File Name |
File Size |
Last Modified |
MD5 Checksum |
0209-exploits.tgz | 4528261 | Oct 9 17:57:49 2002 | d61e47de2cd35e4a4c6debc4aecef9d2 |
Packet Storm new exploits for September, 2002. |
afd-expl.c | 2205 | Sep 5 21:33:42 2002 | f273a2abf33bbe40cc716f3cc0cc09a5 |
AFD v1.2.14 local root heap overflow exploit. Includes offset for Redhat 7.3 and instructions for finding offsets. Homepage: http://www.netric.org. By eSDee |
alsaplayer-suid.c | 2104 | Sep 23 07:49:29 2002 | d3864c1d3454e61a8246fa4e1966ac8f |
AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71. By zillion By KF |
apache-linux.txt | 18138 | Sep 18 23:39:21 2002 | 6c13247823eb45dd5c16db33f5077072 |
Apache OpenSSL handshake exploit for Linux/x86, from a circulating Apache worm. Spawns a nobody shell on tcp port 30464. Includes targets for most recent distributions. By Nebunu |
apache-ssl-bug.c | 19418 | Sep 25 14:58:21 2002 | 1be047c32ae0e2d1d8930d2ce4c4f7cc |
This exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit. By Andy. |
apscan2.tgz | 94609 | Sep 29 23:37:40 2002 | f56c7c14685cd643a637f60e42497615 |
Apache OpenSSL v0.9.6d mass scanner. When a vulnerable server is found code is launched. Includes targets for Apache 1.3.6, 1.3.9, 1.3.12, 1.3.19, 1.3.20, 1.3.26, 1.3.23, and 1.3.14. Includes openssl-too-open binary. By Nebunu |
aspcode.c | 45626 | Sep 2 17:38:42 2002 | 921d412df9cff8fa94e2aaff0a650ce3 |
Aspcode.c is an IIS v4.0, 5.0 5.1 asp.dll buffer overflow exploit for Windows. By Yuange |
autolinuxconf.tgz | 2880 | Sep 11 07:05:00 2002 | 835c256e407b88f79f3720a9d406f353 |
Autolinuxconf.tgz is an improved exploit for linuxconf <= 1.28r3 which has been found to work on Mandrake 8.1 and 8.2 and Redhat 7.2 and 7.3. Homepage: http://www.myseq.com. By Syscalls |
bakkum.c | 8137 | Sep 23 07:24:48 2002 | 88f53e3ca0b89baf95643a18cb9584bb |
Remote root exploit for Linux systems running Null httpd 0.5.0. Tested to work against Red Hat Linux 7.3. Homepage: http://www.netric.org. By eSDee |
bugtraqworm.tgz | 87726 | Sep 16 10:19:29 2002 | fc2a65953a4b98971888d9b5df4d1c53 |
Linux Slapper Worm - This file contains the binaries and source code for the current Apache worm which affects multiple versions of Linux. It exploits an OpenSSL buffer overflow to run a shell on the remote system and also contains the ability to perform a DDoS attack. These files were found in the wild from machines that had been compromised. |
cgitelnet.pdf | 45271 | Sep 2 08:35:23 2002 | cb3d0aa2678e9486c390c0e477aa0e01 |
CGI-Telnet 1.0, a cgi telnet script that runs on various Unix and NT webservers has vulnerabilities which can be manipulated into giving a user access. The password file is accessible in the web path and passwords are kept DES encrypted. Homepage: http://neoerudition.net. By Lawrence Lavigne |
cisco-vpn-5000-lnx.c | 1848 | Sep 19 05:02:03 2002 | 7943a0a865858b090e32ef6d43864ca5 |
This exploit abuses a local buffer overflow in the Cisco VPN 5000 Linux client v5.1.5 close_tunnel binary to spawn a root shell. Homepage: http://www.safemode.org. By Zillion |
compress_expl.c | 1799 | Sep 21 02:34:25 2002 | 599d99a8e14ed34f83f118d3d2d84799 |
Compress v4.2.4 local test exploit for Linux systems. Homepage: http://www.netric.org. |
coudrape.c | 1621 | Sep 11 07:18:00 2002 | 84517123be77c81385f4331da5de0b49 |
Efstool local root exploit for linux/x86 in C. By Cloudass |
efstool.pl | 646 | Sep 11 07:15:00 2002 | adcba327cd833a9c94c4cfbf10570e96 |
Efstool local root exploit for linux/x86 in perl. By user_15335[at]erato.uk.clara.net |
