| File Name |
File Size |
Last Modified |
MD5 Checksum |
| 0107-exploits.tgz | 81081 | Aug 2 13:09:51 2001 | da3cb1438250539d8be8380e15486d7d |
| Packet Storm new exploits for July, 2001. |
| cfingerd.c | 22161 | Jul 17 23:34:09 2001 | d764f4c05c80af0f321c878876a84804 |
| Cfingerd v1.4.3 remote root exploit for Linux. Binds to port 113 and sends bogus ident information. Homepage: http://security.is. By Digit |
| sneaky2.sh | 12487 | Jul 18 02:10:26 2001 | 25055226b0a890073e135c5b546d136f |
| Sneaky2.sh is a swiss army knife for Hotmail/Messenger. Implements Spoofing/brute force/misconception/unexpected input Class Attacks. Will spoof Hotmail/messenger server to recover user hotmail/password, crash messenger client, remotely inject and execute malicious exe on the victim host. Homepage: http://www.securite-internet.com. By Gregory Duchemin |
| QDAV-2001-7-1 | 11799 | Jul 11 23:31:41 2001 | 454c4032e3ae794c228b5636ca6399ae |
| qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters. Homepage: http://qDefense.com. |
| briiis-1.pl | 10133 | Jul 19 17:13:19 2001 | 612717b92fc58a8c3aa69e838872170e |
| Briis-1.pl is a unicode / decode IIS attack tool which includes SSL support under Linux. Features many checks for CMD.EXE, Caches the found directory, SSL support with SSLeay (Unix), Easy to use text file upload, Easy to use / encoding option, Relative path name program execution, and Virtual host support. More info available here. By Ian Vitek |
| tstot.c | 10102 | Jul 12 01:13:12 2001 | 84f0f17bc976e6b8be69bacaeb5bf596 |
| Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here. By zen-parse |
| qflood.c | 6903 | Jul 17 17:58:58 2001 | 7588a0c0ef179e78557b962a95c75291 |
| Qflood.c fills up a Quake server with spoofed "unconnected" clients, disallowing other players the ability to connect to the server since the player limit fills up quickly. Additionally, if the server does not support multiple clients from the same IP address, it will disconnect legitimate players if the spoofed connection request matches that player. By Andy Gavin |
| ida-exploit.sh | 6176 | Jul 23 21:42:25 2001 | 00e34a156bbe3fe1825c7cec62b3b266 |
| Windows 2000 remote IIS .ida exploit - Spawns a shell on port 8008. Tested on Win2k with no service pack and SP2. Includes instructions on finding the offset. Homepage: http://monkey.org/~mat. By Mat |
| xdm-cookie-exploit.c | 6142 | Jul 12 15:26:04 2001 | cb62c9d2e6db81932cda010ba727d2a0 |
| Current versions of xdm are sensitive to trivial brute force attack if it is compiled with bad options, mainly HasXdmXauth. Without this option, cookie is generated from gettimeofday(2). If you know starting time of xdm login session, computation of the cookie just takes a few seconds. By Ntf, Sky |
| cfingerd0x69.c | 5647 | Jul 12 00:28:25 2001 | 4b97d06d5fd883f3f606f5c5bab3b932 |
| Cfingerd v1.4.3 and below Linux/x86 local root buffer overflow exploit. By Qitest1 |
| pic-lpr-remote.c | 5320 | Jul 27 02:30:12 2001 | b872ac8b739399184c12ab501762793c |
| Pic / LPRng format string remote exploit. Pic is part of the groff package. It is used by troff-to-ps.fpi as uid lp when perl, troff and LPRng are installed. Tested against Redhat 7.0 (groff-1.16-7). By zen-parse |
| spadv03.txt | 5094 | Jul 30 02:12:09 2001 | 34db49ab75ca4fc3edbb7aa09d278554 |
| The Windows 2000 telnetd service is vulnerable to a remote denial of service attack. The service crashes when scanned for the recent AYT telnetd vulnerability discovered by Scut. Includes SPtelnetAYT.c, a scanner for the AYT vulnerability in telnet daemons build upon the BSD source. Homepage: http://www.secpoint.com. By Security Point |
| cfingerd-exploit.pl | 4227 | Jul 12 00:07:46 2001 | 7deade15eef46381573d4b4220a005e0 |
| Cfingerd v1.4.3 and below local root buffer overflow exploit in perl. Exploits vulnerability. Homepage: http://www.digit-labs.org/teleh0r. By Telehor |
| sr.pl | 3907 | Jul 18 01:47:37 2001 | 64a69339c5b64edbad5cc889a991464a |
| Checkpoint Firewall-1's SecureRemote allows any IP to connect and download sensitive network information. This perl script gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions). Homepage: http://www.sensepost.com. By Haroon Meer & Roelof Temmingh |
| vvfreebsd.txt | 3901 | Jul 12 01:51:40 2001 | 2d223327e13a25c1742fe30e2fda51ba |
| Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit. Homepage: http://www.guninski.com. By Georgi Guninski |
| pileup-xpl.c | 3489 | Jul 29 04:07:36 2001 | 7db2fa47bb548a4281aad6708c157b54 |
| /usr/bin/pileup local root exploit. Tested against Debian 2.2. By Core |
| kppp.c | 3279 | Jul 11 00:55:47 2001 | 62c2590edd286ebb913f7a78b60441ad |
| Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux. Homepage: http://nbs.extremenetworking.net. By Smashstack, Doom |
