.:[packet storm]:.
 

 
 
about | forums | assessment | defense | papers | magazines | miscellaneous | links


.: Exploits for April, 2001
Some of these exploits are from Bugtraq

To Change Sort Order, Click On A Category.
Sorted By: Downloads.

File Name Downloads File Size Last Modified MD5 Checksum
splex.txt3567Apr 7 00:41:05 2001 8e91e1e4fdf37b1ed496cc2ff653f4c4
Shareplex v2.x (Quest Software's product for Oracle database replication) contains a local security hole which allows users to read any file on the system. Vulnerable platforms include Solaris 2.6, HP/UX 10.20 & 11.00, AIX 3 and OSF/1 4.0. Patched in v2.1.3.21. By Echo8
globulka.pl4229Apr 16 19:09:29 2001 21542904375f11b565ae7d3ffa7495eb
FreeBSD-4.2-Stable ftpd GLOB remote root exploit in perl. This version requires user access and writeable home dir without chroot. By Venglin
border.c4341Apr 30 17:01:17 2001 8695675d22aea76b6602e26ae4c3856d
Novell Border Manager Enterprise Edition 3.5 remote denial of service attack. Sends 256+ SYN's to TCP port 353. By Honoriak
0104-exploits.tgz1374021May 2 18:45:27 2001 65315bb0b6099178d43574302c335902
Packet Storm new exploits for April, 2001.
Unisploit1.0.zip569297Apr 8 23:07:44 2001 9142a16a7f5238c306aa06d9059c6da4
IIS Unicode graphical exploit for Windows. By DarkWizard&Drakaz
iexslt.txt3884Apr 20 18:08:46 2001 4526c231ea4ece969f1f44a5d9a5e543
Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable.  Homepage: http://www.guninski.com. By Georgi Guninski
xnetprint.c3969Apr 30 10:34:32 2001 684f4fd7980f8cd288d4c7246a74c4e0
Irix Netprint local root exploit. Exploits netprint's -n option. Tested on IRIX 6.2, but should work on other versions.  Homepage: http://www.realhalo.org. By Vade79
Hexyn-sa-16.TXT1647Apr 24 17:22:47 2001 270d0d0f482a3c8fd89332c222d6b825
Securax / Hexyn Security Advisory #16 - G6 FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to c:\ and sub directories.  Homepage: http://t-omicr0n.hexyn.be. By T-Omicron
Hexyn-sa-17.txt1573Apr 24 17:23:31 2001 226bb3737e08888dbe5e63e5dda1af09
Securax / Hexyn Security Advisory #17 - Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to any directory.  Homepage: http://t-omicr0n.hexyn.be. By T-Omicron
hfaxd-fs-exploit.pl2835Apr 25 11:30:48 2001 58b40d4fd0e65019435163abc426cf3b
Hylafax (/usr/libexec/fax/hfaxd) format string local root exploit. Tested on hylafax-4.0pl2-2.  Homepage: http://teleh0r.cjb.net. By Telehor
fbsdftp-ex.c6624Apr 16 18:19:54 2001 14c7eb1d7690679bec2bcaf582cce1af
FreeBSD v4.2 ftpd remote root exploit. Uses a GLOB vulnerability. Requires an account on the machine. Compiles on FreeBSD, Linux, and Solaris. Includes information on finding offsets.  Homepage: http://ns2.crw.se/~tm. By Noah
cerberus.ftp.txt2110Apr 30 15:05:22 2001 9ef96dcb8278ccd0ef665ec60ee9307d
Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server. By Andris K
ccc_harvest.txt2808Apr 7 00:04:48 2001 7ea8c1da59f6808cfa1abe83419c11ac
CCC Harvest v5.0, a tool to audit and maintain access control to source code, uses an encryption method which is susceptible to a chosen plaintext attack, allowing users to capture and decrypt the application admin password. By Richard Scott
imap-lsub.pl1139Apr 12 18:05:29 2001 6dfd90d7fccc7ed1bb95d9c18cfcdb67
Remote imapd exploit for Red Hat 6.2 (Zoot) written in perl. Tested against IMAP4rev1 v12.264.  Homepage: http://w3.swi.hu/zucco/. By Zucco
Hexyn-sa-18.txt1542Apr 24 17:24:15 2001 6f9c9d6f54652ba826358cf13d935982
Securax / Hexyn Security Advisory #18 - Savant WWW Server is an HTTP server for Windows 9x/NT. A bug allows any user to change to any directory, and in most cases, execute MS-DOS commands.  Homepage: http://t-omicr0n.hexyn.be. By T-Omicron
vim_exp.pl1127Apr 8 21:55:55 2001 6c239c910da655b40156601960be3d88
Vim 5.7 local exploit - This perl script creates a text file which when edited in vim executes an arbitrary file on the local system as the user running vim. By Nemes||y
kmailbug.c4198Apr 8 23:27:39 2001 4fcfc83674bbb95dada05b491a1117cb
Remote buffer overflow exploit for Kmail, a mail client for KDE. Tested against kmail v1.0.29 and v1.0.20. By Crashkiller
Unisploit2.1.zip672355Apr 24 18:04:36 2001 4ca0e18dabb297eb8a393895fadd22ce
IIS Unicode graphical exploit for Windows. This is an updated version of Unisploit1.0-FireLust which has more cool stuff. By DarkWizard&Drakaz
Hexyn-sa-19.txt3891Apr 24 17:25:34 2001 4be170b50c9398765369f520a2c6f949
Securax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit.  Homepage: http://t-omicr0n.hexyn.be. By T-Omicron
fancylogin.c2314Apr 17 09:21:04 2001 3c29e9932f23dde8a2b48ea4fecacfe4