efstool.txt | 6573 | Sep 12 15:27:30 2002 | 044dc4da250fc55be975c7fb9c557d87 |
Efstool local root exploit. A condition has been found in efstool which is shipped with Redhat and Slackware linux (and possibly other distributions) which, given the right environment, root privileges can be gained. Full research provided. Homepage: http://www.soldierx.com. By ntfx |
elinuxconf2.c | 1687 | Sep 2 09:10:41 2002 | 9902c624a4fa627d34e0dd222043ded8 |
Another Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on Mandrake Linux 8.2. Homepage: http://www.scan-associates.net. By pokleyzz |
ES-cisco-vpn.c | 3087 | Sep 19 05:07:14 2002 | a2c3a57714a738b22361ec246558f0da |
Cisco VPN 5000 Linux client version 5.1.5 local root exploit that uses the close_tunnel binary. By ElectronicSouls |
free-apache.txt | 9102 | Sep 18 23:34:19 2002 | c951622daa65e39d1df562c2219acecc |
FreeBSD Apache exploit based on apache-worm.c. Affects FreeBSD 4.5 Apache 1.3.20-24. Sends a nobody shell to TCP port 30464. This is a fixed version - Prior versions were broken. By Nebunu |
gawk_expl.c | 1047 | Sep 21 02:37:51 2002 | 9e653a0462e3f7ef60c123e9ca381c63 |
Linux proof of concept exploit for a local buffer overflow in GNU Awk 3.1.0-x. Homepage: http://www.netric.org. |
gm010-ie | 4712 | Sep 10 23:20:53 2002 | 0a3d976bfa8b7f03c04ae3576b7fb110 |
GreyMagic Security Advisory GM#010-IE - Microsoft Internet Explorer 5.5 and above are vulnerable to an attacker who can execute scripts on any page that contains frame or iframe elements, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that an attacker can steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine. Note that any other application that uses Internet Explorer's engine is also affected. Homepage: http://sec.greymagic.com/adv/gm010-ie/. |
guardadv.db4web.txt | 3215 | Sep 21 01:09:06 2002 | 64d4d5f90284d5f5e2d2bb4d52fe728f |
Guardeonic Solutions Security Advisory #01-2002 - The DB4Web Application Server for Linux, Unix, and Windows can be accessed with malicious URLs allowing users to download any readable file on the server. Exploit URL's included. Homepage: http://www.guardeonic.com. By Stefan Bagdohn |
gv-exploit.pdf | 1377 | Sep 30 22:44:40 2002 | da9705f79a8782d078819470306ac5c0 |
Buffer overflow exploit for gv v3.5.8 on linux which creates the file /tmp/itworked when gv opens the PDF. Some mail readers use GV to view pdf's. Tested on Red Hat 7.3. Homepage: http://www.idefense.com. By Zen-Parse |
idefense.dinoweb.txt | 2429 | Sep 23 21:27:17 2002 | c2e5dd5d49683b918059438a2f7d405a |
iDEFENSE Security Advisory 09.23.2002 - A vulnerability exists in the latest version of the Dino Webserver that can allow an attacker to view and retrieve any file on the system. Homepage: http://www.idefense.com. By David Endler |
idefense.libkvm.txt | 3351 | Sep 17 05:29:59 2002 | b728af73087e744934fdfbbea052f689 |
iDEFENSE Security Advisory 09.16.2002 - The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These five programs are installed setgid kmem by default. Exploit information included. Homepage: http://www.idefense.com. By David Endler and Jaguar |
idefense.smrsh.txt | 5421 | Oct 1 23:17:32 2002 | 6b1f79ee66a3ac3df14ff5df61ce1de7 |
DEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here. Homepage: http://www.idefense.com. By David Endler, Zen-Parse, and Pedram Amini |
interbase-gds-exploi..> | 1777 | Sep 26 04:49:32 2002 | 0ecb679470d57b48ec01e63e5ca67c13 |
