Section:  .. / 0306-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 42
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0306-exploits.tgz
Packet Storm new exploits for June, 2003.
File Size:103237
Last Modified:Aug 28 03:54:22 2003
MD5 Checksum:ac9f4f68ae6eef059db7338a6c6fcb34

 ///  File Name: 06.16.03.txt
iDEFENSE Security Advisory 06.16.03: The pam_wheel module of Linux-PAM uses getlogin() in an insecure manner, thereby allowing attackers to bypass certain restrictions. The pam_wheel module is often used with the su command to allow users belonging to a trusted group to utilize the command without supplying a password. The module utilizes the getlogin() function to determine the name of the currently logged in user. This name is then compared against a list of members of a trusted group as specified in the configuration file. If the trust option is enabled in the pam_wheel configuration file and the use_uid option is disabled, any local user may spoof the username returned by getlogin() and gain access to a super-user account without supplying a password.
Author:Karol Wiesek
File Size:5415
Last Modified:Jun 17 02:17:57 2003
MD5 Checksum:ac13337671c6ada04dcb6c4a7dec904e

 ///  File Name: 0x82-GNATS_own.c
Local root exploit against GNATS v3.2 that makes use of the heap overflow found in the -d switch.
Related File:INetCop.GNATS.txt
File Size:6875
Last Modified:Jun 22 02:00:49 2003
MD5 Checksum:39b4e56f07ade73a703b6eada24cb533

 ///  File Name: 0x82-GNATS_sux.c
Local root exploit against GNATS v3.113.x that makes use of a heap based environment variable overflow vulnerability.
Related File:INetCop.GNATS.txt
File Size:11619
Last Modified:Jun 22 02:03:13 2003
MD5 Checksum:c433613d79f8fd6493b48c10d8b30e3f

 ///  File Name: 5HP0G1FAAC.txt
The product Mailtraq suffers from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory through decryption of locally stored password, to a cross site scripting vulnerability in the web mail interface.
File Size:6708
Last Modified:Jun 17 02:03:22 2003
MD5 Checksum:9fca066da119abecff422387906ab073

 ///  File Name: atftpdx.c
Proof of concept remote root exploit for atftpd version 0.6. Makes use of the filename overflow found by Rick Patel. Related post here. Tested against Debian 3.0.
File Size:10175
Last Modified:Jun 11 07:11:28 2003
MD5 Checksum:3b0c2689d61a4f537485d01ed45b9bbb

 ///  File Name: bazarr-episode-4.c
Local root exploit for XaoS that makes use of a specially crafted command line -language argument to cause it to execute arbitrary code.
File Size:8085
Last Modified:Jun 13 04:52:23 2003
MD5 Checksum:3b12f35f26095e564fa823f5f31c5810

 ///  File Name: bazarr-unsencored-episode-3.c
Local exploit for E-term that escalates privileges to gid utmp via insufficient bounds checking performed on an environment variable that is copied into an internal memory buffer.
File Size:30577
Last Modified:Jun 13 04:54:29 2003
MD5 Checksum:5dc7dad0fe0bd40dc28da3450025370c

 ///  File Name: blackicepro.txt
It is possible to evade the BlackICE PC Protection IDS logging of cross site scripting attempts due to a lack of it checking HEAD, PUT, DELETE, and TRACE requests for the <script> pattern.
Author:Marc Ruef
File Size:2978
Last Modified:Jun 14 21:20:43 2003
MD5 Checksum:506b6b9aa1ee94ea6ecdba88149c1b4b

 ///  File Name: compaq.txt
The Compaq Web Based Management Agent is vulnerable to server side injection, stack overflows, access violations, and creation of script objects.
Author:Ian Vitek
File Size:2258
Last Modified:Jun 30 21:01:00 2003
MD5 Checksum:b9ea91fe17deda91d69ffffe7d5c6ecc

 ///  File Name: consroot.exp
This script is used to automate escalation of normal user privileges to root making use of FORTH hacking on Sparc hardware.
Author:Michael H.G. Schmidt
File Size:3651
Last Modified:Jun 22 00:08:57 2003
MD5 Checksum:984f4ec5229ee63a42019081e311d2dd

