Section: .. / 0307-exploits /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 64

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	0006_AP.CF-rds-dump.txt
Description:	The ColdFusion Server versions 4.5 and 5 suffer from multiple vulnerabilities. They range from the default RDS password being blank by default to allowing a normal remote user to reconfigure their website properties to put and get any file on the server.
Author:	Victim1, rs2112
Homepage:	http://www.angrypacket.com/
File Size:	10825
Last Modified:	Jul 6 07:24:34 2003
MD5 Checksum:	c681b33a362511d647a01f9b46492542

/// File Name:	0307-exploits.tgz
Description:	Packet Storm new exploits for July, 2003.
File Size:	409322
Last Modified:	Aug 13 03:46:07 2003
MD5 Checksum:	547ce621a6d09bbcafdec2ffa67f4064

/// File Name:	0x333-lockdexvul.txt
Description:	lockdev 1.0.0 local exploit that escalates privileges to group lock. Tested against RedHat 7.3, 8.0, and 9.0.
Author:	nic
Homepage:	http://www.0x333.org
File Size:	9705
Last Modified:	Jul 29 20:14:21 2003
MD5 Checksum:	f1abaa914fb3eae21371eee17e50e6ad

/// File Name:	0x333bru-fmtx.c
Description:	Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow.
Author:	nic
Homepage:	http://www.0x333.org
File Size:	2665
Last Modified:	Jul 22 02:18:54 2003
MD5 Checksum:	d98819e03bec7237629814af9f5d5a2c

/// File Name:	5358gchessfuck.c
Description:	gnuchess, if setuid, is vulnerable to a buffer overflow using the -s switch that will allow an attacker to escalate their privileges. Vulnerable versions are 5.0.6 and below.
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2944
Last Modified:	Jul 7 05:03:58 2003
MD5 Checksum:	7ccb9569d981b450e7bcb8a97bfcadd9

/// File Name:	5358gnuanx0r.c
Description:	gnuan, the utility that produces an analysis of a chess game, has a buffer overflow that allows a local attacker to escalate privileges if the binary is setuid (which it normally is not).
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2777
Last Modified:	Jul 7 05:07:28 2003
MD5 Checksum:	a25af7dcda564b06beb127d57eb304ee

/// File Name:	5358isdnrape.c
Description:	isdnrep has a buffer overflow in the -t switch that allows a local attacker to escalate privileges if the binary is setuid/setgid (which it normally is not).
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2804
Last Modified:	Jul 7 05:09:21 2003
MD5 Checksum:	734ab28ee02006be169f339c1a516c6c

/// File Name:	ACME-mitel.txt
Description:	An interesting bug in the Mitel Voice Over IP system that allows an attacker to discover phone numbers calling through the DHCP server.
Author:	acme
Homepage:	http://olografix.org/acme/mitel.txt
File Size:	2111
Last Modified:	Jul 28 02:45:51 2003
MD5 Checksum:	5b613c224e45a1343f68316310dd2b06

/// File Name:	benjurry.txt
Description:	Thorough analysis of the buffer overrun in the Windows RPC interface that was discovered by the Last Stage of Delirium. Exploit included for Windows 2000 SP4 Chinese version.
Author:	Flashsky, Benjurry
Homepage:	http://www.xfocus.org/documents/200307/2.html
Related File:	lsdRPC.txt
File Size:	17765
Last Modified:	Jul 28 05:40:01 2003
MD5 Checksum:	bcd9321ac5d7e4a8d74b197efe4a7e07

/// File Name:	bosen-adv.7.txt
Description:	The ProductCart ASP shopping cart is vulnerable to a SQL injection attack which allows administrative access to the control panel.
Author:	Bosen
Homepage:	http://bosen.net/releases/
File Size:	4086
Last Modified:	Jul 7 21:35:58 2003
MD5 Checksum:	234b6dab3675e82a95ed3bbfa3aaaff4

/// File Name:	ccbill.txt
Description:	The CGI script whereami.cgi that gets distributed by CCBill lacks input validation and in return allows for remote command execution as the web uid.
Author:	Dayne Jordan
File Size:	3064
Last Modified:	Jul 6 22:11:00 2003
MD5 Checksum:	03e058c869b7c0bd6a2db785177e26d6

/// File Name:	ccbillx.c
Description:	CCBill remote exploit that spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid.
Author:	Knight420
File Size:	3872
Last Modified:	Jul 9 17:43:11 2003
MD5 Checksum:	d16e63fce80c44af0cb31e5bb3b31202

/// File Name:	cisco-bug-44020.tar.gz
Description:	Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x.
Author:	Martin Kluge
File Size:	4005
Last Modified:	Jul 22 01:30:17 2003
MD5 Checksum:	1221af8aa6ac91916c03e6b599441b55

/// File Name:	ciscodos.sh
Description:	Remote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x using hping.
Author:	zerash
File Size:	1868
Last Modified:	Jul 22 01:31:46 2003
MD5 Checksum:	5b4d3da440603ada84738a3464e28b7e

/// File Name:	CLIVITT-2003-4-Citadel-exploit.c
Description:	Citadel/UX BBS version 6.07 remote exploit that yields a bindshell of the user id running the software.
Author:	Carl Livitt
Related File:	CLIVITT-2003-4-Citadel.txt
File Size:	15789
Last Modified:	Jul 18 01:31:00 2003
MD5 Checksum:	99ae9b5f60fd6a0d523cb10d618886d9