| mambo_advisorie.txt | 2945 | Jul 26 12:04:43 2001 | 407a1020f4107e848ced585227bc294c |
| The Mambo Site Server v3.0.0 - 3.0.5 contains a vulnerability which allows users to gain administrative privileges by changing global variables via URL parsing. Homepage: http://www.reverseonline.com.Ismael Peinado Palomo |
| idcf.c | 2877 | Jul 11 23:58:58 2001 | 127d493b92791085586c97eff83512dc |
| Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger. By zen-parse |
| attqt.pl | 2823 | Jul 23 12:20:12 2001 | 3215b593ce0c0f6a1dfd711c637436be |
| Attqt.pl is a tool for sending banned attachments through SMTP gateways by adding an invalid character to the filename. This is known to work on MailMarshall and TrendMicro Scanmail, others are probably vulnerable. By Aidan |
| ldap_exp2.c | 2818 | Jul 12 06:35:25 2001 | fdb9fe8c09fcd1a59d191b3a276848d3 |
| Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60. By Fyodor |
| slackware.init.txt | 2582 | Jul 18 02:06:29 2001 | da683d52f3f0072dc6963928eed7696f |
| Slackware 8.0 local root exploit - Creates a suid shell when "modprobe lp" is run from the startup scripts. By Josh |
| mcaffee.mycio.traver..> | 2559 | Jul 12 00:04:18 2001 | 3dda84290792822ead2aa88636a565b1 |
| McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included. By Ade245 |
| whodo-ex.c | 2500 | Jul 12 05:58:37 2001 | 82dffcd2065e49a4222ebc5c8dbea224 |
| Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86. By Pablo Sor |
| libsldap-exp.c | 2358 | Jul 12 05:46:28 2001 | 7fb624eef82b60ad70c6ccf9b601a763 |
| Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success. By Noir |
| slackware.man.c | 2216 | Jul 17 17:55:38 2001 | c1c8ef9823405a020ea2cc19d098e213 |
| Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man. By Josh, Lockdown, zen-parse |
| filter-xpl.c | 2027 | Jul 18 02:50:05 2001 | ac0593f66f87f941019423787bd8fce7 |
| /usr/local/bin/filter local exploit. Gives GID=mail. More information available Tested against Slackware 3.1. Exploits the nlspath buffer overflow. By _Phantom_ |
| lmail-xpl.c | 2014 | Jul 12 06:26:25 2001 | 7f9da8c5028c2fd49aa9c8210d25ec8d |
| lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file. By Charles Stevenson |
| QDAV-2001-7-3 | 1896 | Jul 18 02:13:43 2001 | ccfd18fc1da76e132dea511b4220808d |
| qDefense Advisory Number QDAV-2001-7-3 - Interactive Story does not properly validate the contents of a hidden field entitled "next". By setting that field to the name of a file, and using double dots and poison nulls, an attacker can cause Interactive Story to display the contents of any file. Exploit URL included. Homepage: http://qDefense.com. |
| ibm-db2.c | 1841 | Jul 29 02:28:44 2001 | 3de9be6028bd648021d753ebaaf12c72 |
| IBM DB2 (which works under W98/NT/2000) Proof of concept Denial of Service. Sending 1 byte to port 6789 or 6790 IBM DB2 crashes, as described in ibm.db2.dos.txt. By Honoriak |
| ktv.sh | 1822 | Jul 18 02:59:25 2001 | e7386b4de150129eee315ee540b989bc |
| Ktvision v0.1.1-271 and below symlink local root exploit. Tested against SuSE 7.1. By Ihaquer |
| sig.c | 1752 | Jul 18 02:46:13 2001 | e9b50e27f1042cfbac603ed819ac6420 |
| FreeBSD 3.1 - 4.3 local root exploit - Uses the signal condition vulnerability discovered by G. Guninski. By Lamerboy. |
| ml85p.sh | 1751 | Jul 17 17:43:02 2001 | 27106ddc98e2b944324483817b655184 |
| Local root exploit for /usr/bin/ml85p, a suid binary which is vulnerable to a local symlink attack. It is included in Mandrake 8.0 by default. By Suid |
| squidmap.pl | 1499 | Jul 29 03:30:54 2001 | 3072c26d039e563fde8246ed1e61f590 |
| Squid can be used to port scan if set up as a httpd accelerator (reverse proxy). Tested on Redhat 7.0. By Paul Nasrat |
| nerf.iis.dos.txt | 1136 | Jul 12 06:39:19 2001 | 86ac77030b990207e5472ee62b0bd790 |
| Nerf Group Security Advisory #4 - Microsoft IIS 4 and 5 can be crashed remotely by reading device files (com1, com2, etc). Exploit URL included. Homepage: http://www.nerf.ru. By Buggzy |
| xxman.sh | 832 | Jul 17 17:39:08 2001 | 631ac7297588dc7496aa411184167887 |
| Xxman.sh is a local root exploit for an insecure system call in xman. Homepage: http://www.realhalo.org. By Vade79 |
| cobalt.webmail.txt | 774 | Jul 12 06:01:17 2001 | 73faac454049acd5190bea40a1ba809a |
| Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well. By KF |
| ttawebtop.html | 610 | Jul 18 02:54:16 2001 | 3c05d637d7955fb852fe1c1ec31d1681 |
| Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included. By KF |
| ibm.db2.dos.txt | 491 | Jul 12 00:26:20 2001 | f4b462d2987f201a50bd03e6f68934fd |
| IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789). By Gilles |
| cayman.txt | 344 | Jul 12 00:36:59 2001 | 9cc90717d2cfb63a71c77417f014dbca |
| Cayman routers allow remote access by using } as the username. By Russell Handorf |