This exploit uses a symbolic link vulnerability in the Borland Interbase gds_lock_mgr binary to overwrite /etc/xinetd.d/xinetdbd with code that spawns a root shell on port 666 TCP. Homepage: http://www.i-security.nl. By grazer |
k3.c | 1985 | Sep 19 02:33:53 2002 | a91745fde8b472e0455ff81b929e63c3 |
k3.c is a Linux proof of concept exploit for a buffer overflow vulnerability that exists in the atftp client version 0.5 and 0.6. Homepage: http://www.netric.org By sacrine. |
lconfmdk.c | 4215 | Sep 17 04:39:57 2002 | 0d6dda171bc76298526af8422229e9cb |
Linuxconf local root exploit for Mandrake 8.2. By Priest. |
linuxconf.c | 1917 | Sep 2 09:07:09 2002 | 9e3fb1c2aba9c8f13a8b0068713b3667 |
Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on RedHat 7.0 with linuxconf 1.25r3. By Jin Yean Tan |
massrooter.tar.gz | 1505102 | Sep 6 17:33:48 2002 | 7b5a9c6d711c0796b6a85aa94c7a1f52 |
Massrooter takes advantage of vulnerabilities in bind, lpd, rpc, wuftpd, telnet, mail, ssl, and ssh on multiple systems. By Daddy_cad |
mdklinuxconf.c | 1757 | Nov 30 12:25:30 2002 | e617b71655e152bbee80aa2767e49ca1 |
Mandrake 8.2 linuxconf local root exploit. By Pokleyzz |
nslconf.c | 3381 | Sep 29 21:53:41 2002 | d7351358fc20587891f1f8c16b558242 |
Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3. Homepage: http://www.netsearch-ezine.com. By Raise |
ohMy-another-efs.c | 7612 | Sep 20 11:11:34 2002 | c20b9e3e46a310536130a5d004e7bfff |
Efstool local root exploit which works against Redhat 7.3. Homepage: http://www.daforest.org/~j0ker/index.html . By Joker |
openbsd-select-bug.t..> | 3560 | Sep 29 03:11:35 2002 | 11b34ff9c52e9241262598028265afec |
Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1. Homepage: http://www.drugphish.ch. By Sec |
openssl-bsd.c | 29820 | Sep 30 02:24:51 2002 | 93c74bbed4fa5628590f8a08cc6a569d |
Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Updated by CrZ, Ech0, and ysbadaddn. |
openssl-too-open.tar..> | 18396 | Sep 17 06:49:52 2002 | 6c37282f541f13add85e5b2b76e3678e |
OpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis. Homepage: http://phreedom.org. By Solar Eclipse |
phpcrlf.txt | 4861 | Sep 10 21:25:52 2002 | fb701d51ad9b8b40f4146b525decc01a |
fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays. By Ulf Harnhammar |
pirch98.zip | 15901 | Sep 5 00:14:24 2002 | 4828fff9ebe60b2e0057cb601748011c |
Pirch98 irc client contains a buffer overflow which can allow remote code execution in the way that pirch 98 handles links to other channels and websites. The Pirch98 client now shipping at www.pirch.com has been fixed. Includes ASM source and Windows binary for an exploit which opens a shell on port 31337. By Vecna |
pwck_exp.c | 3099 | Sep 4 22:30:36 2002 | 5bf12aa6da163e5d29f5c86199ba3290 |
Pwck local linux buffer overflow exploit. By default /usr/sbin/pwck is not setuid, if +s pwck bingo #. Tested on Mandrake 8.2. By Tacettin |
pwck_expl.c | 2212 | Sep 16 20:38:42 2002 | e75c0f9d4f3f94b01dfe8ec10f582fa4 |
Pwck local exploit for Redhat 7.2. /usr/sbin/pwck must be -rwsr-sr-x to give a root shell. By Klep |
qspl.c | 1100 | Sep 21 01:32:15 2002 | 5bd205acc310c5c0a4a244f24352737d |
Qstat 2.5b local root exploit for Linux. Tested on Debian GNU/Linux (Woody). Since Qstat is not SUID by default this script is not useful for gaining more access to a linux system. By Oscar Linderholm |
qute.pl | 1786 | Sep 24 00:13:22 2002 | 6182325164cd3e63f9c2688fa96bcc6f |
Qute.pl is a perl script which exploits a buffer overflow in Qstat 2.5b. Since Qstat is not SUID by default this script is useless. By Arne Schwerdtfegger. |
