.:[packet storm]:. ArchivesForums
 

 
 
about | forums | assessment | defense | papers | magazines | miscellaneous | links


To change sort order, click on the category. Sorted By: File Name.
.: 0211-exploits
File Name File Size Last Modified MD5 Checksum
0211-exploits.tgz223311Dec 4 23:21:04 2002983f14ce602bbef6a9a8f47f2f99a103
Packet Storm new exploits for November, 2002.
0x82wsmp3.c10442Nov 30 12:41:45 2002d511e3b41688c8eb1d3e2e07d7e128d4
WSMP3 Remote root exploit for Linux which spawns a shell on tcp port 36864.  Homepage: http://x82.i21c.net. By Xpl017Elz
artyfarty.c1525Dec 24 01:09:32 20025d4fe9514d8fcdb1df0501a379536b86
artyfarty.c is a local /opt/kde/bin/artswrapper exploit tested against Slakware 8.1. By Knight420.
cvsupd-startup.txt682Nov 12 06:10:23 200299f103b1c7bc137c474f67b70b742c5f
This email describes a temporary file vulnerability that exists in the cvsupd startup script that comes with the FreeBSD cvsup port. A fix for this issue can be found here. By Joshua Goodall
d7-mdaemonx.c9395Nov 19 08:23:57 2002826436855e62f7b3eb25b44c814679dd
Mdaemon v6.0.7 and below remote denial of service exploit which takes advantage of the UIDL bug. Exploit code tested to run on Redhat8 and FreeBSD 4.7-STABLE. Requires POP3 account on vulnerable daemon.  Homepage: http://www.division7.us. By Phrail, Smurf, and Elu1d
exploitipppd.c7053Nov 16 18:34:33 200227f0912fe4731939f9c6c5d741f2eaa1
Another exploit for ipppd, the daemon that is part of the isdn4linux-utils package and is part of the default install for many linux distributions. Tested on SuSE 7.3 and should work on SuSE 8.0. Anonymously submitted.
ex_cifslogin.c1440Nov 16 21:06:24 2002a5c4c35b2cef9d42a894f614dadc63f7
Local root exploit for cifslogin on HP-UX 11.11 and below. By watercloud
ex_pfinger.c3435Nov 30 12:31:06 2002b0bba19c112e81b8775fde89fcc0dc1a
Pfinger v0.7.8 and below local root exploit. Tested on Red Hat 7.2 - 8.0, Debian 3.0, Slackware 8.0, FreeBSD-4.6 and OpenBSD-3.1. By Dvdman
grpck-expl.pl2455Nov 19 07:56:30 20024d8850d74917747f5a571735c247166b
/usr/sbin/grpck proof of concept local exploit. Not setuid by default. Tested on SuSE, Red Hat, Debian, and Mandrake.  Homepage: http://www.uhagr.org. By Black Rose
hlfsd-xp.c2875Dec 2 21:04:38 20029785bb5cee9d785c0e97d286f37f68f6
Hlfsd local exploit tested on FreeBSD 4.6-STABLE and 4.7-RELEASE. Hlfsd is not SUID by default. By Rooterx
hudo.c20123Nov 26 21:57:15 200242847df931b3d90cce4fe4c5bac5f3ce
Linux exploit for versions of sudo 1.6.3p7 and below. Takes advantage of the Sudo prompt overflow in v1.5.7 to 1.6.5p2. Detailed exploitation instructions included. By MaXX
INwebMailServer.txt2866Nov 13 10:32:31 20023d4bcdb1ec5958cfbb4d54332825baf0
A memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3 server included with INweb Mail Server does not properly handle some types of requests. By submitting a maliciously crafted request to the POP3 server, an attacker could crash the system, resulting in a denial of service.  Homepage: http://www.securityoffice.net. By Tamer Sahin
iplanet-ngxss.sh884Nov 19 00:27:37 2002bfe033f7f720ac34128ceaca8fea4652
iPlanet Remote root exploit tested on v4.x up to SP11. Advisory for this bug here.  Homepage: http://www.ngsec.com. By Fermín J. Serna
keyfocus.txt1750Nov 15 00:07:48 2002a3e430d22dba6f1b6b3c1319229d46ee
The KeyFocus Web server, a Win32 HTTP server with web administration, contains a flaw that enables attackers to traverse above the webroot in the directory structure. Only files with recognized MIME types can be compromised as there are internal defenses by the server that disallow retrieval of other files. By Matt Murphy
libhttpdbug.txt3600Nov 16 18:13:57 2002b26cb40adf1c2af776a46ec82fd59378
INetCop Security Advisory #2002-0x82-003 - LibHTTPD, a utility that can be used to add basic web server capabilities to an application or embedded device, is vulnerable to a buffer overflow which allows remote attackers to gain root access to the system.  Homepage: http://wizard.underattack.co.kr/~x82/h0me/adv1sor1es/. By dong-houn yoU
lightwebug.txt11768Nov 16 18:10:05 200225b63cc326162605a0a4d285025ba3ae
INetCop Security Advisory #2002-0x82-002 - A buffer overflow in Light HTTPd version 1.0 allows for remote attackers to grab a shell or perform related activities as the webserver uid.  Homepage: http://wizard.underattack.co.kr/~x82/h0me/adv1sor1es/. By dong-houn yoU
liteserve.txt1666Nov 16 19:24:28 2002b7fabdfdb7bb9206e4b61e9d0855447e
