.:[packet storm]:. ArchivesForums

about | forums | assessment | defense | papers | magazines | miscellaneous | links

To change sort order, click on the category. Sorted By: File Size.
.: 0207-exploits
File Name File Size Last Modified MD5 Checksum
0207-exploits.tgz831290Aug 1 11:15:09 2002e946a2e3f8758ad47c16b18cfa06296c
Packet Storm new exploits for July, 2002.
ieen030.zip744707Jul 7 22:22:06 20025e94f7b3c5390127c607d935b8aa1e59
IE'en remotely controls Internet Explorer using DCOM. Windows username and password required. This tool can capture data sent and received using Internet Explorer and more.  Homepage: http://www.securityfriday.com/ToolDownload/IEen/ieen_doc.html. By Soap
xploit.phps33457Jul 30 23:32:26 200246452334aac570201d710e1e5be71100
PHP exploit lab v1.0 - Attempts to browse, read, execute, and mysqlread.  Homepage: http://darkshells.ath.cx. By Dodo
opensslrv.txt20101Jul 31 00:00:33 2002525656635d05597960825cb10ebae0fb
OpenSSL v0.9.6d and below remote exploit. In Spanish and HTML. By Haxors Lab and Bastard Slacker
eat_gopher.pl17100Jul 30 01:23:04 20022a09eb0b9caf8054b336df4c417a2692
IE gopher buffer overflow exploit. Tested on W2k Korean and Wme Korean.  Homepage: http://monkey.org/~mat/. By JW Oh
sshutup-theo.tar.gz14816Jul 3 01:04:58 20023a6b522ce65322faa42f49ce3087e5fd
OpenSSH v2.9.9 to 3.1 remote root exploit for the default install of Openbsd 3.x. This tarball is a set of patches for the OpenSSH v3.4p1 client. Takes advantage of a bug in the challenge response handling code.  Homepage: http://www.immunitysec.com/GOBBLES/.  By Gobbles Security
vncsunpci.c14694Jul 3 22:51:57 200204f239e954d52792e6cb6b953794d8bf
SunPCi II v2.3 comes with a modified VNC which allows an attacker to discover the password if he can sniff the traffic between client and server. Decoding program tested on Linux and Solaris.  Homepage: http://www.trust-factory.com. By Richard van den Berg
codeblue.txt13694Jul 23 22:10:49 20023445855247a194bb95a591505b9a0a8e
Code Blue remote exploit for OpenBSD. Code blue is a code red scanner with several vulnerabilities. By Demi Sex God from Hell
snmpXauto.c11621Jul 10 21:33:40 2002e49ce9de1f361fae3fa9280c9c2dbdbb
SnmpXdmid auto rooter based on snmpXdmid exploit from http://lsd-pl.net. By Tracewar.
mercrexp.c10946Jul 18 01:14:38 2002b96fa01c77bd8705dbb5f1c4144d6dae
Mercur mail server v4.2 remote exploit. The Mercur mail server's control service listens to tcp port 32000 and is vulnerable to a buffer overflow in the password field. Tested against Windows 2000 and XP pro. Sends a shell to port 3333. By 2c79cbe14ac7d0b8472d3f129fa1df55
sendmail.8.11.x.c10056Oct 2 22:47:18 20022208cdd278d3a6de2a4cb062738312da
Sendmail 8.11.5 and below local root exploit. Tested against Red Hat 7.0 and 7.1, SuSE 7.2, and Slackware 8.0. By SD
mmaxexp.c9947Jul 23 21:35:58 2002cf616b36eec096e8bad38f8ea2da7487
MailMax Standard/Professional popmax v4.8.2.5 and below remote exploit. Sends a long USER string to the pop3 daemon. Tested against Windows 2000 Professional/Server and Windows XP Professional. Patch available here. By 2c79cbe14ac7d0b8472d3f129fa1df55
linx86_bind.c9329Nov 17 06:18:16 20023f51fe2cbc7c5d6d666808c7e189988c
Bind 8.2 8.2.1 8.2.2 8.2.2-PX remote root exploit for Slackware 4.0 and Redhat 6.2. Exploits the infoleak bug to generate a DNS tsig exploit packet. The uses an assembly routine to bypass tightly configured firewall systems (with only 53 tcp/udp port open).  Homepage: http://lsd-pl.net.
kcms_sparc.c8640Jul 7 23:13:29 2002230e21f0977e1a95ae6d4a4f6fb61b35
Kcms_configure -o -S command line local root buffer overflow for SPARC/solaris 8. More information available here. By Adam Slattery
GOBBLES-own-super.c8395Jul 31 00:12:05 200296cba2ba3dc1b0c8a10b12658ce03648
Super, a sudo clone, v3.18 local root format string exploit.  Homepage: http://www.bugtraq.org. By Gobbles
imailexp.c8258Jul 30 00:06:16 200222ae348b69df28ff99a57f3426cc6dc5