/// File Name:	CLIVITT-2003-5.txt
Description:	Apache 1.3.x using the mod_mylo module version 0.2.1 and below is vulnerable to a buffer overflow. The mod_mylo module is designed to log HTTP requests to a MySQL database and insufficient bounds checking in mylo_log() allows a remote attacker to gain full webserver uid access. Remote exploit for SuSE 8.1 Linux with Apache 1.3.27, RedHat 7.2/7.3 Linux with Apache 1.3.20, and FreeBSD 4.8 with Apache 1.3.27 included.
Author:	Carl Livitt
File Size:	14775
Last Modified:	Jul 29 19:33:50 2003
MD5 Checksum:	b6a0cd78d32dfe4d978f56c3436cdb69

/// File Name:	core.active.txt
Description:	Core Security Technologies Advisory ID: CORE-2003-0305-03 - The Microsoft Active Directory functionality is remotely and locally vulnerable to a stack overflow that allows an attacker to crash and force a reboot of any Windows 2000 server. Vulnerable package: Windows 2000 Server with Active Directory SP3. Fixed with Service Pack 4.
Author:	Eduardo Arias, Gabriel Becedillas, Ricardo Quesada, Damian Saura
Homepage:	http://www.coresecurity.com/
File Size:	5744
Last Modified:	Jul 4 19:16:01 2003
MD5 Checksum:	9104d6686a8f0483995df11c58854fd3

/// File Name:	core.netmeeting.txt
Description:	Core Security Technologies Advisory ID: CORE-2003-0305-04 - Windows NetMeeting is vulnerable to a directory traversal attack that allows remote arbitrary code execution. Vulnerable version: NetMeeting 3.01 (4.4.3385), possibly others. Fixed in Service Pack 4.
Author:	Hern�n Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, Pablo Rubinstein
Homepage:	http://www.coresecurity.com/
File Size:	6522
Last Modified:	Jul 4 20:29:25 2003
MD5 Checksum:	b1953ba5b79dc97db6f6fc38c2531733

/// File Name:	CSSoft-EZTRansI-Eng.txt
Description:	STG Security Advisory SSA-20030701-03: ezTrans Server, the popular portal software used throughout Korea, lacks input validation in the file download module. Due to this, a remote attacker can download any file on the system that the webserver uid can access.
Author:	SSR Team
Homepage:	http://www.stgsecurity.com
File Size:	2787
Last Modified:	Jul 9 17:30:54 2003
MD5 Checksum:	5e5b9d4fb6b5adcb71f4b3a0a9f97782

/// File Name:	dcom.c
Description:	Remote exploit utilizing the DCOM RPC overflow discovered by LSD. Includes targets for Windows 2000 and XP. Binds a shell on port 4444.
Author:	H D Moore
Homepage:	http://www.metasploit.com/
File Size:	15014
Last Modified:	Jul 28 02:51:24 2003
MD5 Checksum:	a731771b1cd73887da81c33d2f48471f

/// File Name:	DComExpl_UnixWin32.zip
Description:	Windows port of the remote exploit utilizing the DCOM RPC overflow originally coded by H D Moore.
Author:	Benjamin Lauzi�re
File Size:	18336
Last Modified:	Jul 28 02:52:51 2003
MD5 Checksum:	4dadfb9aafb1cdac05ab734453dcee88

/// File Name:	dcomsploit.tgz
Description:	DCOM remote exploit utilizing the issue discussed here. Covers Microsoft Windows NT SP6/6a (cn), as well as Windows 2000 SP0-4 (cn) SP0-2 (jp) SP0-2,4 (kr) SP0-1 (mx) SP3-4 (Big 5) SP0-4 (english) SP0 Server (english), and Windows XP SP0-1 (english) SP1 (cn) SP0-1 (Big 5). Modified by sbaa
Author:	FlashSky, Benjurry
File Size:	6126
Last Modified:	Jul 29 20:07:02 2003
MD5 Checksum:	330e19366c8d5664a7f2a55efc3a8e78

/// File Name:	dcomx.pl
Description:	Remote denial of service exploit making use of the vulnerability found in DCOM under Windows.
Author:	Knight420.
File Size:	2404
Last Modified:	Jul 24 23:48:09 2003
MD5 Checksum:	1098316c80fe73f7861565b0b8ec61ef

/// File Name:	diginews.txt
Description:	Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.
Author:	Arnaud Jacques aka scrap
Homepage:	http://www.securiteinfo.com
File Size:	2290
Last Modified:	Jul 18 03:42:40 2003
MD5 Checksum:	cbbef802af4f26114deb0b40e22828ec

/// File Name:	DSR-crapche.sh
Description:	Hilariously amusing and simple exploit that makes use of the fact that the cuxs binary on InterSystems Corp. Cache management system executes a binary as root without that binary having a static path.
Author:	kokanin
Homepage:	http://www.dtors.net
Related File:	intersystems.txt
File Size:	525
Last Modified:	Jul 3 07:36:22 2003
MD5 Checksum:	329a7a5129be9aefbe9ce9427f75d63e