 ///  File Name: dlinkDoS.txt
D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.
File Size:3534
Last Modified:Jun 3 10:14:52 2003
MD5 Checksum:f153d7a119c458d70ebcf9389d2ae195

 ///  File Name:
Gkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
File Size:1344
Last Modified:Jun 29 22:47:40 2003
MD5 Checksum:4ccf4b85bdadaaaeea4abd31891779f4

 ///  File Name:
Gkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
File Size:1329
Last Modified:Jun 24 16:12:55 2003
MD5 Checksum:19d0e595e3075a1352589025fa029087

 ///  File Name:
Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
File Size:868
Last Modified:Jun 24 07:48:42 2003
MD5 Checksum:0d17996f879f53f34e331038462c23b4

 ///  File Name: EnceladusServerSuite3.9.11.txt
Enceladus Server Suite v3.9.11 contains buffer overflows in its ftp server that allow a remote attacker to crash the server with the possibility of remote command execution.
File Size:784
Last Modified:Jun 17 06:09:57 2003
MD5 Checksum:43dd957e5b408e37a72bec408734a911

 ///  File Name: gkrellmd
Gkrellmd 2.1.10 has a daemon that suffers from a buffer overflow where it does not validate the 128 byte buffer input which allows an attack to crash the daemon resulting in a denial of service.
File Size:1909
Last Modified:Jun 24 07:08:08 2003
MD5 Checksum:addc11f4375377dbd86df7c0e6ad570a

 ///  File Name: gkrhack0x03.c.gz
gkrellmd < 2.1.12 remote exploit for Linux. Tested against Debian 3.0 with version 2.1.4.
File Size:2526
Last Modified:Jun 29 22:34:53 2003
MD5 Checksum:2eb2a5c1a727b39eab68acb29858ea39

 ///  File Name: gm014-ie.txt
Microsoft Internet Explorer 5.01, 5.5 and 6.0 has a parsing procedure with a flaw in it that may cause arbitrary script commands to be executed in the Local Zone. This can lead to potential arbitrary command execution, local file reading and other severe consequences.
Author:GreyMagic Software
File Size:4773
Last Modified:Jun 22 00:14:56 2003
MD5 Checksum:94c172dcec3f389d6d6c31e555a923cd

 ///  File Name: hack-nethack0x02.tar.gz
jnethack 1.1.5 and below exploit that yields gid of games. Tested against Debian Woody 3.0.
File Size:2294
Last Modified:Jun 22 01:26:02 2003
MD5 Checksum:76f578f076dc4e0b37dbf2d7cdc12fb6

 ///  File Name: IIS-DoS.c
Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
Related File:wmediaremote.txt
File Size:1314
Last Modified:Jul 19 01:30:28 2003
MD5 Checksum:28883908e092c49535e0ffceaa364f9e

 ///  File Name: JBoss.txt
Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.
Author:Marc Schoenefeld
File Size:736
Last Modified:Jun 3 10:00:33 2003
MD5 Checksum:d63a80b2f8b61a884e79e56655387094

 ///  File Name: kereval.tutos.txt
Kereval Security Advisory KSA-001 - Cross Site Scripting vulnerabilities exist in Tutos 1.1 allow for hostile code execution.
Author:Franšois SORIN
File Size:4147
Last Modified:Jun 24 07:54:45 2003
MD5 Checksum:dfed6e294cfba88c4ce010d032e6dcdf

 ///  File Name: lednews.txt
LedNews v0.7 lacks any filtering allowing a remote attacker to embed javascript or various HTML tags. It may also be possible to add server side include tags into news posts as well.
Author:Gilbert Vilvoorde
File Size:1196
Last Modified:Jun 17 06:04:16 2003
MD5 Checksum:19026b25c3d9e9ce12f765352372b6a4

 ///  File Name: linux-wb.c
The ntdll.dll remote exploit through WebDAV that was originally written by kralor. This version is ported to Linux by Dotcom.
File Size:9219
Last Modified:Jun 14 21:28:31 2003
MD5 Checksum:d2db38f58f501400802f8f52b91a7108