.:[packet storm]:. ArchivesForums

about | forums | assessment | defense | papers | magazines | miscellaneous | links

To change sort order, click on the category. Sorted By: File Name.
.: 0201-exploits
File Name File Size Last Modified MD5 Checksum
0201-exploits.tgz275995Feb 2 00:08:16 200268671ffeb8f1ab115e5962caeab7c9a6
Packet Storm new exploits for January, 2002.
attn.tar.gz3830Jan 18 20:59:02 2002228228e20fdbea6cba09e2718ad8cad0
Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4- and at-3.1.8-12 packages installed. By zen-parse
boozt.c4388Jan 10 22:16:38 200254a2881575b025fcef77361b2bb13609
The Boozt! banner management software for Linux v0.9.8alpha remote exploit. Included shellcode creates a suid httpd shell in /tmp. Fix available here. By Rafael San Miguel Carrasco
BSD-H_osx_local_root..>1042Jan 30 21:24:19 20024e32ba3a79c40f5908183ffc60896118
RootX is a local Macintosh OS/X exploit for sudo. Must be in sudoers. The latest Client/Server (10.1.2) are affected.  Homepage: http://bsdh.dhs.org. By Freestyler and Xor^SS
buggyzilla.pl2763Jan 10 21:39:02 2002a34590985ad2c781d4a2ef465b370e00
Buggyzilla.pl exploits two vulnerabilities in bugzilla 2.14 or prior in order to execute commands on affected systems. This uses bad quotation of user input in bugzilla to gain access to administrator pages. The a weakness in the reports.cgi is then used to allow execution of commands. Advisory available here. Fix available here. By Funkysh
cm-ssh.tgz227312Jan 12 12:23:21 20027ef4c345b731ddb9c4c41793273edbf7
Cm-ssh is the Teso SSH remote exploit. Includes targets for SSH-1.5-1.2.27, SSH-1.99-OpenSSH_2.2.0p1, SSH-1.5-1.2.26, and SSH-1.5-1.2.31. Binary form only. Brute forces the stack.
debian-uucp.tar.gz1489Jan 21 21:34:08 2002c288ab795b3f52d9cc85af362801096c
Debian uucp v1.06.1 local uid=utmp or root exploit. Trojans uucp and uux, attempting to get a root shell. Based on an exploit by zen-parse. Tested on Debian PowerPC Unstable. By Charles Stevenson
gicu-dos.c1771Jan 24 23:31:05 2002619d5fe13a0c7cbcdc31462b9aab2591
GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0. By Christian Milow
hosting.controller.t..>3799Jan 7 22:44:54 20023e38c30aabfad13f773058326f5fac3d
Hosting Controller v1.4.1, an all-in-one administrative hosting tool for Windows, contains multiple vulnerabilities. It allows remote users to read any file on the system and browse non-public directories. Exploit URL's included. By Phuong
iisshell-1.3.tgz11776Jan 7 21:52:28 20022e63c70bedd349e50bde028caa0d132e
A small scanner and shell-like interface for the IIS unicode vulnerability (exploits directory traversal to reach cmd.exe). By Cartel Informatique
netgear.txt8123Jan 30 23:05:03 20029d7dbab5ae54817fb0af918b799bd42c
NetGear RO318 HTTP Filter Advisory - The firmware does not check URL's well enough and will send out restricted content if given a malformed URL. Includes perl exploit.  Homepage: http://home.tampabay.rr.com/nbs/. By Null Byte Security
nt.php.htm3826Jan 7 22:22:43 2002408c92549ba7db07950ad9720121c213
NT PHP.exe remote exploit. Allows any file on the webserver to be read.  Homepage: http://www.securiteam.com. By Securiteam
sniffit-exp1.txt6675Jan 18 21:11:07 20029e59a59251ace6f72b61e53cd1843f1f
Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option. By g463
sudo-xpl.sh1178Jan 16 22:59:44 2002055ebc951dada82997439ceafe436d5b
Local root exploit for sudo + postfix. Exploits sudo prior to sudo- Tested on debian powerpc unstable. By Charles 'core' Stevenson
w00aimexp.tgz10681Jan 2 18:17:19 2002daec79a085c3cb4e73ec9764785c7471
AOL Instant Messenger remote buffer overflow exploit. Affects AOL AIM for Windows stable v4.7.2480 and beta v4.8.2616. Over 100,000,000 users affected. Included shellcode shuts down the AIM client.  Homepage: http://www.w00w00.org. By Matt Conover
woot.java15295Jul 6 01:33:07 200265e717bab45e30856c4bca541beeeda8
Wu-ftpd 2.6.[0/1] remote heap overflow written in Java. Provides a remote shell. Includes targets for RedHat 7.0 and wu-2.6.0/1 from www.wu-ftpd.org.  Homepage: http://www.0x4553.org. By CraigTM
zml.cgi.txt1534Jan 1 22:03:35 2002a34aeee880ee35dee55047fb1ed2efca
Zml.cgi contains remote vulnerabilities which allow any file on the webserver to be read. Exploit URL included. Tested against Redhat w/ Apache. By Blackshell Development Team

Privacy Statement