| File Name |
File Size |
Last Modified |
MD5 Checksum |
| 0107-exploits.tgz | 81081 | Aug 2 2001 13:09:51 | da3cb1438250539d8be8380e15486d7d |
| Packet Storm new exploits for July, 2001. |
| spadv03.txt | 5094 | Jul 30 2001 02:12:09 | 34db49ab75ca4fc3edbb7aa09d278554 |
| The Windows 2000 telnetd service is vulnerable to a remote denial of service attack. The service crashes when scanned for the recent AYT telnetd vulnerability discovered by Scut. Includes SPtelnetAYT.c, a scanner for the AYT vulnerability in telnet daemons build upon the BSD source. Homepage: http://www.secpoint.com. By Security Point |
| pileup-xpl.c | 3489 | Jul 29 2001 04:07:36 | 7db2fa47bb548a4281aad6708c157b54 |
| /usr/bin/pileup local root exploit. Tested against Debian 2.2. By Core |
| squidmap.pl | 1499 | Jul 29 2001 03:30:54 | 3072c26d039e563fde8246ed1e61f590 |
| Squid can be used to port scan if set up as a httpd accelerator (reverse proxy). Tested on Redhat 7.0. By Paul Nasrat |
| ibm-db2.c | 1841 | Jul 29 2001 02:28:44 | 3de9be6028bd648021d753ebaaf12c72 |
| IBM DB2 (which works under W98/NT/2000) Proof of concept Denial of Service. Sending 1 byte to port 6789 or 6790 IBM DB2 crashes, as described in ibm.db2.dos.txt. By Honoriak |
| pic-lpr-remote.c | 5320 | Jul 27 2001 02:30:12 | b872ac8b739399184c12ab501762793c |
| Pic / LPRng format string remote exploit. Pic is part of the groff package. It is used by troff-to-ps.fpi as uid lp when perl, troff and LPRng are installed. Tested against Redhat 7.0 (groff-1.16-7). By zen-parse |
| mambo_advisorie.txt | 2945 | Jul 26 2001 12:04:43 | 407a1020f4107e848ced585227bc294c |
| The Mambo Site Server v3.0.0 - 3.0.5 contains a vulnerability which allows users to gain administrative privileges by changing global variables via URL parsing. Homepage: http://www.reverseonline.com.Ismael Peinado Palomo |
| ida-exploit.sh | 6176 | Jul 23 2001 21:42:25 | 00e34a156bbe3fe1825c7cec62b3b266 |
| Windows 2000 remote IIS .ida exploit - Spawns a shell on port 8008. Tested on Win2k with no service pack and SP2. Includes instructions on finding the offset. Homepage: http://monkey.org/~mat. By Mat |
| attqt.pl | 2823 | Jul 23 2001 12:20:12 | 3215b593ce0c0f6a1dfd711c637436be |
| Attqt.pl is a tool for sending banned attachments through SMTP gateways by adding an invalid character to the filename. This is known to work on MailMarshall and TrendMicro Scanmail, others are probably vulnerable. By Aidan |
| briiis-1.pl | 10133 | Jul 19 2001 17:13:19 | 612717b92fc58a8c3aa69e838872170e |
| Briis-1.pl is a unicode / decode IIS attack tool which includes SSL support under Linux. Features many checks for CMD.EXE, Caches the found directory, SSL support with SSLeay (Unix), Easy to use text file upload, Easy to use / encoding option, Relative path name program execution, and Virtual host support. More info available here. By Ian Vitek |
| ktv.sh | 1822 | Jul 18 2001 02:59:25 | e7386b4de150129eee315ee540b989bc |
| Ktvision v0.1.1-271 and below symlink local root exploit. Tested against SuSE 7.1. By Ihaquer |
| ttawebtop.html | 610 | Jul 18 2001 02:54:16 | 3c05d637d7955fb852fe1c1ec31d1681 |
| Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included. By KF |
| filter-xpl.c | 2027 | Jul 18 2001 02:50:05 | ac0593f66f87f941019423787bd8fce7 |
| /usr/local/bin/filter local exploit. Gives GID=mail. More information available Tested against Slackware 3.1. Exploits the nlspath buffer overflow. By _Phantom_ |
| sig.c | 1752 | Jul 18 2001 02:46:13 | e9b50e27f1042cfbac603ed819ac6420 |
| FreeBSD 3.1 - 4.3 local root exploit - Uses the signal condition vulnerability discovered by G. Guninski. By Lamerboy. |
| QDAV-2001-7-3 | 1896 | Jul 18 2001 02:13:43 | ccfd18fc1da76e132dea511b4220808d |
| qDefense Advisory Number QDAV-2001-7-3 - Interactive Story does not properly validate the contents of a hidden field entitled "next". By setting that field to the name of a file, and using double dots and poison nulls, an attacker can cause Interactive Story to display the contents of any file. Exploit URL included. Homepage: http://qDefense.com. |
| sneaky2.sh | 12487 | Jul 18 2001 02:10:26 | 25055226b0a890073e135c5b546d136f |
| Sneaky2.sh is a swiss army knife for Hotmail/Messenger. Implements Spoofing/brute force/misconception/unexpected input Class Attacks. Will spoof Hotmail/messenger server to recover user hotmail/password, crash messenger client, remotely inject and execute malicious exe on the victim host. Homepage: http://www.securite-internet.com. By Gregory Duchemin |
