Section: .. / 0307-exploits /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 64

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	diginews.txt
Description:	Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.
Author:	Arnaud Jacques aka scrap
Homepage:	http://www.securiteinfo.com
File Size:	2290
Last Modified:	Jul 18 03:42:40 2003
MD5 Checksum:	cbbef802af4f26114deb0b40e22828ec

/// File Name:	PUPET-simpnews.txt
Description:	Simpnews has an include file vulnerability that allows a remote attacker to load malicious PHP scripts.
Author:	PUPET
File Size:	2060
Last Modified:	Jul 18 02:19:51 2003
MD5 Checksum:	41e2b8e194447464b096d39c7b931325

/// File Name:	CLIVITT-2003-4-Citadel-exploit.c
Description:	Citadel/UX BBS version 6.07 remote exploit that yields a bindshell of the user id running the software.
Author:	Carl Livitt
Related File:	CLIVITT-2003-4-Citadel.txt
File Size:	15789
Last Modified:	Jul 18 01:31:00 2003
MD5 Checksum:	99ae9b5f60fd6a0d523cb10d618886d9

/// File Name:	SRT2003-07-07-0913.txt
Description:	Secure Network Operations, Inc. Advisory SRT2003-07-07-0913 - IBM U2 UniVerse version 10.0.0.9 and below commits some abnormal suid behavior in its uvrestore and setacc applications allowing an attacker to monitor other user ttys and more.
Author:	Strategic Reconnaissance Team
Homepage:	http://www.secnetops.com
File Size:	5366
Last Modified:	Jul 18 00:47:07 2003
MD5 Checksum:	9e89ac21655bf53bd9caae649ef91a26

/// File Name:	SRT2003-07-07-0833.txt
Description:	Secure Network Operations, Inc. Advisory SRT2003-07-07-0833 - IBM U2 UniVerse version 10.0.0.9 and below on Linux allows users with uvadm rights the ability to escalate to root privileges.
Author:	Strategic Reconnaissance Team
Homepage:	http://www.secnetops.com
File Size:	4319
Last Modified:	Jul 18 00:43:29 2003
MD5 Checksum:	13d39a311c7dfaba2c3bd51ccb556553

/// File Name:	SRT2003-07-07-0831.txt
Description:	Secure Network Operations, Inc. Advisory SRT2003-07-07-0831 - IBM U2 UniVerse version 10.0.0.9 and below on Linux and DGUX has a legacy program included in the package that creates hard links as root.
Author:	Strategic Reconnaissance Team
Homepage:	http://www.secnetops.com
File Size:	5677
Last Modified:	Jul 18 00:40:34 2003
MD5 Checksum:	4f530cac12d1047f485758b27cc63604

/// File Name:	Netsuite121.txt
Description:	Moby's Netsuite 1.21 httpd server is vulnerable to a multitude of directory traversal bugs that allow an attacker to access files outside of the web root.
Author:	Dr_insane
Homepage:	http://members.lycos.co.uk/r34ct/
File Size:	2216
Last Modified:	Jul 15 02:00:45 2003
MD5 Checksum:	13a9b1d37922d0946aefdc3259f7eb32

/// File Name:	exceed.c
Description:	Hummingbird's Exceed X emulator mishandles fonts and is vulnerable to both remote and local denial of service attacks and may allow an attacker to remotely gain root privileges.
Author:	c0ntex
File Size:	6257
Last Modified:	Jul 15 01:56:15 2003
MD5 Checksum:	0b5ebb158eab213b26366e5f689ba41c

/// File Name:	YahPoo.c
Description:	Exploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html.
Author:	bob
Homepage:	http://www.dtors.net/
File Size:	3705
Last Modified:	Jul 15 01:08:15 2003
MD5 Checksum:	1f8a1f0189da4662ead77ad7254d271a

/// File Name:	DSR-upclient.pl
Description:	Local exploit for Upclient 5.0.b5 that spawns a shell with kmem privileges. Tested on FreeBSD 5.0.
Author:	inv
Homepage:	http://www.dtors.net
File Size:	633
Last Modified:	Jul 15 01:02:55 2003
MD5 Checksum:	6956c86d50be5d1076121733aedb2449

/// File Name:	DSR-mnogo.pl
Description:	Proof of concept exploit for mnoGoSearch 3.1.20 (and possibly works on 3.2.10) that binds a shell to port 10000. Tested against FreeBSD.
Author:	inv
Homepage:	http://www.dtors.net
File Size:	1194
Last Modified:	Jul 11 23:04:32 2003
MD5 Checksum:	2c6a3ed744a1a81e74c48085d0b4da50

/// File Name:	SCSA019.txt
Description:	Security Corporation Security Advisory [SCSA-019]: Gattaca Server 2003 version 1.0.8.1 and below is vulnerable to displaying of directory contents and files, a denial a service, a directory traversal attack, and cross site scripting.
Author:	Gregory Le Bras
Homepage:	http://www.Security-Corp.org
File Size:	7603
Last Modified:	Jul 11 21:43:28 2003
MD5 Checksum:	7c03f7aa26c914d304e30bf9e23cd131

