.:[packet storm]:.

about | forums | assessment | defense | papers | magazines | miscellaneous | links

To change sort order, click on the category. Sorted By: File Size.
.: 0108-exploits
File Name File Size Last Modified MD5 Checksum
bsdautoroot.c14220Aug 27 23:58:19 2001aed68be6b47a4a4221296d75fabe9899
BSD Auto-rooter - Runs a trojan on many machines using the telnetd exploit. By Goni
alt3kx-advisories-20..>9062Aug 24 19:18:23 2001b835b14e9bd0431144499b6dc3c5e6c7
Ntop v1.1 for Solaris/x86 contains a remotely exploitable buffer overflow in the http server which defaults to tcp port 8080. By Alt3kx
pdnsd.c7801Aug 19 22:11:35 2001fc1a5da75298c8259b7a0027949821cb
AIX PowerPC v4.1 and 4.2 remote exploit for pdnsd.  Homepage: http://lsd-pl.net.
idqrafa.pl6505Aug 19 21:42:29 200136c21688844e275f4f528a8716e9dd22
Windows 2000 + IIS .ida exploit in perl. Binds a shell to port 8008. By Rafa
scx-sa-21.txt5851Aug 3 16:02:32 20019d5f40859512e8ec6a74ad8eda9b4dff
Securax Security Advisory #21 - Globalscape's CuteFTP, a popular FTP client, uses a weak encryption scheme, allowing plaintext login and password recovery from the address book. Includes cuteftpd.c which calculates the plaintext.  Homepage: http://securax.org. By Incubus
RUS-CERT.apache.auth..>5676Aug 29 22:31:12 20019193b07708544bcfec9f707cd421690c
RUS-CERT Advisory - Several Apache authentication modules which use SQL databases have remote vulnerabilities. Any Apache server using database-based authentication with the following modules is vulnerable - AuthPG 1.2b2, mod_auth_mysql 1.9, mod_auth_oracle 0.5.1, mod_auth_pgsql 0.9.5, and mod_auth_pgsql_sys 0.9.4. An attacker can execute arbitrary PostgreSQL or Oracle statements.  Homepage: http://cert.uni-stuttgart.de.
groupwise.disclosure..>5449Aug 15 23:49:48 20013b5768becf6d2f625d569d0330371237
NetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.  Homepage: http://www.nmrc.org. By Simple Nomad
lpplus.txt5270Sep 17 19:21:57 2001f8eacbf074a5a8841982762a92fe33dd
LPPlus is Plus Technologies print management system for unix. Versions prior to 3.3.x contain several serious security holes, some of which undermine the integrity of the printing subsystem, others threaten the security of the system on which the product is installed. Upgrade available here. By Echo8
sa2001_06.txt4801Aug 18 21:40:27 20019ced457870402db712f9b5caf630cd0a
NSFOCUS Security Advisory SA2001-06 - A buffer overflow vulnerability has been found in ssinc.dll which is triggered when Microsoft IIS 4.0/5.0 when processes server side include files. An attacker could obtain SYSTEM privilege if he can save html on the server. Discussed in ms01-046.  Homepage: http://www.nsfocus.com.
hypo_linksys_advisor..>4387Aug 2 13:24:02 200178f60b1239b3eef1be75d02be094ec0a
Hypoclear Security Advisory - The Linksys "EtherFast 4-Port Cable/DSL Router" has a security flaw which allows router passwords and ISP account passwords to be viewed in the HTML source stored on the router, allowing password sniffing attacks.  Homepage: http://hypoclear.cjb.net. By Hypoclear
mailex.c4361Aug 19 21:58:24 20015d7612e078c5e26ab2a4f5710c5bd2fc
Mailex.c is a Solaris x86 mail HOME environment variable buffer overflow exploit. Tested on Solaris 8 (x86).  Homepage: http://www.xfocus.org. By Virtualcat
ftpd.c3662Aug 19 22:13:30 200187d572a2ae96a7adfa4f4f7365d3530d
AIX PowerPC v4.3.x ftpd remote exploit (yyerror() bug).  Homepage: http://lsd-pl.net.
kcms.c3437Aug 19 21:53:54 2001a5c2ec7e56db53af52ff19608a06d752
Solaris 7/8 kcms_configure command line buffer overflow on both sparc/Intel platforms.  Homepage: http://www.xfocus.org.
