.:[packet storm]:.

about | forums | assessment | defense | papers | magazines | miscellaneous | links

.: Exploits for February, 2001
Some of these exploits are from Bugtraq

To Change Sort Order, Click On A Category.
Sorted By: Downloads.

File Name Downloads File Size Last Modified MD5 Checksum
scx-sa-14.txt4173Feb 13 23:03:10 2001 718844623d215773f90f38c77a5052e2
Securax Security Advisory #14 - Symantec pcAnywhere 9.0 contains a remote denial of service vulnerability. Includes perl exploit.  Homepage: http://securax.org. By Root-dude
defcom.netscape-ente..>2231Feb 2 15:05:39 2001 56595144d952680f368ede97ce17ea29
Defcom Labs Advisory def-2001-04 - The Netscape Enterprise Server 4.1, SP5 has a problem dealing with dotdot-URLs which allows remote users to crash the server.  Homepage: http://www.defcom.com. By Defcom Labs
defcom.goodtech.ftp...>1765Feb 2 15:03:56 2001 865461fb58da12a8ca2fa91c4d580545
Defcom Labs Advisory def-2001-03 - The GoodTech FTP server v3. does not properly free resources. This can result in the FTP server either crashing or displaying its banner and immediately disconnecting the user.  Homepage: http://www.defcom.com. By Defcom Labs
Netscape.Publisher.A..>2192Feb 11 19:52:37 2001 606350da577109d146a4a0d63edb271d
Netscape Enterprise Server 3.5.1 (Publisher) has a problem with the default ACL settings that could allow an intruder to view/download "non-public" files in the web root.  Homepage: http://www.netscape.com.
seyon-exploit.pl2455Feb 1 18:41:00 2001 47454cbfce492f0414a72baaa14cfaa3
Seyon v2.1rev4b local exploit - Requires a valid display variable.  Homepage: http://teleh0r.cjb.net. By Telehor
p-smash.c3186Feb 11 19:22:09 2001 003642b21a623125acc24e65efa3c22b
P-smash.c is an exploit that uses 50 percent of the CPU on windows 98 machines and causes windows 95 machines to slow down by sending ICMP type 9 code 0 packets. By Paulo Ribeiro
RFP2101.txt37729Feb 13 23:41:49 2001 3570beaf791c09186294e288c2be8fa3
RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.  Homepage: http://www.wiretrip.net. By Rain Forrest Puppy
man-cgi.txt3923Feb 26 15:30:21 2001 3245d6534465bdf950b124781e2eba7f
Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included. By Krfinisterre
ultimate-bb.txt2552Feb 16 14:45:49 2001 828aa040cb14cedf7cc184ea53596262
The Ultimate Bulletin Board System allows remote users to get the username and pass of anyone that is a registered user of a ubb forum that has html enabled and uses cookies to store the username and passwords of the users. By Unregistered.
prodbx.c3524Feb 2 11:13:05 2001 0802fc897a4714f01406446c05c2c949
Progress Database Server v8.3b local root exploit - Tested on Sco Unix and Linux.  Homepage: http://bse.die.ms. By The Itch
pkc001.txt10519Feb 2 13:36:47 2001 513a02ac5db3c03eb6bb76a85ed459ee
PKC Security Advisory #1 - The Oops proxy server 1.4.22, 1.4.6, and prior contain a remotely exploitable heap overflow. Includes PKCoops-ex.c, a proof of concept exploit tested on Slackware 7.0.  Homepage: http://www.pkcrew.org. By Cyrax
defcom.netscape-fast..>1720Feb 2 15:07:51 2001 99e0fc6a08ba1f82da32b5184da1707e
Defcom Labs Advisory def-2001-05 - Netscape Fasttrack Server 4.1 for Windows NT 4.0 has problems with its caching module. The problem can result in remote users consuming all the server memory and causing the server to perform very sluggishly.  Homepage: http://www.defcom.com. By Defcom Labs
sc.txt11717Feb 13 23:21:13 2001 73b291ac1c752a9126ecaee506db3172
Vulnerabilities in Sun Clustering v2.x - Leaks sensitive information to local and remote users and has tempfile bugs. Includes proof of concept exploits. By Echo8
pkc002.txt6544Feb 2 13:39:18 2001 061a37587f330bb27e6fb68037bce07c
PKC Security Advisory #2 - Tinyproxy version 1.3.2 and 1.3.3 has a remotely exploitable heap overflow. Includes PKCtiny-ex.c proof of concept exploit.  Homepage: http://www.pkcrew.org. By Cyrax
frel-1.0.beta.tgz416098Feb 2 15:12:49 2001 54f511a94e5997a3e1766ab4eb609cd3
Frel-1.0 is a modified version of fragrouter, used to evade NIDS. The frag proxy can run on the same machine as the attacker. It can also run in partial takeover mode, so that the fragmented attack stream seems to be coming from another active machine on the same physical subnet. The neighbor machine runs normally except for the ports being used by attacker. Mods by Lorgor
SQLExec.zip31821Mar 6 18:14:14 2001 38f900f09511693706dba15eff709f1f
SQLExec v1.1 is a remote exploit for Microsoft SQL server which executes remote commands as Administrator over tcp port 1433. Requires a database sa login / password. Includes binary and source written in Visual C++ 6.0 for Windows NT/2K/9X. Note: Many AV software erroriously reports this as a trojan. By Egemen Tas