rootprobe.sh | 1599 | Nov 30 12:33:45 2002 | 28b219ae719f042d7c7ce6eac9ef28bd |
Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x. Homepage: http://www.team-teso.net. By Sebastian Krahmer |
scalpel.c | 7175 | Nov 30 12:24:01 2002 | dcffeb448888592287ff24ca6be0c617 |
Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user. Homepage: http://www.team-teso.net. By Sebastian Krahmer |
scrollkeeper.txt | 3668 | Sep 3 23:02:08 2002 | 50e765c00289c2db6b2c1e3233a003bc |
A vulnerability exists in the insecure creation of files in /tmp by Scrollkeeper versions 0.3.4 and 0.3.11. Proof of concept exploit included. By Spybreak |
smbkillah.c | 16004 | Sep 4 15:54:35 2002 | 6fd9ace29c75dceb75b2523f9af18d4f |
Smbkillah.c exploits the SMB death bug in the WinXX OS. By b0uNtYkI113r |
SQLScan.zip | 24788 | Sep 4 22:07:41 2002 | 6e80ac480a5081c6d7b2b7381a02f471 |
SQLScan v1.0 is intended to run against Microsoft SQL Server and attempts to connect directly to port 1433. Features the ability to scan one host or an IP list from an input file, the ability to scan for one SQL account password or multiple passwords from a dictionary file, and the ability to create an administrative NT backdoor account on vulnerable hosts, which will fail if xp_cmdshell is disabled on the server. By NTSleuth |
SQLTools.rar | 85807 | Sep 5 23:05:17 2002 | efeeb8be77d011e25f8dc1cfb38fa77e |
SQLTools is a collection of tools for auditing MSSQL servers including SQLScanner,SQLPing, SQLCracker, SQLDOSStorm, and SQLOverflowDos. By Refdom |
ssh3.tar.gz | 2241217 | Sep 6 17:30:02 2002 | abf180ace6bd404efc6c00127e6d5213 |
Ssh3.tar.gz is a LPRng, Named, FTPD, SSHD, RPC and Telnetd mass scanner/rooter. By Daddy_cad |
SSL-scan.tar.gz | 115124 | Sep 29 23:26:14 2002 | 77c9e8f827451addb1ba3c347d35e4c8 |
Apache + OpenSSL v0.9.6d and below exploit for FreeBSD. Tested on FreeBSD 4.4-STABLE, FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, and FreeBSD 4.6-RELEASE-p1 with Apache-1.3.26 and Apache-1.3.19. Modified to brute force the offset from openssl-too-open.c. Includes scanners. WARNING: The binaries in this archive are infected with the ELF_GMON.A virus which sets up a backdoor on UDP port 3049. Updated by CrZ and Ech0. |
SurfinGate.txt | 2471 | Sep 4 23:59:30 2002 | 1458603dc6c13802ef082062b929b537 |
The Finjan SurfinGate 6.0x on Windows NT 4.0 and 2000 can be bypassed by using IP addresses instead of hostnames or by adding a dot to the end of hostnames. Homepage: http://www.computec.ch. By Marc Ruef |
sws_web_killer.c | 2157 | Sep 2 09:32:39 2002 | b4f2224f7060b64ce3e013d5f258a859 |
Proof of Concept Exploit for SWS Web Server v0.1.0. The SWS web server will re-spawn its process every time it receives a string without a linebreak. Tested on: Slackware 8.1 and Redhat 7.0. By SaMaN |
sx-slap.pl | 1106 | Sep 12 05:22:18 2002 | 727c37f6b87d09e49e5738313b20ce83 |
Remote / Local buffer overflow for Savant Web Server 3.1 and below, as described in Foundstone advisory 091002-SVWS. Crashes the daemon, no patch is available as of the 11th of Sept, 02. Homepage: http://legion2000.security.nu. By NTFX |
targets.319 | 34692 | Sep 11 07:31:01 2002 | d6d6df1179ca1c74160efd5cdeb5b0c0 |
List of targets for the x2 remote crc32 ssh exploit which contains 319 entries. |
trillian-ini-decrypt..> | 5538 | Sep 9 21:53:31 2002 | 8f33c678cbd7adb091aaa4b1764a89ce |