/// File Name:	MABRYdtv.txt
Description:	The Mabry HTTP server version 1.00.047 suffers from multiple directory traversal attacks that allow an attacker to view the content of files outside of the web root.
Author:	dr_insane
File Size:	1373
Last Modified:	Jul 11 21:18:19 2003
MD5 Checksum:	c41348186e0a9a2cd7038995494a60a6

/// File Name:	DSR-listproc.pl
Description:	Local root exploit for listproc 8.2.09 written for FreeBSD.
Author:	kokanin
Homepage:	http://www.dtors.net
Related File:	srt2003-1137.txt
File Size:	1196
Last Modified:	Jul 9 17:51:29 2003
MD5 Checksum:	a65af9fb53e73d9c62532f6a4a3e3389

/// File Name:	ccbillx.c
Description:	CCBill remote exploit that spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid.
Author:	Knight420
File Size:	3872
Last Modified:	Jul 9 17:43:11 2003
MD5 Checksum:	d16e63fce80c44af0cb31e5bb3b31202

/// File Name:	Verity-K2Toolkit-Eng.txt
Description:	STG Security Advisory SSA-20030701-02: Verity's K2 Toolkit has a XSS vulnerability in its Query Builder.
Author:	SSR Team
Homepage:	http://www.stgsecurity.com
File Size:	2766
Last Modified:	Jul 9 17:33:06 2003
MD5 Checksum:	e311754582aaf122768c3fb8b1178a66

/// File Name:	CSSoft-EZTRansI-Eng.txt
Description:	STG Security Advisory SSA-20030701-03: ezTrans Server, the popular portal software used throughout Korea, lacks input validation in the file download module. Due to this, a remote attacker can download any file on the system that the webserver uid can access.
Author:	SSR Team
Homepage:	http://www.stgsecurity.com
File Size:	2787
Last Modified:	Jul 9 17:30:54 2003
MD5 Checksum:	5e5b9d4fb6b5adcb71f4b3a0a9f97782

/// File Name:	FBHtoppler.c
Description:	Local exploit for the setgid game toppler. There is a stack overflow vulnerability with how toppler makes use of the HOME environment variable. Successful exploitation escalates user privileges to the group for games.
Author:	fbhowns
File Size:	3108
Last Modified:	Jul 8 00:58:27 2003
MD5 Checksum:	faff6a2833b8fb276ce613f446822f67

/// File Name:	bosen-adv.7.txt
Description:	The ProductCart ASP shopping cart is vulnerable to a SQL injection attack which allows administrative access to the control panel.
Author:	Bosen
Homepage:	http://bosen.net/releases/
File Size:	4086
Last Modified:	Jul 7 21:35:58 2003
MD5 Checksum:	234b6dab3675e82a95ed3bbfa3aaaff4

/// File Name:	VPASP.txt
Description:	VP-ASP suffers from a SQL injection attack in shopexd.asp. The vulnerability allows a remote attacker to gain full administrative control of the web based interface.
Author:	AresU, TioEuy
Homepage:	http://bosen.net/releases/
File Size:	5317
Last Modified:	Jul 7 21:31:50 2003
MD5 Checksum:	91c1a47f59fbcc6e6c6536af6ade51a4

/// File Name:	IEbug.txt
Description:	Internet Explorer 6 has a bug that will lock up the browser if C:\aux is entered. It is similar to the C:\con\con problem where it is trying to access a hardware device. Microsoft claims this bug does not exist.
Author:	Fabian Becker
Homepage:	http://www.neonomicus.ionichost.com
File Size:	652
Last Modified:	Jul 7 21:13:23 2003
MD5 Checksum:	6ba39980f6227e4a1edf8efb4b71ff75

/// File Name:	DSR-ftp_clients.pl
Description:	This script runs in place of ftpd to exploit the moxftp/mftp 2.2, cftp 0.12, and Iglooftp 0.6.1 clients. Written to exploit these clients on FreeBSD.
Author:	inv
Homepage:	http://www.dtors.net
File Size:	4935
Last Modified:	Jul 7 21:03:12 2003
MD5 Checksum:	7dc4f6daf3a63c8b52d05b39e03d6cf2

/// File Name:	5358isdnrape.c
Description:	isdnrep has a buffer overflow in the -t switch that allows a local attacker to escalate privileges if the binary is setuid/setgid (which it normally is not).
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2804
Last Modified:	Jul 7 05:09:21 2003
MD5 Checksum:	734ab28ee02006be169f339c1a516c6c

/// File Name:	5358gnuanx0r.c
Description:	gnuan, the utility that produces an analysis of a chess game, has a buffer overflow that allows a local attacker to escalate privileges if the binary is setuid (which it normally is not).
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2777
Last Modified:	Jul 7 05:07:28 2003
MD5 Checksum:	a25af7dcda564b06beb127d57eb304ee

/// File Name:	5358gchessfuck.c
Description:	gnuchess, if setuid, is vulnerable to a buffer overflow using the -s switch that will allow an attacker to escalate their privileges. Vulnerable versions are 5.0.6 and below.
Author:	ace, t0asty
Homepage:	http://www.static-x.org
File Size:	2944
Last Modified:	Jul 7 05:03:58 2003
MD5 Checksum:	7ccb9569d981b450e7bcb8a97bfcadd9