Section: .. / 0306-exploits /

Page 2 of 2
<< 1 2 >> Files 25 - 42 of 42

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	06.16.03.txt
Description:	iDEFENSE Security Advisory 06.16.03: The pam_wheel module of Linux-PAM uses getlogin() in an insecure manner, thereby allowing attackers to bypass certain restrictions. The pam_wheel module is often used with the su command to allow users belonging to a trusted group to utilize the command without supplying a password. The module utilizes the getlogin() function to determine the name of the currently logged in user. This name is then compared against a list of members of a trusted group as specified in the configuration file. If the trust option is enabled in the pam_wheel configuration file and the use_uid option is disabled, any local user may spoof the username returned by getlogin() and gain access to a super-user account without supplying a password.
Author:	Karol Wiesek
Homepage:	http://www.idefense.com/
File Size:	5415
Last Modified:	Jun 17 02:17:57 2003
MD5 Checksum:	ac13337671c6ada04dcb6c4a7dec904e

/// File Name:	5HP0G1FAAC.txt
Description:	The product Mailtraq suffers from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory through decryption of locally stored password, to a cross site scripting vulnerability in the web mail interface.
Homepage:	http://www.SecurITeam.com
File Size:	6708
Last Modified:	Jun 17 02:03:22 2003
MD5 Checksum:	9fca066da119abecff422387906ab073

/// File Name:	linux-wb.c
Description:	The ntdll.dll remote exploit through WebDAV that was originally written by kralor. This version is ported to Linux by Dotcom.
File Size:	9219
Last Modified:	Jun 14 21:28:31 2003
MD5 Checksum:	d2db38f58f501400802f8f52b91a7108

/// File Name:	blackicepro.txt
Description:	It is possible to evade the BlackICE PC Protection IDS logging of cross site scripting attempts due to a lack of it checking HEAD, PUT, DELETE, and TRACE requests for the <script> pattern.
Author:	Marc Ruef
Homepage:	http://www.computec.ch/
File Size:	2978
Last Modified:	Jun 14 21:20:43 2003
MD5 Checksum:	506b6b9aa1ee94ea6ecdba88149c1b4b

/// File Name:	SRT2003-06-13-1009.txt
Description:	Secure Network Operations, Inc. Advisory SRT2003-06-13-1009: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files _dbagent looks at the argument passed to the command line option "-installdir". No verification is performed upon the object that is located thus local non super users can make themselves root.
Author:	Strategic Reconnaissance Team
Homepage:	http://www.secnetops.com
File Size:	3041
Last Modified:	Jun 14 20:35:03 2003
MD5 Checksum:	75ffd907a4b009b8fbeca23d568ea778

/// File Name:	bazarr-unsencored-episode-3.c
Description:	Local exploit for E-term that escalates privileges to gid utmp via insufficient bounds checking performed on an environment variable that is copied into an internal memory buffer.
Author:	bazarr
Homepage:	http://geocities.com/rrazab
File Size:	30577
Last Modified:	Jun 13 04:54:29 2003
MD5 Checksum:	5dc7dad0fe0bd40dc28da3450025370c

/// File Name:	bazarr-episode-4.c
Description:	Local root exploit for XaoS that makes use of a specially crafted command line -language argument to cause it to execute arbitrary code.
Author:	bazarr
Homepage:	http://geocities.com/rrazab
File Size:	8085
Last Modified:	Jun 13 04:52:23 2003
MD5 Checksum:	3b12f35f26095e564fa823f5f31c5810

/// File Name:	mwmxploit.c
Description:	Remote format string exploit for Magic Winmail Server version 2.3. Sending a format string in the USER field during the authentication process, a remote attacker can cause the server to execute arbitrary code.
Author:	ThreaT
File Size:	6764
Last Modified:	Jun 11 08:45:15 2003
MD5 Checksum:	bc4b3a125db454c2cc7c1c8d94b2de65

/// File Name:	atftpdx.c
Description:	Proof of concept remote root exploit for atftpd version 0.6. Makes use of the filename overflow found by Rick Patel. Related post here. Tested against Debian 3.0.
Author:	gunzip
File Size:	10175
Last Modified:	Jun 11 07:11:28 2003
MD5 Checksum:	3b0c2689d61a4f537485d01ed45b9bbb

/// File Name:	mencari_asal_usul.pl
Description:	Proof of concept exploit for mnoGoSearch 3.2.10 that spawns a shell as the webserver user id by overflowing the tmplt variable.
Author:	pokleyzz, s0cket370
Homepage:	http://www.scan-associates.net
Related File:	mnogosearch.txt
File Size:	4000
Last Modified:	Jun 11 06:54:20 2003
MD5 Checksum:	ff1626622aef6a8e88152d7dc2cd1db5

/// File Name:	mencari_sebuah_nama.pl
Description:	Proof of concept exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id.
Author:	pokleyzz
Homepage:	http://www.scan-associates.net
Related File:	mnogosearch.txt
File Size:	4882
Last Modified:	Jun 11 06:50:01 2003
MD5 Checksum:	3ea57b0506231feae8a55fbfd3b65820

/// File Name:	x_diagrpt_aix5l_4x.sh
Description:	Local root exploit for the diagrpt command on AIX 5.x and 4.x.
Author:	watercloud
Homepage:	http://www.xfocus.org
File Size:	1211
Last Modified:	Jun 11 05:56:49 2003
MD5 Checksum:	5d36c3adbc1f71fc8566484e1108ddee

/// File Name:	x_errpt_aix5.pl
Description:	Local root exploit for the errpt command on AIX5L.
Author:	watercloud
Homepage:	http://www.xfocus.org
File Size:	1040
Last Modified:	Jun 11 05:54:40 2003
MD5 Checksum:	0dc05e7224556cd69e3248a91adcbbce

/// File Name:	x_lsmcode_aix4x.pl
Description:	Local root exploit for the command lsmcode on AIX 4.3.3.
Author:	watercloud
Homepage:	http://www.xfocus.org
File Size:	1398
Last Modified:	Jun 11 05:52:57 2003
MD5 Checksum:	f0c9c81406cc272571d2840964f00ef5

/// File Name:	THCsql.zip
Description:	THCsql exploits the vulnerability in MSSQL OpenDataSource function found by David Litchfield in June of 2002. Tested on Windows 2000 Server SP2 with SQLservers SP0 and SP2.
Author:	Johnny Cyberpunk
Homepage:	http://www.thc.org
File Size:	15013
Last Modified:	Jun 4 04:32:34 2003
MD5 Checksum:	06f81199da422c87a084529cf2127583

/// File Name:	dlinkDoS.txt
Description:	D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.
Author:	chris
Homepage:	http://www.securityindex.net/
File Size:	3534
Last Modified:	Jun 3 10:14:52 2003
MD5 Checksum:	f153d7a119c458d70ebcf9389d2ae195

/// File Name:	JBoss.txt
Description:	Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.
Author:	Marc Schoenefeld
Homepage:	http://www.illegalaccess.org
File Size:	736
Last Modified:	Jun 3 10:00:33 2003
MD5 Checksum:	d63a80b2f8b61a884e79e56655387094