Section:  .. / 0301-exploits  /

Page 1 of 1
<< 1 >> Files 1 - 17 of 17
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0301-exploits.tgz
Packet Storm new exploits for January, 2003.
File Size:69291
Last Modified:Jul 14 20:29:38 2003
MD5 Checksum:12d6eca11008594b11e9a4a31a5a046e

 ///  File Name: 0x82-Remote.tannehehe.xpl.c
Tanne v0.6.17 remote root format string exploit for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.
Author:You Dong-hun
File Size:11223
Last Modified:Jan 9 09:42:57 2003
MD5 Checksum:e24f9a3ee77041901841ec35bca67165

 ///  File Name: crashMs-ds.rc2.tar.gz
Crashms exploits the microsoft-ds bug and crashes windows machines via tcp port 445. Sends many 10k blocks of NULLs, causing blue screens on unpatched Windows 2000 boxes with microsoft-ds running on port 445.
Author:Chown, Iplogd
File Size:2685
Last Modified:Jan 4 07:27:30 2003
MD5 Checksum:ace3a302efcccc811cf5470e45732221

 ///  File Name: dhcp-expl.c
ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
File Size:14063
Last Modified:Jan 25 18:51:46 2003
MD5 Checksum:1da87ccba0bbd62b90b532655ce17f50

 ///  File Name: efstrip.c
Efstrip is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efstrip is robust, doesn't need a wide range of attack options, and doesn't need brute forcing. It actually ./works.
File Size:1305
Last Modified:Jan 5 09:09:18 2003
MD5 Checksum:98075b5b8ff7957d017481f1985b1428

 ///  File Name: GUNphp.tar.gz
PHP 3.0.16 and below remote format string exploit for Linux/x86. Gives a uid=nobody shell. File logging must be enabled for this exploit to work. Includes offset brute forcing and instructions for finding offsets.
File Size:8800
Last Modified:Jan 13 00:23:32 2003
MD5 Checksum:8af5a42ddce32cd2f679e37bdf031475

 ///  File Name: hypermail.tgz
Hypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.
Author:Ulf Harnhammar
File Size:3113
Last Modified:Jan 27 18:37:29 2003
MD5 Checksum:d197f6b39b31e4f89f67d75abd1b2706

 ///  File Name: isec-0008-sun-at.txt
The at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
Author:Wojciech Purczynski
File Size:7056
Last Modified:Jan 27 19:35:44 2003
MD5 Checksum:ade275e5de208f97a322a2f79d94f71c

 ///  File Name: middle2.c.gz
Middle2.c allows you to recover SMB password in clear text (from the network) when they should be encrypted. It operates a man in the middle attack with complete traffic redirection which does not need forwarding with transparent proxy. Tested under linux Debian 3.0.
File Size:12872
Last Modified:Jan 20 09:43:30 2003
MD5 Checksum:72b94090bdeab6247eab00da6d230bed

 ///  File Name: mod_sigcups.c
Cups v1.1.17 and below remote exploit which spawns a shell as lp. Modified version of the original sigcups.c exploit.
File Size:5839
Last Modified:May 31 05:24:38 2003
MD5 Checksum:bfc5956950b52e54932b47d057edd76f

 ///  File Name: mysqlsuite.tgz
Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.
File Size:4441
Last Modified:Jan 4 09:03:35 2003
MD5 Checksum:e6b7d33cae59e81b420ced9b17400378

 ///  File Name: PlatinumFTP.txt
PlatinumFTPserver, the server engine that runs as an application on Windows 9x and a service under NT/2K/XP, has a directory traversal vulnerability that allows remote attackers to enter directories that reside outside the bounding FTP root directory. Another vulnerability exists which allows an attacker to commit a DoS against the server. Version affected: 1.0.7. Version Unaffected: 1.0.8.
Author:Dennis Rand.
File Size:8702
Last Modified:Jan 27 18:44:05 2003
MD5 Checksum:a833b7d7a2a1d81359c6be96784cd9db

 ///  File Name:
S8forum GPG remote exploit in java which emulates a shell with the privileges of the web server.
File Size:9301
Last Modified:Jan 9 09:31:58 2003
MD5 Checksum:bece5e7a608cfb12be2df0a1b34ec757

 ///  File Name: s8forum.txt
The S8forum v3.0 allows remote users to execute commands on the webserver. Includes exploit instructions and patch included.
File Size:4712
Last Modified:Jan 5 08:45:05 2003
MD5 Checksum:fb79079160eb35543d7b60bb52b21463

 ///  File Name: sigcups.c
Cups v1.1.17 and below remote exploit which spawns a shell as lp. Tested against Gentoo Linux with cups-1.1.17_pre20021025 installed.
File Size:4729
Last Modified:Jan 4 12:11:25 2003
MD5 Checksum:6bd7f9189ad7341bed17442f15738257

 ///  File Name:
Smart Search CGI remote exploit in perl which attempts to spawn netcat listening with a shell.
File Size:974
Last Modified:Jan 4 07:45:43 2003
MD5 Checksum:31fb8b6bf42663316758975253dff0b0

 ///  File Name: w00nf-stunnel.c
Stunnel v3.15 - 3.21 remote format string exploit. Tested against Red Hat 7.2, 7.3, 8.0, Slackware 8.1, Debian GNU 3.0, and Mandrake 9.0. More information on the bug available here.
File Size:18531
Related CVE(s):CVE-2002-0002
Last Modified:Jan 17 09:34:15 2003
MD5 Checksum:036f5e357caf9ea94e601b435e2e825d