.:[packet storm]:.
 

 
 
about | forums | assessment | defense | papers | magazines | miscellaneous | links


To change sort order, click on the category. Sorted By: File Name.
.: 0112-exploits
File Name File Size Last Modified MD5 Checksum
01-wu261.c35201Dec 12 08:55:37 2001faa411281a9318348a43d54c8ab92769
Wu-Ftpd v2.6.1 and below remote root exploit which takes advantage of the SITE EXEC globbing vulnerability. Includes instructions on finding the offset with gdb. By Zen-parse
adstreamer.txt6358Dec 25 22:44:43 200106fc404d3b77658241ef7dfe94f0d8bf
AdStreamer is a cgi package with several remote vulnerabilities, one of which allows remote command execution. Buggy open calls were found in addbanner.cgi, banner.cgi, bannereditor.cgi, and report2.cgi.  Homepage: http://www.bugtraq.org. By Gobbles Security
atphttpd-smack.c3907Dec 16 20:55:39 2001ebcb55b399e6cc1df9b8a7590bfa606b
ATPhttpd v0.4b remote buffer overflow exploit. Tested on and against OpenBSD 2.8. Binds a shell to port 6969 which has the UID of the webserver.  Homepage: http://sec.angrypacket.com. By Methodic
atphttpd.pl2081Dec 16 21:00:46 2001392571248a30489738ca74447900141a
ATPhttpd v0.4a remote denial of service buffer overflow Tested against OpenBSD 2.9.  Homepage: http://www.securityoffice.net. By Tamer Sahin
badboy.c9207Dec 4 20:49:20 200130aecb9b9cc3b85879d290607853efe9
Badboy.c is a remote exploit for the Win32 Checkpoint Firewall-1 GUI log viewer program. Binds a shell to a port with SYSTEM level access. Must be run from a valid GUI client machine. By Indigo
ie.cert.attack.txt6373Dec 25 22:28:13 200129e55396623a1ab90242ba5407be8b24
A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognizing it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate due to a flaw in the way IE checks HTTPS objects that are embedded into normal HTTP pages.  Homepage: http://www.e-matters.de. By Stefan Esser
itransact.txt673Dec 16 20:37:51 2001156e08a83f72f8a46397366a52e8ad1f
A security flaw in the itransact.com credit card payment system allows users to change the price of merchandise ordered. By Jesse S. Williams
jack.c8269Dec 4 20:52:58 2001485e818e6aa9c8cd8c3a3d692a4a084f
Jack.c is a remote exploit for the Active Perl ISAPI overflow described in Bugtraq ID 3526. Sends you a shell with SYSTEM level access. By Indigo
jim.c11168Dec 4 20:51:43 2001ce7ba29b042a913db88bb171d6db8db4
Jim.c is an exploit for the remote IIS server side include buffer overflow vulnerability. Tested on Linux and Win32. To exploit this vulnerability you must have write access to the web root of the target web server. Causes the server to send you a shell with SYSTEM level access. By Indigo
kebi-webmail_vul.txt2042Dec 8 19:29:08 2001faaf892f274f6a268f6768e4f56b1b5d
The Kebi Webmail server allows remote users to have administrator access by going to http://site.com/a/.  Homepage: http://www.wowhacker.org. By Secret
nb-isakmp.c5762Dec 25 22:51:57 2001690321d47ef04f0d314c84e8da296191
Nb-isakmp.c is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. C version.  Homepage: http://nelson.wwsecurity.net. By Nelson Brito
nb-isakmp.pl1889Dec 25 22:52:51 2001f5af9905a00822bcb51cfbd06064da72
Nb-isakmp.pl is a proof of concept exploit for Bugtraq # 3652 - ISAKMP/IKE remote denial of service against Win2k. This code may exploit other bugs as well. Perl version.  Homepage: http://nelson.wwsecurity.net. By Nelson Brito
own-ettercap.c7673Dec 8 19:50:36 2001d6e5951f7604f7851edf50f992c03724
Ettercap v0.6.2 local root format string exploit. Works if the administrator made Ettercap SUID.  Homepage: http://www.bugtraq.org. By Alicia
pmexpl.c10766Dec 28 11:11:48 200160072037d04fb99236213b82a4239fdf
Pmake <= 2.1.33 local root exploit. Some distributions have pmake suid root by default. By IhaQueR@IRCnet
script.command.txt1855Dec 17 21:29:23 2001e546ea507ca071abe3463d61624074c1
The script command overwrites hardlinks named typescript in the current directory.  Homepage: http://ws.obit.nl. By Marco van Berkum
smash_bin_login.c13357Dec 28 12:12:34 200121f881c14e04e0b69412d1c74d3dcfa2
Solaris x86 v2.8 /bin/login via telnet remote buffer overflow exploit. Uses fixed addresses. Executes any command as root.  Homepage: http://monkey.org/~mat. By JW. Oh
SpeedXess.txt2823Dec 12 18:10:58 2001415cfed7781561fcb5133a3b24345773
SpeedXess DSL routers come with a default password of speedxess.  Homepage: http://www.wowhacker.com. By Secret
twlc-adv-plesk211201..>2542Dec 25 22:14:18 2001a7d92ef2dc4845c652651a3543755d05
Plesk, a popular server administration tool used by many web hosting companies, has a bug which allows remote users to view the source of .php hosted files. All versions prior to v2.0 are affected.  Homepage: http://www.twlc.net. By Supergate
UseLogin.txt2146Dec 8 19:33:59 2001ee90a8217d3ebac2b297609567373f38
OpenSSH v3.0.1p1 and below root exploit which only works of the administrator has turned on the UseLogin feature. Uses the libroot library. Requires an account on the remote machine.  Homepage: http://www.genhex.org. By War
XPloit.c6874Jan 1 02:22:01 2002f9206046fe2db51c88104dea21788ee8
WinME/XP UPNP remote dos and buffer overflow overflow exploit. Sends malformed data to TCP port 5000. Includes the option to spawn a shell on port 7788.  Homepage: http://qb0x.net. By Gabriel Maggiotti

 
 
Privacy Statement< td>