remedy.txt3286Aug 15 21:56:51 20015c48154ab626f429546c5800ecf8745d
Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well. By Echo8
digest.c3038Aug 19 22:02:52 20011878d266f1c3d3f1d93458ab0ff630a0
AIX PowerPC 4.1, 4.2, and 4.3 local exploit for /usr/lib/lpd/digest.  Homepage: http://lsd-pl.net.
mf.txt2945Aug 15 21:48:08 20019778e6ce20893c0b7b2b95cf6e26b141
Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem. By Echo8
setsenv.c2773Aug 19 22:08:52 2001de69263c8a6387806065612ff62b7c7c
AIX PowerPC 4.1, 4.2, and 4.3.x local exploit for /usr/bin/setsenv.  Homepage: http://lsd-pl.net.
xlock.c2643Aug 19 22:00:10 200131f5870f393a6e156a20c61243890a7f
xlock.c - Proof of Concept Code for xlock heap overflow bug. Tested in Solaris 8 x86.  Homepage: http://www.nsfocus.com.
piobe.c2607Aug 19 22:05:21 200178b06fc6e92bb13de9ff91dca89dec14
AIX PowerPC 4.1, 4.2, and 4.3.x local /usr/lib/lpd/piobe exploit.  Homepage: http://lsd-pl.net.
alsou.c2598Aug 24 19:08:42 20019ca3b58dee980471ff0c1c8d15d79a94
Sendmail-8.11.x linux x86 local exploit. Takes advantage of a memory access violation when specifying out-of-bounds debug parameters. By Grange
portmir.c2298Aug 19 22:07:16 20016517db6eaf1f8adff7b7b39a53b03a9f
AIX PowerPC 4.2 and 4.3.x local exploit for /usr/sbin/portmir.  Homepage: http://lsd-pl.net.
exp_w3m.pl2079Aug 18 22:07:10 2001544144fce48058a131724c9c40bfd1fb
w3m remote buffer overflow exploit for FreeBSD. Runs as a daemon and waits for w3m to connect. FreeBSD advisory about w3m here.  Homepage: http://ttj.virtualave.net. By White_E
dbsnmp-8.1.6.c2014Aug 5 01:50:10 20016e33bef8563be524e253fb2b40cfba6f
Oracle local exploit for the dbsnmp binary. Gives uid=oracle shell. Tested on Red Hat 6.2. By Juan Manuel Pascual Escriba
xp.tar.gz1914Aug 24 19:12:47 2001945b1ee84290d2a8d065d059bc740dc3
Sendmail 8.11.5 and below local root exploit for linux. By Lucysoft
top.c1854Aug 19 21:51:45 20010541d60fbd5725a324bab97615d1c1a7
FreeBSD 3.3 x86 top format string exploit. Tested against top-3.5beta9. By Truefinder
aolcrash.c1333Aug 27 23:47:16 20013a23c1a446ea4da1a8848ba87ea5811d
AOLserver v3.0 and 3.2 remote denial of service bug. Sends a long HTTP request. By Exty
patchadd.pl1306Aug 27 23:50:48 2001e82cc2d3f9571ccb3e3fc241ddaebb1a
Solaris 2.8 patchadd local exploit. Takes advantage of a symlink vulnerability to clobber files with output from patchadd. Tested on Solaris 2.8 Sparc with the current patch cluster applied.  Homepage: http://vapid.dhs.org:8080. By Larry W. Cashdollar
otrcrep-8.0.5.c1302Aug 5 01:46:51 200102cc6eafae368311be8667f6696611d2
Oracle 8.0.5 local exploit - Gives UID=oracle via a buffer overflow in otrcrep binary. Tested on Linux. By Juan Manuel Pascual Escriba
cnn_unsubscribe_bot...>1234Aug 29 22:46:27 20017559650c2e76073b04fb8c48d57ba4ec
The CNN Unsubscribe Bot can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's member_id. By Jay Daniels
sendmail.php.txt1169Aug 15 22:14:29 200166597f55d0a77fbc8df3117555e97aad
PHP-Nuke Written by Sequioa Software contains sendmail.php, which allows remote users to execute commands and see files on the web server.  Homepage: http://www.bitland.net. By Jwilkins
store.cgi.txt759Aug 14 23:24:33 2001b5fe139874a2485e4674f327a832705a
Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included. By Tack
killbsdi.c717Aug 20 19:18:09 20011bb16ade4069cba6748f2563429b8bbc
BSDI v3.0 / 3.1 local dos exploit which reboots the system by running some shellcode.  Homepage: http://www.realhalo.org. By Vade79

Privacy Statement