Trillian, a popular utility used in conjunction with various Instant Messaging like ICQ, AIM, MSN Messenger, etc, stores a User's password utilizing a simple XOR with a key that is uniform throughout every installation. This utility decrypts all related .INI files displaying a list of usernames, "encrypted" passwords, and plain text passwords. By Evan Nemerson |
Trillian-Privmsg.c | 2377 | Sep 20 07:32:58 2002 | b8200c45f1819c16c6c76345ee427d53 |
Exploit for the PRIVMESG DoS that exists in several Trillian versions. This code, which emulates an IRC server, should work against Trillian version 0.73 and 0.74. Compiles on Windows - Tested with Borland 5.5 Commandline Tools. By Lance Fitz-Herbert |
trillident.c | 4665 | Sep 21 00:35:05 2002 | 73cffa14787d80bf5655dc7c2ecb1125 |
Exploit for the PRIVMESG remote denial of service vulnerability that exists in Trillian v.73 and .74 which sends an overflow in the ident connection. Compiles on Unix based OS's. By Netmask |
TRU64_dtaction | 995 | Sep 10 22:10:28 2002 | bad813771eedaf4767d6244cfb4ba69c |
Proof of concept local root exploit for dtaction on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com/. By stripey |
TRU64_dtprintinfo | 992 | Sep 10 22:15:10 2002 | 7e52f96fd8503185cc33cb015befcb06 |
Proof of concept local root exploit for dtprintinfo on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
TRU64_dtterm | 1037 | Sep 10 22:17:34 2002 | fbc1785d31e44f9c9588303d7828137f |
Proof of concept local root exploit for dtterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
TRU64_dxterm | 901 | Sep 10 22:20:02 2002 | dcff3ccecc59db66d33b935d1b1113d9 |
Proof of concept local root exploit for dxterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
TRU64_nlspath | 2859 | Sep 10 22:27:31 2002 | dee2152324a9cc4b106b58e6c131dfef |
Proof of concept local root exploit written in Perl for NLSPATH overflow on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
TRU64_su | 946 | Sep 10 22:36:28 2002 | f587978781a3655004ef60d6595781ee |
Another version of the proof of concept local root exploit for su on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
TRU64_xkb | 2175 | Sep 10 22:38:22 2002 | b7d1b4f1d2f36cd4d8925080798e18fd |
Proof of concept local root exploit for _XKB_CHARSET on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here. Homepage: http://www.snosoft.com. By stripey |
unishell.pl | 10904 | Oct 21 23:58:42 2002 | b31f98e1ede92b439df11826c886cdd8 |
Unicode IIS exploit in perl. Tries 20 ways. By Pakk. |
upb.admin.txt | 2155 | Sep 5 22:47:23 2002 | b062b12a3b4fcbc8784d6ef88b87722a |
Ultimate PHP Board (UPB) prior to Public Beta v1.0b allows users to gain admin access. Exploit information included. Homepage: http://www.hackeri.org. By Hipik |
vbull.c | 4075 | Sep 24 22:53:47 2002 | 0569a0851a81caa5f67a940a3af6fe2d |
Vbulletin/calender.php remote command execution exploit. By Gosper |
woltlab.txt | 1959 | Sep 10 23:30:05 2002 | f6e418e576a98c54acfc3e3af0967bb9 |
Woltlab Burning Board 2.0 RC 1 has a vulnerability that allows any user (even guests, depending on the configuration) to compromise every other account due to a variable containing unchecked user input in board.php, which can be used for a sql injection attack. By Cano2 |
wuscan.tgz | 183110 | Sep 6 17:32:43 2002 | eb2b86497f9b9f51773beea85d15123a |
Wu-ftpd 2.6.1 mass rooter / scanner. By Daddy_cad |
zyxbrut.c | 2065 | Dec 14 06:28:02 2002 | 5f844ffa9b55b1b76815a74672ea8085 |
Zyxbrut.c is a brute force program written for the ZyXel router telnet service. By BetaFly Computer Team |
zyxbrut.c.orig | 2066 | Dec 14 06:27:54 2002 | aa0507fb1ed8677a43d8e629ad4d5380 |
sorry, a description is unavailable. |