Section: .. / 0304-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	0304-exploits.tgz
Description:	Packet Storm new exploits for April, 2003.
File Size:	122177
Last Modified:	Jul 14 20:31:21 2003
MD5 Checksum:	e7ff817b4f14361992054b05c064b6f2

/// File Name:	poptop-sane.c
Description:	Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
File Size:	10772
Last Modified:	Apr 30 16:24:42 2003
MD5 Checksum:	2b243280f9e11f0791582194ec588922

/// File Name:	bysin2.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
Author:	bysin.
File Size:	5246
Last Modified:	Apr 30 09:36:42 2003
MD5 Checksum:	5ade4c15fee8ada5982a9cad51e3dea1

/// File Name:	bysin.c
Description:	Remote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
Author:	bysin.
File Size:	12573
Last Modified:	Apr 30 09:33:15 2003
MD5 Checksum:	df191d0300a456e052e99130d4837115

/// File Name:	0x82-Local.Qp0ppa55d.c
Description:	Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
Author:	Xpl017Elz
Homepage:	http://www.inetcop.org
File Size:	6029
Last Modified:	Apr 30 09:29:36 2003
MD5 Checksum:	ed3ad6341005ca980e5b240e9a2694ec

/// File Name:	0x333hate.c
Description:	Samba 2.2.x Remote root exploit. Tested against RedHat 8.0.
Author:	c0wboy
Homepage:	http://www.0x333.org
File Size:	6512
Last Modified:	Apr 30 05:43:14 2003
MD5 Checksum:	b45ad451237a0852cb806d8096116923

/// File Name:	THCunREAL_V0.2.ZIP
Description:	Updated version of the remote root exploit for Realserver 8 on several Windows platforms.
Author:	Johnny Cyberpunk
Homepage:	http://www.thc.org/misc/sploits
Changes:	New shellcode added and the code has been condensed.
File Size:	15460
Last Modified:	Apr 30 04:18:31 2003
MD5 Checksum:	e6997ae88e68cb958cb34e60f1d9e429

/// File Name:	truegalerie.txt
Description:	A problem exists in True Galerie v1.0 that allows a remote attacker to obtain administrative access to this utility due to misuse of cookies.
Author:	Frog Man
Homepage:	http://www.frog-man.org/tutos/TrueGalerie.txt
File Size:	3175
Last Modified:	Apr 28 00:21:24 2003
MD5 Checksum:	31b936edf4c3057a878bbb7c8906aae4

/// File Name:	les-exploit.c
Description:	Local root exploit for a stack overflow discovered in the linux-atm binary /usr/local/sbin/les.
Author:	Angelo Rosiello
Homepage:	http://www.dtors.net
File Size:	3762
Last Modified:	Apr 25 06:31:53 2003
MD5 Checksum:	f359e77f4c99e42da154156e7123b11d

/// File Name:	p7snort191.sh
Description:	Snort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
Author:	truff
Homepage:	http://www.projet7.org
File Size:	4469
Last Modified:	Apr 24 04:23:31 2003
MD5 Checksum:	63efca99c7a60adabcf0f9933904337e

/// File Name:	VapidSAP.txt
Description:	SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
Author:	Larry W. Cashdollar
Homepage:	http://vapid.dhs.org
File Size:	4986
Last Modified:	Apr 24 02:18:39 2003
MD5 Checksum:	707baa4e52349edd821816a0181694fe

/// File Name:	sp-xeneo.pl
Description:	The Xeneo Web Server v2.2.9.0 is vulnerable to a Denial of Service attack when a GET request with 4096 ?'s are received. Tested against Windows XP Pro SP1 and Windows 2000 SP3.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	2810
Last Modified:	Apr 22 07:28:55 2003
MD5 Checksum:	6005e09c96be815df9a48d1c3c802832

/// File Name:	ANHTTPd.txt
Description:	AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
Author:	Matthew Murphy
File Size:	1984
Last Modified:	Apr 22 07:22:18 2003
MD5 Checksum:	bb7b403dffcc890d5a26cfb87b43ff22

/// File Name:	ptnews.txt
Description:	PT News v1.7.7 allows access to administrator functionality without authentication via news.inc which is included in the index.php file.
Author:	scrap
Homepage:	http://www.securiteinfo.com
File Size:	3035
Last Modified:	Apr 22 07:18:22 2003
MD5 Checksum:	87798f1e9b8b9a07ac7fd2086b0174f3

/// File Name:	mod_ntlm.txt
Description:	mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
Author:	Matthew Murphy
File Size:	2207
Last Modified:	Apr 21 20:53:43 2003
MD5 Checksum:	ad450fcef6dadc5b28ffbefe83da9432

/// File Name:	monkeyHTTPd.txt
Description:	The Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
Author:	Matthew Murphy
File Size:	3037
Last Modified:	Apr 21 20:44:15 2003
MD5 Checksum:	5605063d4420a60aa0206189fb3365c5

/// File Name:	badblue.txt
Description:	BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback).
Author:	appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
File Size:	2350
Last Modified:	Apr 21 20:40:09 2003
MD5 Checksum:	e98dbd9eeaba1247bc190d69fec06b8b

/// File Name:	sp-urfuqed.pl
Description:	Remote exploit written in Perl for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	1555
Last Modified:	Apr 21 20:20:15 2003
MD5 Checksum:	8b752ac5486724bb9a3b4ba974aa27f7

/// File Name:	ss-dos.c
Description:	Remote exploit written in C for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
Author:	Shashank pandey
Homepage:	http://geekgroove.8m.com
File Size:	2245
Last Modified:	Apr 21 20:17:31 2003
MD5 Checksum:	7352450188c50b46a73d0b823b566505

/// File Name:	0x82-Remote.54AAb4.xpl.c
Description:	FreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
Author:	Xpl017Elz
Homepage:	http://x82.inetcop.org
File Size:	15625
Last Modified:	Apr 18 10:18:21 2003
MD5 Checksum:	ec9f643cb6856a51dfa1e9fc75d70906

/// File Name:	sormail.c
Description:	Local exploit for sendmail 8.11.6 which takes advantage of the vulnerable prescan() function which allows users to input 0xff to skip the length check of the buffer. Includes targets for Slackware 8.0, Redhat 7.2, and Redhat 7.3.
Author:	Sorbo
Homepage:	http://www.darkircop.org
File Size:	11320
Last Modified:	Apr 18 09:39:45 2003
MD5 Checksum:	339af799e3edcf9140fa735a802bfc8e

/// File Name:	SFAD03-001.txt
Description:	The iWeb Mini Web Server for Microsoft Windows NT/XP/9x fails to properly filter GET requests for ../ which inadvertently allows for directory traversal attacks.
Author:	subversive
File Size:	2258
Last Modified:	Apr 16 09:13:01 2003
MD5 Checksum:	6dce02a7c8a43ebba137e18b57323d67

/// File Name:	myptrace.c
Description:	Local root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
File Size:	6296
Last Modified:	Apr 11 03:43:51 2003
MD5 Checksum:	bf597c6b557934d445609b525bd5e82f

/// File Name:	sambal.c
Description:	Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
Author:	eSDee
Homepage:	http://www.netric.org/
File Size:	35508
Last Modified:	Apr 10 22:32:05 2003
MD5 Checksum:	27b711137a11d23653dadbd3ab4d0ccc

/// File Name:	HackTrack-2003-03-001.txt
Description:	A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
Author:	Kachlik Jan
File Size:	1269
Last Modified:	Apr 10 06:31:55 2003
MD5 Checksum:	222a9abd3b16ea36884137398910fb05