Fancylogin 0.99.7 buffer overflow exploit. Fancylogin is usually not +s so this exploit isn't that dangerous. Tested on debian potato and kernel 2.2.18 and 2.2.19. By Ghost
ssh_dos.pl1180Apr 7 00:44:35 2001 1ec017d8169dcc2a2e97182f0e3dbf6f
Windows SSHD remote denial of service exploit - Written in perl, affects SSH Communications Security SSH 2.4 for Microsoft Windows 95,98,NT4,2000. By Nemes||y
ftp.server.025.txt4634Apr 27 14:06:19 2001 c4ecb3963a8feb4c516a70dac3768fed
A bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system. By Andris K
crazywwwb-exploit.pl2573Apr 10 13:15:25 2001 e6a7ed159294f3b434167387d0ac28b1
Remote buffer overflow exploit for CrazyWWWBoard which executes arbitrary code with the privileges of the webserver. Tested against CrazyWWWBoard2000p4 for RedHat 6.0 and CrazyWWWBoard2000LEp5 for RedHat 6.1. This is NOT that same overflow as discovered by Jin Ho You, 01.30.2001.  Homepage: http://teleh0r.cjb.net. By Telehor
clsidext.txt1911Apr 16 18:50:57 2001 b09db7120def52b6ad9852216e070876
Georgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here.  Homepage: http://www.guninski.com. By Georgi Guninski
01-2001.txt15168Apr 16 20:36:24 2001 dc606a55a73d02a1ef5404918f11a2bd
Security flaw in Linux 2.4 IPTables using FTP PORT - If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing "related" connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself. Advisory available here. By Cristiano Lincoln Mattos
7350cfingerd-0.0.4.t..>19713Apr 23 18:35:18 2001 b2014e7d2b6d5162f60557bb2a339a89
Cfingerd prior to v1.4.2 remote root format string exploit. Includes information on finding offsets. Tested against Debian cfingerd v1.3.2, 1.4.0, 1.4.1, and RedHat 7.0 cfingerd 1.3.2.  Homepage: https://www.team-teso.net. By Scut
man-exp.c1349Apr 16 17:48:34 2001 a2c80424b46d2271f368728ff7b17215
Man -l format string local exploit for Linux.  Homepage: http://segfault.net. By Andi
openbsd.glob.c7252Apr 16 18:59:45 2001 0ceb3de432d5884f607492fb8e4209ec
OpenBSD 2.x remote root GLOB exploit w/ chroot break. It is possible to exploit an anonymous ftp without write permission under certain circumstances. This is most likely to succeed if there is a single directory somewhere with more than 16 characters in its name. With write permissions, one could easily create such a directory.  Homepage: http://www.codefactory.se. By Tomas Kindahl
perlcal.txt1340Apr 30 12:10:09 2001 cafeef1792da9c0feaa60892b0c79d59
The Unix versions of the PerlCal CGI script have vulnerabilities which allow website visitors to view any file on the webserver. Exploit URL included.  Homepage: http://www.whizkunde.org. By ThePike
Hexyn-sa-15.txt3177Apr 24 17:09:05 2001 e39077c2d702f737ef80f3d3cfd316ef
Securax / Hexyn Security Advisory #15 - G6 FTP Server is a popular FTP server for Windows 9x/NT. A bug allows any user to change to the directory G6 was installed in. Due to good programming, the only way to exploit this bug is by viewing the full installation path. Downloading the user-file (Users.ini) is impossible.  Homepage: http://t-omicr0n.hexyn.be. By T-Omicron
ISA.dos.txt3910Apr 16 19:05:34 2001 fb36faae5492250e8401702bb8fed294
Denial of Service in Microsoft ISA server v1.0 - Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted. Exploit URL's included.  Homepage: http://www.securexpert.com.
talkback.txt1565Apr 9 19:12:02 2001 f31b56c28fea99b943dffb44c10f3075
Talkback.cgi allows remote users to view any file on the webserver. Exploit URL included. It is also possible to display the admin password. Fix available here.  Homepage: http://www.whizkunde.org. By ThePike
unidebug.zip12278Apr 20 18:35:16 2001 fc5d34b1372e206b79934199f9a5a707
Unidebug is another exploit for the begging-to-get-patched IIS unicode bug. Takes advantage of the DOS/Win debug.exe to create binary files on the remote site. By Shrikant Raman
Malevolence.sit42912Apr 6 23:16:30 2001 a9c4effc9ef6f59db26882c6026999ce
Malevolence is a exploit that allows users to view a unshadowed version of the /etc/password file on a Mac OS X computer. Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called "index.html" in the same directory as Malevolence. Then just open up the web browser of your choosing and view the index.html file that Malevolence created.  Homepage: http://www.msec.net. By Marukka Der Inhaber
xlock.txt1045Apr 19 14:51:35 2001 f33096b4c3b72a8ca3e83beb11d3f1e5
Removing the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password. By Marco van Berkum
TalkBackcgi-exp.pl1461Apr 23 18:43:56 2001 c1d3da4612b5f821a80c9c8926ac7f7a
TalkBack.cgi directory traversal remote exploit. By Nemes||y
 
 
Privacy Statement