A vulnerability in the LiteServe combination server for Win32 exists in that the handling of filenames on Win32 platforms may reveal the code of a desired CGI script to an attacker. Windows handles file names with the period character (0x2E) on the end as if the character had been removed. LiteServe fails to compensate for this behavior, and is vulnerable to a simple CGI disclosure attack. By Matthew Murphy
lycosxss.txt6368Nov 5 20:02:00 200250a95a06f50096614e6980b6d980131b
Lycos.com, the popular search engine and free e-mail site, has a Cross Site Scripting vulnerability that allows an attacker to fool a victim into clicking on a link to Lycos and in turn the attacker can hijack the Cookies of the victim. By NightHawk
ora-isqlplus.txt1587Nov 19 01:05:01 2002327019a2b3830dce9355dbcfa12783ea
The Oracle iSQL*Plus 91 R1 and R2 web based application has an authentication buffer overflow on all OS's in the User ID parameter which allows remote attackers to execute arbitrary code as the oracle user on Unix and SYSTEM on Windows. Patch available here.  Homepage: http://www.ngssoftware.com. By David Litchfield
PHP.networking_utils1244Nov 5 20:02:00 200274dbd4fefec6c5c236118d0f5b03cee4
Exploit for the utility networking_utils.php which does not properly sanitize variables from the client side and in turn will allow any remote visitor to view any file on the webserver. By Tacettin Karadeniz
SavantSlap.zip142093Nov 16 21:01:13 2002643974eee11381fa51bda2e554138e47
Windows with Delphi interface denial of service exploit for Savant HTTP Server 3.0 and below. This exploit utilizes four methods, all from old known vulnerabilities, to crash the daemon. By Tolueno
SF-talkischeap.pl1263Nov 24 19:27:15 200209acae77211b07f74c3142a55a4e2fac
Calisto Internet Talker Version 0.04 Remote Denial of Service exploit.  Homepage: http://www.securityfreaks.com. By subversive
smartmail.dos.pl2042Nov 1 00:31:22 2002c5f1c7bdc31899ef5c8bb1bdd250f539
Smartmail v1.0Beta10 and 2.0 remote denial of service exploit in perl. By Securma Massine
sorsync.c12582Nov 16 18:46:30 20028338e72e4ebeaded8b24ff73a92fee78
Remote exploit for rsync version 2.5.1 and below run on Linux. This exploit makes use of a simple frame pointer overflow. By sorbo
sql2.cpp7659Nov 19 08:04:59 200284ce83fb7a4607df03a928124093ee3a
MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53. By David Litchfield, fixed up by Lion
sql2.exe45056Nov 19 08:06:22 20020c44bf698947b98ba405d11f6ce7a339
MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53. Windows binary, C++ source code here. By David Litchfield, fixed up by Lion
tftpd32.pl8962Nov 19 00:56:47 2002bfdcaf6fee00de1a6085cff776e6672d
Tftpd TFTP server v2.21 and below remote command execution exploit in perl. Fix available here.  Homepage: http://www.SecuriTeam.com. By Aviram Jenik
tftpd32.traverse.pl7938Nov 19 00:59:56 200218d1597e67623da2b320a5e61658f4b9
Tftpd TFTP server v2.50.2 and below remote exploit which allows any file on the system to be viewed and written to arbitrary locations. Fix available here.  Homepage: http://www.SecuriTeam.com. By Aviram Jenik
traceroute-exploit.c17644Nov 30 03:29:51 2002fd1b29e427bd7740cdb7f11217170d38
Nanog traceroute v6.0 to 6.1.1 local root stack overflow exploit. Tested on SuSE 7.1, 7.2, 7.3 & 8.0, and should work on 7.0 and 6.x. By Carl Livitt
XSS-Cookie-Advisory...>11850Nov 16 19:19:31 20026c8859dbe61b1953b195e03088b63841
Cross Site Scripting vulnerabilities exist in the e-mail web services of hotmail.com, yahoo.com, and excite.com. These problems allow for cookie capturing of unsuspecting victims who may easily give up their cookies via clicking on a link in an e-mail or elsewhere and with the link actually pointing to the legitimate site. By NightHawk
Xsun-expl.c6813Nov 13 04:24:36 200269a84aa41d973387c5e4979e6c30abfa
Xsun-expl.c is a local exploit for the SPARC architecture that makes use of the Xsun -co heap overflow found in April, 2002 on Solaris 2.6, 7, and 8.  Homepage: http://www.netric.org/. By gloomy, eSDee
zeroobug.txt5153Nov 16 18:17:15 2002a842ba1e9a7b5841befe87a3c82fda22
INetCop Security Advisory #2002-0x82-004 - Various buffer overflow vulnerabilities exist in Zeroo HTTP Server v1.5. Remote linux exploit included to gain root privileges.  Homepage: http://wizard.underattack.co.kr/~x82/h0me/adv1sor1es/. By dong-houn yoU
zerooexploit.txt1018Nov 23 17:24:08 200285ea5cabd6e20390b1eb75c32ad83e69
Zeroo HTTPd server remote command execution exploit. Based on advisory by InetCop. By Matt Murphy

 
 
Privacy Statement