Section: .. / 0304-exploits /

Page 2 of 2
<< 1 2 >> Files 25 - 40 of 40

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	regexploit.c
Description:	Local exploit/trojan that makes use of REGEDIT.EXE. Any file containing a value of more than 260 characters causes an error exception by the RegSetValueExW function, which then uses a function of NTDLL.DLL which is vulnerable.
Author:	ThreaT
Homepage:	http://www.chez.com/mvm
File Size:	7095
Last Modified:	Apr 5 20:00:24 2003
MD5 Checksum:	4e0643d6654634b53c7b22b0a871dc54

/// File Name:	rpcexp.c
Description:	Microsoft Windows RPC Locator Service remote exploit. Binds cmd.exe to port 5151. Tested again Windows 2000 SP3 and Windows NT 4 SP6a.
Author:	Marcin Wolak
File Size:	7923
Related CVE(s):	CAN-2003-0003
Last Modified:	Apr 2 23:55:44 2003
MD5 Checksum:	1c54314eaaa5599e809910e5ba1957b3

/// File Name:	safemode-adv-chitext.txt
Description:	ChiTeX, the utility used to put Chinese Big5 codes in TeX/LaTeX documents, contains two setuid root binaries that execute cat without using an explicit path allowing an attacker to easily gain root privileges.
Author:	zillion
Homepage:	http://www.safemode.org/
File Size:	2322
Last Modified:	Apr 3 17:59:56 2003
MD5 Checksum:	f107ca1f74294149bd0cffe342b40ffe

/// File Name:	sambal.c
Description:	Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
Author:	eSDee
Homepage:	http://www.netric.org/
File Size:	35508
Last Modified:	Apr 10 22:32:05 2003
MD5 Checksum:	27b711137a11d23653dadbd3ab4d0ccc

/// File Name:	SCSA014.txt
Description:	Security Corporation Security Advisory [SCSA-014]: EZ Server, which provides both HTTP and FTP services, has a denial of service vulnerability in the FTP server that allows a remote attackers to crash the server by executing a specific command with a buffer of 1994 or 1995 bytes in length or more.
Author:	Gregory Le Bras
Homepage:	http://www.Security-Corp.org
File Size:	8029
Last Modified:	Apr 2 00:45:45 2003
MD5 Checksum:	131bdc15f4f9b0e47e5848e82acb7598

/// File Name:	SCSA015.txt
Description:	Security Corporation Security Advisory [SCSA-015]: PowerFTP has a denial of service vulnerability that allows a remote attackers to crash the server by executing a specific command with a buffer of 1994 or 1995 bytes in length or more.
Author:	Gregory Le Bras
Homepage:	http://www.Security-Corp.org
File Size:	8292
Last Modified:	Apr 2 01:41:54 2003
MD5 Checksum:	d5877935727cdaa8b9cb9ba43c38bdc1

/// File Name:	SFAD03-001.txt
Description:	The iWeb Mini Web Server for Microsoft Windows NT/XP/9x fails to properly filter GET requests for ../ which inadvertently allows for directory traversal attacks.
Author:	subversive
File Size:	2258
Last Modified:	Apr 16 09:13:01 2003
MD5 Checksum:	6dce02a7c8a43ebba137e18b57323d67

/// File Name:	sormail.c
Description:	Local exploit for sendmail 8.11.6 which takes advantage of the vulnerable prescan() function which allows users to input 0xff to skip the length check of the buffer. Includes targets for Slackware 8.0, Redhat 7.2, and Redhat 7.3.
Author:	Sorbo
Homepage:	http://www.darkircop.org
File Size:	11320
Last Modified:	Apr 18 09:39:45 2003
MD5 Checksum:	339af799e3edcf9140fa735a802bfc8e

/// File Name:	sp-urfuqed.pl
Description:	Remote exploit written in Perl for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	1555
Last Modified:	Apr 21 20:20:15 2003
MD5 Checksum:	8b752ac5486724bb9a3b4ba974aa27f7

/// File Name:	sp-xeneo.pl
Description:	The Xeneo Web Server v2.2.9.0 is vulnerable to a Denial of Service attack when a GET request with 4096 ?'s are received. Tested against Windows XP Pro SP1 and Windows 2000 SP3.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	2810
Last Modified:	Apr 22 07:28:55 2003
MD5 Checksum:	6005e09c96be815df9a48d1c3c802832

/// File Name:	ss-dos.c
Description:	Remote exploit written in C for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
Author:	Shashank pandey
Homepage:	http://geekgroove.8m.com
File Size:	2245
Last Modified:	Apr 21 20:17:31 2003
MD5 Checksum:	7352450188c50b46a73d0b823b566505

/// File Name:	THCunREAL_V0.2.ZIP
Description:	Updated version of the remote root exploit for Realserver 8 on several Windows platforms.
Author:	Johnny Cyberpunk
Homepage:	http://www.thc.org/misc/sploits
Changes:	New shellcode added and the code has been condensed.
File Size:	15460
Last Modified:	Apr 30 04:18:31 2003
MD5 Checksum:	e6997ae88e68cb958cb34e60f1d9e429

/// File Name:	truegalerie.txt
Description:	A problem exists in True Galerie v1.0 that allows a remote attacker to obtain administrative access to this utility due to misuse of cookies.
Author:	Frog Man
Homepage:	http://www.frog-man.org/tutos/TrueGalerie.txt
File Size:	3175
Last Modified:	Apr 28 00:21:24 2003
MD5 Checksum:	31b936edf4c3057a878bbb7c8906aae4

/// File Name:	VapidSAP.txt
Description:	SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
Author:	Larry W. Cashdollar
Homepage:	http://vapid.dhs.org
File Size:	4986
Last Modified:	Apr 24 02:18:39 2003
MD5 Checksum:	707baa4e52349edd821816a0181694fe

/// File Name:	xlock-XLOCALEDIR.c
Description:	Local root exploit utilizing the overflow in XLOCALEDIR under XFree86 Version 4.2.x using xlock. Written to work on Redhat 7.2.
Author:	Omega
File Size:	3683
Last Modified:	Apr 5 19:24:59 2003
MD5 Checksum:	5c46aeb641757ecb42e3148969495004