| slackware.init.txt | 2582 | Jul 18 2001 02:06:29 | da683d52f3f0072dc6963928eed7696f |
| Slackware 8.0 local root exploit - Creates a suid shell when "modprobe lp" is run from the startup scripts. By Josh |
| sr.pl | 3907 | Jul 18 2001 01:47:37 | 64a69339c5b64edbad5cc889a991464a |
| Checkpoint Firewall-1's SecureRemote allows any IP to connect and download sensitive network information. This perl script gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions). Homepage: http://www.sensepost.com. By Haroon Meer & Roelof Temmingh |
| cfingerd.c | 22161 | Jul 17 2001 23:34:09 | d764f4c05c80af0f321c878876a84804 |
| Cfingerd v1.4.3 remote root exploit for Linux. Binds to port 113 and sends bogus ident information. Homepage: http://security.is. By Digit |
| qflood.c | 6903 | Jul 17 2001 17:58:58 | 7588a0c0ef179e78557b962a95c75291 |
| Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player. By Andy Gavin |
| slackware.man.c | 2216 | Jul 17 2001 17:55:38 | c1c8ef9823405a020ea2cc19d098e213 |
| Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man. By Josh, Lockdown, zen-parse |
| ml85p.sh | 1751 | Jul 17 2001 17:43:02 | 27106ddc98e2b944324483817b655184 |
| Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default. By Suid |
| xxman.sh | 832 | Jul 17 2001 17:39:08 | 631ac7297588dc7496aa411184167887 |
| Xxman.sh is a local root exploit for an insecure system call in xman. Homepage: http://www.realhalo.org. By Vade79 |
| xdm-cookie-exploit.c | 6142 | Jul 12 2001 15:26:04 | cb62c9d2e6db81932cda010ba727d2a0 |
| Current versions of xdm are sensitive to trivial brute force attack if it is compiled with bad options, mainly HasXdmXauth. Without this option, cookie is generated from gettimeofday(2). If you know starting time of xdm login session, computation of the cookie just takes a few seconds. By Ntf, Sky |
| nerf.iis.dos.txt | 1136 | Jul 12 2001 06:39:19 | 86ac77030b990207e5472ee62b0bd790 |
| Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included. Homepage: http://www.nerf.ru. By Buggzy |
| ldap_exp2.c | 2818 | Jul 12 2001 06:35:25 | fdb9fe8c09fcd1a59d191b3a276848d3 |
| Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60. By Fyodor |
| lmail-xpl.c | 2014 | Jul 12 2001 06:26:25 | 7f9da8c5028c2fd49aa9c8210d25ec8d |
| lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file. By Charles Stevenson |
| cobalt.webmail.txt | 774 | Jul 12 2001 06:01:17 | 73faac454049acd5190bea40a1ba809a |
| Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well. By KF |
| whodo-ex.c | 2500 | Jul 12 2001 05:58:37 | 82dffcd2065e49a4222ebc5c8dbea224 |
| Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86. By Pablo Sor |
| libsldap-exp.c | 2358 | Jul 12 2001 05:46:28 | 7fb624eef82b60ad70c6ccf9b601a763 |
| Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success. By Noir |
| vvfreebsd.txt | 3901 | Jul 12 2001 01:51:40 | 2d223327e13a25c1742fe30e2fda51ba |
| Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit. Homepage: http://www.guninski.com. By Georgi Guninski |
| tstot.c | 10102 | Jul 12 2001 01:13:12 | 84f0f17bc976e6b8be69bacaeb5bf596 |
| Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here. By zen-parse |
| cayman.txt | 344 | Jul 12 2001 00:36:59 | 9cc90717d2cfb63a71c77417f014dbca |
| Cayman routers allow remote access by using } as the username. By Russell Handorf |
| cfingerd0x69.c | 5647 | Jul 12 2001 00:28:25 | 4b97d06d5fd883f3f606f5c5bab3b932 |
| Cfingerd v1.4.3 and below Linux/x86 local root buffer overflow exploit. By Qitest1 |
| ibm.db2.dos.txt | 491 | Jul 12 2001 00:26:20 | f4b462d2987f201a50bd03e6f68934fd |
| IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789). By Gilles |
| cfingerd-exploit.pl | 4227 | Jul 12 2001 00:07:46 | 7deade15eef46381573d4b4220a005e0 |
| Cfingerd v1.4.3 and below local root buffer overflow exploit in perl. Exploits vulnerability. Homepage: http://www.digit-labs.org/teleh0r. By Telehor |
| mcaffee.mycio.traver..> | 2559 | Jul 12 2001 00:04:18 | 3dda84290792822ead2aa88636a565b1 |
| McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included. By Ade245 |
| idcf.c | 2877 | Jul 11 2001 23:58:58 | 127d493b92791085586c97eff83512dc |
| Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger. By zen-parse |
| QDAV-2001-7-1 | 11799 | Jul 11 2001 23:31:41 | 454c4032e3ae794c228b5636ca6399ae |
| qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters. Homepage: http://qDefense.com. |
| kppp.c | 3279 | Jul 11 2001 00:55:47 | 62c2590edd286ebb913f7a78b60441ad |
| Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux. Homepage: http://nbs.extremenetworking.net. By Smashstack, Doom |
