
| SRADV00006.txt | 0 | 5249 | Dec 6 2000 22:04:06 |
| Secure Reality Pty Ltd. Security Advisory #6 - phpGroupWare is a multi-user web based groupware suite written in PHP. Versions below 0.9.7 under Unix make insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality |
| SRADV00005.txt | 0 | 3247 | Dec 6 2000 21:59:56 |
| Secure Reality Pty Ltd. Security Advisory #5 - All 3.x versions of MailMan Webmail below v3.0.26 contain remote command execution vulnerabilities. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user which is in most cases 'nobody'. Fix available here. Homepage: http://www.securereality.com.au. By Secure Reality |
| xlockfmt.c | 0 | 8579 | Dec 5 2000 18:09:09 |
| Xlock local format string exploit for Linux/x86. Tested on Slackware 7.1 and Redhat 6.2. By Ben Williams |
| hp-pppd.c | 0 | 2362 | Dec 5 2000 18:07:07 |
| HP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit. By K2 |
| ypbind.tgz | 0 | 16159 | Dec 5 2000 18:05:41 |
| Linux/x86 remote root exploit for ypbind (ypbind-mt). Tested against Red Hat 7, SuSe 6.x, and Debian. By Digit |
| phpxpl.c | 0 | 9439 | Dec 5 2000 17:44:57 |
| PHP 3.0.16/4.0.2 remote root format string overflow exploit for Linux/x86. Tested against Slackware 7.0 and Red Hat 6.0. By gneisenau@berlin.com |
| Securax-SA-09.serv-u | 0 | 4676 | Dec 5 2000 15:36:23 |
| Securax Security Advisory Securax-SA-09 - The Serv-U FTP server for Windows v 2.4a, 2.5h, and 3.0b (all versions tested) have vulnerabilities stemming from improper handling of hex encoded characters in ftp commands. The server will reveal the full path to the ftproot, allow read/write/execute/list access to any other file on the partition, and allow listing of all hidden files. Fix available here. Homepage: http://www.securax.org. By Zoa_Chien |
| wingate.c | 0 | 3065 | Dec 3 2000 21:01:57 |
| Wingate 4.01 remote denial of service attack - Opens multiple connections and sends large amounts of MSG_OOB data, causing an "Out of buffers" error. By God- |
| sqladv-poc.c | 0 | 9908 | Dec 2 2000 21:15:31 |
| Microsoft SQL Server Extended Stored Procedure remote proof of concept exploit. Affects MS SQL Server 7.0 and MS SQL Server 2000 for Windows NT 4.0 / 2000. Homepage: http://www.atstake.com. |
| sqladv2-poc.c | 0 | 3076 | Dec 2 2000 21:09:46 |
| SQL2KOverflow.c - This code creates a file called 'SQL2KOverflow.txt' in the root of the c: drive. Requires a SQL username and password. Homepage: http://www.atstake.com. |
| xitami-2.5b4.txt | 0 | 7951 | Dec 2 2000 17:47:41 |
| Xitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible. Homepage: http://www.nssolution.net. By Zerologic |
 |
| |
| |
 |