pkc003.txt16755Feb 2 13:42:17 2001 24a010e9979e0021bf0ee38824eeeb7d
PKC Security Advisory #3 - Micq-0.4.6 contains remotely exploitable buffer overflows which allow running arbitrary code with the UID/GID of the user running micq. Includes micRAq.c, linux/x86 proof of concept exploit.  Homepage: http://www.pkcrew.org. By The Recidjvo
dc20ctrlex.perl1402Feb 13 23:34:43 2001 9d658bc02da0498ea3f0146d905dd9af
Dc20ctrlex.perl is a FreeBSD 3.x/4.X /usr/local/bin/dc20ctrl local exploit which gives egid=dialer or root on non-freebsd systems. Tested against FreeBSD 4.2.  Homepage: http://www.synnergy.net. By Dethy
imapd_exploit.c7772Feb 23 17:26:19 2001 8cb7018cec6491d94289309fa80cb3f8
A remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here.  Homepage: http://www.BufferOverflow.Org. By Felipe Cerqueira
sshdexpl.diff.gz2774Feb 21 18:03:32 2001 5b9cd4b729ec6e7561b1a57d158efd6c
Patches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability. By Paul Starzetz
jazip-exploit.pl2248Feb 1 18:38:18 2001 4d42d0a1d400577b734e43c3e01d9579
Jazip v0.32-2 local root exploit - Takes advantage of a buffer overflow in the Xforms library.  Homepage: http://teleh0r.cjb.net. By Telehor
urdls.c4553Feb 13 22:05:47 2001 1d6fbb2a733fdc4734fdb685dfebe2d3
Urdls.c is an unreadable directory lister for listing files in directories on the local machine without having permission to do so. Guesses all possible alphanumeric filenames and uses stat() to check for existence.  Homepage: http://www.realhalo.org. By Vade79
Infobot- 11 19:46:49 2001 abd99f30f80cf7bce705f6763a7ac850
Infobot v0.44.5.3 and below contains vulnerabilities which allow remote users to execute commands due to an insecure open call.  Homepage: http://www.pdump.org. By Samy Kamkar
bind8x.c15837Feb 9 16:30:46 2001 c4f9cc6d4b7bc657ff22984adf7d206c
Bind prior to 8.2.3-REL remote root exploit - exploits the named INFOLEAK and TSIG bug. Includes shellcode for Linux. Slightly broken. By Ix, Lucysoft
bugtraq.c10013Feb 5 17:19:36 2001 f406011573813d6eb463e3616775397d
Bugtraq.c is an exploit for the Bind tsig bug which has been crippled somewhat. Tested against Slackware 7.0. By Count Neithardt von Gneisenau
cobull.c1164Feb 21 12:46:28 2001 cda9670c0ba5d6b9f1195c7b8e3fa2e4
Merant Micro Focus Cobol 4.1 local root exploit - Writes to /var/mfaslmf/nolicense.  Homepage: http://www.idiotbox.co.il. By Sagi
dc20exp.c1930Feb 13 21:57:47 2001 cc98ffd5418eb7c676bef76c1231d1f2
Dc20ctrl local exploit for FreeBSD - exploits a call to getenv() in session.c giving a gid=dialer shell. By Mray
defcom.easycom.txt2646Feb 2 15:14:42 2001 ff7e56247e2414c0c4d933c41bf3bafd
Defcom Labs Advisory def-2001-06 - The Easycom/Safecom print server from I-Data International contains multiple vulnerabilities that allow a malicious user to bring down the print server. Execution of arbitrary code is also possible. Tested against Easycom/Safecom, firmware v404.590.  Homepage: http://www.defcom.com. By Defcom Labs
pkc004.txt8329Feb 2 13:46:22 2001 d2baf97ccaf7099542435cfd6ae71298
PKC Security Advisory #4 - Icecast v1.3.8beta2 and prior contains remotely exploitable format string bugs which allow remote code execution with the UID/GID of the user running Icecast. Includes PKCicecast-ex.c, a remote proof of concept exploit tested against Icecast 1.3.7 on Slackware 7.0 and RedHat 7.0.  Homepage: http://www.pkcrew.org. By Cyrax
exklock.c1596Feb 21 12:43:21 2001 c5a5aabc95055e9049edae3b5c5de143
FreeBSD X key lock (xklock) v2.7.1 and below local root exploit - Tested on FreeBSD ports collection v3.5.1 and v4.2.  Homepage: http://www.synnergy.net. By Dethy
hhp-gdc_smash.c2822Mar 5 16:28:05 2001 efae2c2cea50f03e11330ec67729ea53
Hhp-gdc_smash.c is a local root exploit for gdc. Requires group wheel access. Tested on BSDI 4.1 x86 default install.  Homepage: http://www.hhp-programming.net. By Loophole
hhp-ospf_smash.c3197Mar 5 16:22:58 2001 b41b1c1bc193511d950a1c291c22c23f
Hhp-ospf_smash.c is a local root exploit for ospf_monitor. Tested on BSDI 4.1 x86 default install.  Homepage: http://www.hhp-programming.net. By Loophole
ssh1.crc32.txt26014Feb 21 18:02:18 2001 d8723d5299634964440e1ff0b8c65d4a
This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1. By Paul Starzetz
tsl_bind.c19192Feb 9 16:33:42 2001 c2b4506f916639f81f07ecaf4b2d5d44
Bind prior to 8.2.3-REL remote root exploit - Includes instructions for finding the offset on linux. Tested against Redhat 6.1 8.2.2-P5 and Slackware.  Homepage: http://www.axur.org. By Gustavo Scotti, Thiago Zaninotti
0102-exploits.tgz557030Apr 10 13:51:02 2001 e43135e7e3cc9c37b8531f6ec918648a
Packet Storm new exploits for February, 2001.
Privacy Statement