| File Name |
File Size |
Last Modified |
MD5 Checksum |
| 0203-exploits.tgz | 1840053 | Apr 2 2002 00:05:51 | 07b176a4f3caa5aeb0e71dc7d048509d |
| Packet Storm new exploits for March, 2002. |
| osshchan.tgz | 20241 | Mar 29 2002 09:28:53 | ae4a56b17dda15f0c2b2ef133479a4e9 |
| OpenSSH 2.9p* channel_lookup() off by one exploit. Tested against SuSE Linux 7.2 and FreeBSD 4.5-STABLE with OpenSSH 2.9p1 and p2. Based on OpenSSH-2.9p2 source. By Morgan |
| sp_quickill.zip | 431940 | Mar 24 2002 21:09:41 | df1ed07f57c90114475fb5b2cedabf67 |
| Sp_Quickkill scans internal networks for unpatched windows machines, IIS and SQL. Homepage: http://www.sensepost.com. By Roelof Temmingh |
| Apache.Win32.txt | 3016 | Mar 22 2002 07:57:41 | 04bda8f5bf73eb6fe91b03b836198c35 |
| A vulnerability in the way the Windows versions of Apache parses batch files with cmd.exe allows remote users to execute commands on versions of Apache prior to 1.3.24 and 2.0.29-BETA. Exploit URL's included. By Ory Segal |
| DLA-18-03-2002.txt | 2741 | Mar 20 2002 09:47:50 | 93581200755ee08576317b5c3179619b |
| Microsoft posted a security bulletin on this (ms99-040) way back in September 28, 1999; it is still exploitable if the html file is run from the users local disk and not from a webserver or file-share. By Gollum |
| ucd-snmp.c | 12316 | Mar 13 2002 23:09:39 | b6e6a827e6265c29937e7052e444d49c |
| UCD-snmp v4.2.1 and below remote root exploit for the long community string overflow on Linux/x86. Tested against Slackware 8.0, includes instructions for finding more offsets. Binds a shell to tcp port 10000. By Jove |
| phpnukeEKO.txt | 970 | Mar 13 2002 21:15:24 | 2546c50f77cdccffa18d54d48870f2d9 |
| PHP Nuke 5.X path disclosure vulnerability through modules.php. Homepage: http://nyshock.hypermart.net. By Patryk K. |
| ptrace-dark.c | 3411 | Mar 12 2002 20:24:28 | 400dd79a65c806ae4fe25bee6f1573e4 |
| Ptrace2.4 is a local root exploit for linux kernels prior to v2.4.9 and 2.2.20. By Darknessx |
| php-nuke.5.5.css.txt | 1106 | Mar 12 2002 19:47:46 | 392663e5198a29c4a1c3c2daf1b7e121 |
| PHP Nuke v5.5 has a cross site scripting vulnerability. Exploit information included. Homepage: http://hackergurus.tk. By Ravish |
| hhp-qtip.c | 1350 | Mar 12 2002 19:44:26 | b1f1e53e81b7b495f4faeb362d585475 |
| Hhp-qtip.c is a local root exploit for /usr/bin/tip on BSDI 4.2. Requires access to tip, usually gid(dialer). Homepage: http://www.hhp-programming.net. By Cody Tubbs |
| Xerver-2.10.txt | 4162 | Mar 7 2002 21:59:40 | f5c20e4013a63f1117a415ea47a3fc93 |
| The Xerver Free Web Server v2.10 contains file disclosure and denial of service vulnerabilities. Platforms affected include Windows, Linux, BSD, Solaris, and Mac. Exploits included. By Alex Hernandez |
| phpxpl.c | 12998 | Mar 6 2002 22:14:46 | 0f3502ccdfd5f2739f73f8841d4708ba |
| PHP 3.0.16/4.0.2 remote root format string overflow exploit for Linux/x86. Included shellcode adds a root shell on tcp port 1524 to inetd.conf. By Count August Anton Wilhelm Neithardt von Gneisenau |
| vwxploit.tar.gz | 340795 | Mar 5 2002 22:42:55 | b19a0556613b5a2bd2a5bb32ab7c84e0 |
| Cygwin Windows port of the Interscan VirusWall 3.23/3.3 exploit. Ported by Luigi Grandini |
| realown.tar.gz | 340890 | Mar 5 2002 22:41:35 | 36989e96eebc153db49cfe7e9be93297 |
| Cygwin port of the unix port of the real own realserver exploit. Ported by Luigi Grandini |
| apache_php.tar.gz | 339383 | Mar 5 2002 22:39:29 | bdf92baef409ba2576ddfb67c6972625 |
| Cygwin Windows port of the Apache 1.3.x + php 4.0.6 proof of concept exploit for the multipart/form-data POST requests bug. This exploit crashes the daemon. Ported by Luigi Grandini |
| agate.tar.gz | 339340 | Mar 5 2002 22:38:00 | b0e6e1f796741cc0afbcb3fd7b954d46 |
| Avirt Gateway 4.2 remote exploit ported to Windows with Cygwin. By Luigi Grandini |
| Colbalt-RAQ-v4.txt | 5236 | Mar 4 2002 08:56:42 | a4e649e09cdd871f9843ce8582d573d5 |
| Cobalt's RAQ 4 server has three remote vulnerabilities. The service.cgi script has a cross site scripting vulnerability because it incorrectly parses the incoming searches and includes HTML tags and Javascript in the result. A directory traversal vulnerability allows attackers to read restricted files or passwords and profiles the users. In addition, a very long URL string will crash the service. Exploits included. By Alex Hernandez |
| apache_php.c | 3660 | Mar 4 2002 00:26:43 | 5126bbf8e63b2126ebdd8a9450b62ff8 |
| Apache 1.3.x + php 4.0.6 proof of concept exploit for the multipart/form-data POST requests bug. This exploit crashes the daemon. Homepage: http://qb0x.net. By Gabriel A. Maggiotti |