IPSwitch IMail Server v7.11 remote system exploit. Overflows the GET parameter in the Web Messaging daemon in all IMail versions to date. There are over 49 million users of IMail worldwide. Patch available here. By 2c79cbe14ac7d0b8472d3f129fa1df55
solx86_bind.c7302Oct 2 19:54:23 2002d53ed37d58ba609a3bd552ca9347b103
Bind v8.2, 8.2.1, 8.2.2, and 8.2.2-PX remote root exploit for Solaris 2.7 x86.  Homepage: http://lsd-pl.net. By The Last Stage of Delerium
DLA-25-06-2002.txt6409Jul 4 02:01:19 2002c38f830b059323d85d83d5c54f9b6354
Digit-Labs Security Advisory DLA-25-06-2002 - Microsoft Internet Information Server 5.0 Administration Web Site redirect proof of concept exploit.  Homepage: http://www.digit-labs.org. By Gollum
omni-overflow.c5871Jul 3 00:09:18 200268b5a2924052cd620c6e448c51ef2e16
OmniHTTPd v2.09 remote denial of service buffer overflow exploit. Uses a big in the handling of long HTTP versions. By Nictuku
argospill.sh4462Jul 4 01:14:28 200269ad0d9d9a31fcdbf4bd62ccbd76ccf2
Argosoft Mail Server v1.8.1.5 Plus/Pro Webmail reverse directory traversal exploit which allows an attacker to retrieve any file on the disk readable by the mail server. The freeware edition of Argosoft Mail Server is not vulnerable. Fix available here.  Homepage: http://nfinity.yoll.net. By Team N.finity
nn-expl.pl4185Jul 12 00:27:00 2002cfa6fafc1e015c01220be42e3967e449
Remote format string exploit for the nn news reader v6.6.4 and below. The vulnerability resides in the code that handles NNTP server responses.  Homepage: http://www.safemode.org.  By zillion
tracerouteexp.tgz4087Jul 23 20:16:14 2002ec37176265c2d7ab43a56e64385140cc
Nanog traceroute format string local root exploit.  Homepage: http://www.minithins.net.  By SpaceWalker
su.c2729Jul 30 13:12:06 2002cb72708fda78a3fe02884eca76a122cf
/bin/su tru64 local root exploit. Works even with non-exec stack enabled.  Homepage: http://www.snosoft.com. By Phased
domino.r4.txt2556Jul 3 00:17:57 2002dabd2b10dd9a90345ade3a6c91798408
Lotus Domino Web Server R4 on AIX (other platforms not tested) allows remote users to download files in the web root regardless of ECL's or permissions.  Homepage: http://Digisec.org. By Andrew T
gpm-ex.pl2421Jul 23 20:04:04 2002ab2062ec424cefab49197a8b0302e189
Gpm v1.19.6 and below local format string exploit in perl. Note that GPM is not suid. Tested on gpm-Linux 1.19.2. By Killah
2fax.c2280Jul 7 21:22:15 2002425a9a33690eba32fe3fcb42f4c778a6
2fax -bpcx option local exploit for Linux.  Homepage: http://lbyte.void.ru. By crazy_einstein[at]yahoo.com
bp_artsd.c1990Aug 1 11:22:26 2002916f2ce88906e5d62424a4688a27f6f0
KDE 2/3 artsd 1.0.0 local root exploit proof of concept. Artsd is not suid - exploit written for practice. By Kokane
safemode-adv-nn.txt1806Jul 6 01:43:45 200278ff1b9819b8ec20612941f3cc93c67d
NN v6.6.3 and below remote format string exploit for FreeBSD. Malicious server owners can use this vulnerability to execute code on systems that are connected with affected clients. Fix available here.  Homepage: http://www.safemode.org. By Zillion
DSR-php4.2x.c1786Jul 27 03:31:17 200258ecc56a105c84c16cacabb2d7b4ba2c
PHP v4.2.0 and 4.2.1 with Apache 1.3.26 POST bug proof of concept exploit for x86. Produces a segmentation violation (signal 11). By Bob
0x4553artsd.c1680Jul 9 23:51:32 200228ee2d6d19ee868c1a758c0011617b4e
Local buffer overflow exploit for KDE's artsd v2.x and 3.x.  Homepage: http://www.0x4553.org. By Burn-x and 0x90
apache-chunk.c1614Jul 7 23:44:40 2002ca292a7c969c9fe595d0b5503fb7443c
Apache remote DoS (1.3.x/2.0.x branches) based on the recent flaw met in chunked encoding.  Homepage: http://www.dtors.net. By Bob
kf-1.2.txt1254Jul 7 23:04:06 20023c3b2ab77b22fab41d763a6e86b4cf30
The KF Web Server v1.0.2 shows file and directory content if %00 is appended to the URL. Patch available here.  Homepage: http://www.securiteinfo.com. By Arnaud Jacques

Privacy Statement