.:[packet storm]:. ArchivesForums

about | forums | assessment | defense | papers | magazines | miscellaneous | links

To change sort order, click on the category. Sorted By: Last Modified.
.: 0201-exploits
File Name File Size Last Modified MD5 Checksum
woot.java15295Jul 6 2002 01:33:0765e717bab45e30856c4bca541beeeda8
Wu-ftpd 2.6.[0/1] remote heap overflow written in Java. Provides a remote shell. Includes targets for RedHat 7.0 and wu-2.6.0/1 from www.wu-ftpd.org.  Homepage: http://www.0x4553.org. By CraigTM
0201-exploits.tgz275995Feb 2 2002 00:08:1668671ffeb8f1ab115e5962caeab7c9a6
Packet Storm new exploits for January, 2002.
netgear.txt8123Jan 30 2002 23:05:039d7dbab5ae54817fb0af918b799bd42c
NetGear RO318 HTTP Filter Advisory - The firmware does not check URL's well enough and will send out restricted content if given a malformed URL. Includes perl exploit.  Homepage: http://home.tampabay.rr.com/nbs/. By Null Byte Security
BSD-H_osx_local_root..>1042Jan 30 2002 21:24:194e32ba3a79c40f5908183ffc60896118
RootX is a local Macintosh OS/X exploit for sudo. Must be in sudoers. The latest Client/Server (10.1.2) are affected.  Homepage: http://bsdh.dhs.org. By Freestyler and Xor^SS
gicu-dos.c1771Jan 24 2002 23:31:05619d5fe13a0c7cbcdc31462b9aab2591
GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0. By Christian Milow
debian-uucp.tar.gz1489Jan 21 2002 21:34:08c288ab795b3f52d9cc85af362801096c
Debian uucp v1.06.1 local uid=utmp or root exploit. Trojans uucp and uux, attempting to get a root shell. Based on an exploit by zen-parse. Tested on Debian PowerPC Unstable. By Charles Stevenson
sniffit-exp1.txt6675Jan 18 2002 21:11:079e59a59251ace6f72b61e53cd1843f1f
Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option. By g463
attn.tar.gz3830Jan 18 2002 20:59:02228228e20fdbea6cba09e2718ad8cad0
Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4- and at-3.1.8-12 packages installed. By zen-parse
sudo-xpl.sh1178Jan 16 2002 22:59:44055ebc951dada82997439ceafe436d5b
Local root exploit for sudo + postfix. Exploits sudo prior to sudo- Tested on debian powerpc unstable. By Charles 'core' Stevenson
cm-ssh.tgz227312Jan 12 2002 12:23:217ef4c345b731ddb9c4c41793273edbf7
Cm-ssh is the Teso SSH remote exploit. Includes targets for SSH-1.5-1.2.27, SSH-1.99-OpenSSH_2.2.0p1, SSH-1.5-1.2.26, and SSH-1.5-1.2.31. Binary form only. Brute forces the stack.
boozt.c4388Jan 10 2002 22:16:3854a2881575b025fcef77361b2bb13609
The Boozt! banner management software for Linux v0.9.8alpha remote exploit. Included shellcode creates a suid httpd shell in /tmp. Fix available here. By Rafael San Miguel Carrasco
buggyzilla.pl2763Jan 10 2002 21:39:02a34590985ad2c781d4a2ef465b370e00
Buggyzilla.pl exploits two vulnerabilities in bugzilla 2.14 or prior in order to execute commands on affected systems. This uses bad quotation of user input in bugzilla to gain access to administrator pages. The a weakness in the reports.cgi is then used to allow execution of commands. Advisory available here. Fix available here. By Funkysh
hosting.controller.t..>3799Jan 7 2002 22:44:543e38c30aabfad13f773058326f5fac3d
Hosting Controller v1.4.1, an all-in-one administrative hosting tool for Windows, contains multiple vulnerabilities. It allows remote users to read any file on the system and browse non-public directories. Exploit URL's included. By Phuong
nt.php.htm3826Jan 7 2002 22:22:43408c92549ba7db07950ad9720121c213
NT PHP.exe remote exploit. Allows any file on the webserver to be read.  Homepage: http://www.securiteam.com. By Securiteam
iisshell-1.3.tgz11776Jan 7 2002 21:52:282e63c70bedd349e50bde028caa0d132e
A small scanner and shell-like interface for the IIS unicode vulnerability (exploits directory traversal to reach cmd.exe). By Cartel Informatique
w00aimexp.tgz10681Jan 2 2002 18:17:19daec79a085c3cb4e73ec9764785c7471
AOL Instant Messenger remote buffer overflow exploit. Affects AOL AIM for Windows stable v4.7.2480 and beta v4.8.2616. Over 100,000,000 users affected. Included shellcode shuts down the AIM client.  Homepage: http://www.w00w00.org. By Matt Conover
zml.cgi.txt1534Jan 1 2002 22:03:35a34aeee880ee35dee55047fb1ed2efca
Zml.cgi contains remote vulnerabilities which allow any file on the webserver to be read. Exploit URL included. Tested against Redhat w/ Apache. By Blackshell Development Team

Privacy Statement