Section: .. / 0307-exploits /

Page 3 of 3
<< 1 2 3 >> Files 50 - 64 of 64

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	iglooftppro.zip
Description:	Proof of concept exploit for IglooFTP PRO 3.8 and possibly earlier versions. This package suffers from multiple client side vulnerabilities including the banner, username, password, and account SMTP parameters.
Author:	Peter Winter-Smith
Related File:	IglooFTPPRO.txt
File Size:	9525
Last Modified:	Jul 7 04:10:45 2003
MD5 Checksum:	5d7cd2e211932330dac32ebc4fed8286

/// File Name:	eXtreme.c
Description:	Linux eXtremail versions 1.5-8 and below remote root exploit that makes use of a format string vulnerability in its logging mechanism.
Author:	B-r00t
Related File:	eXtremail.txt
File Size:	7734
Last Modified:	Jul 7 03:49:04 2003
MD5 Checksum:	60ecf98dc6615b43a41e3e95ec8abbbb

/// File Name:	ccbill.txt
Description:	The CGI script whereami.cgi that gets distributed by CCBill lacks input validation and in return allows for remote command execution as the web uid.
Author:	Dayne Jordan
File Size:	3064
Last Modified:	Jul 6 22:11:00 2003
MD5 Checksum:	03e058c869b7c0bd6a2db785177e26d6

/// File Name:	Yahoo-ducky.txt
Description:	Yahoo Messenger 5.5 and below suffers from a buffer overflow that was originally discovered and fixed in May of 2002, but has since resurfaced. Systems Affected: Windows NT/2000/SP1/SP2/SP3, Windows ME, Windows 95/98, Windows XP.
Author:	Rave, Bob
Homepage:	http://www.dtors.net/
File Size:	10139
Last Modified:	Jul 6 21:29:49 2003
MD5 Checksum:	6f46595fb8f8c9ab9e7d127ab94b1f67

/// File Name:	0006_AP.CF-rds-dump.txt
Description:	The ColdFusion Server versions 4.5 and 5 suffer from multiple vulnerabilities. They range from the default RDS password being blank by default to allowing a normal remote user to reconfigure their website properties to put and get any file on the server.
Author:	Victim1, rs2112
Homepage:	http://www.angrypacket.com/
File Size:	10825
Last Modified:	Jul 6 07:24:34 2003
MD5 Checksum:	c681b33a362511d647a01f9b46492542

/// File Name:	screenapple.txt
Description:	The screen saver that comes with MacOSX crashes when an large amount of characters are entered and then the return key is pressed. At this point, access to the desktop is achieved.
Author:	Delfim Machado
Homepage:	http://lab.xpto.org
File Size:	2377
Last Modified:	Jul 4 20:35:14 2003
MD5 Checksum:	5070858a1c37df111b8b6666b66e45ed

/// File Name:	core.netmeeting.txt
Description:	Core Security Technologies Advisory ID: CORE-2003-0305-04 - Windows NetMeeting is vulnerable to a directory traversal attack that allows remote arbitrary code execution. Vulnerable version: NetMeeting 3.01 (4.4.3385), possibly others. Fixed in Service Pack 4.
Author:	Hernán Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, Pablo Rubinstein
Homepage:	http://www.coresecurity.com/
File Size:	6522
Last Modified:	Jul 4 20:29:25 2003
MD5 Checksum:	b1953ba5b79dc97db6f6fc38c2531733

/// File Name:	kereval.phpgroup.txt
Description:	Kereval Security Advisory KSA-003 - Cross Site Scripting vulnerabilities exist in Phpgroupware very 0.9.14.003.
Author:	François SORIN
Homepage:	http://www.kereval.com
File Size:	4016
Last Modified:	Jul 4 19:46:09 2003
MD5 Checksum:	20f15be1a0ddb7d5a03e4844b0352974

/// File Name:	core.active.txt
Description:	Core Security Technologies Advisory ID: CORE-2003-0305-03 - The Microsoft Active Directory functionality is remotely and locally vulnerable to a stack overflow that allows an attacker to crash and force a reboot of any Windows 2000 server. Vulnerable package: Windows 2000 Server with Active Directory SP3. Fixed with Service Pack 4.
Author:	Eduardo Arias, Gabriel Becedillas, Ricardo Quesada, Damian Saura
Homepage:	http://www.coresecurity.com/
File Size:	5744
Last Modified:	Jul 4 19:16:01 2003
MD5 Checksum:	9104d6686a8f0483995df11c58854fd3

/// File Name:	essenexploit.c
Description:	A buffer overflow exists in the Essentia Web Server for Linux due to bad boundary checking with long urls which are greater than 2000 bytes. Versions higher than 2.12 are vulnerable.
Author:	B-r00t
File Size:	4241
Last Modified:	Jul 4 19:13:57 2003
MD5 Checksum:	757c024869e07919914a13548a11d4dd

/// File Name:	wilco.zip
Description:	This tool make uses of the recent vulnerabilities discussed here regarding a broadcast buffer overflow and server freeze denial of service discovered in Roger Wilco.
Author:	Auriemma Luigi
Homepage:	http://www.pivx.com/luigi/
File Size:	10220
Last Modified:	Jul 4 19:09:03 2003
MD5 Checksum:	0ce7866114009e152ce1905369898649

/// File Name:	STG-Verity-K2.txt
Description:	STG Security Advisory SSA-20030701-02 - The Verity K2 Toolkit Query Builder suffers from a cross site scripting vulnerability.
Author:	SSR Team
File Size:	2988
Last Modified:	Jul 4 18:46:26 2003
MD5 Checksum:	3b7f9bfc19192e033b01fbdd0c4cc63c

/// File Name:	DSR-crapche.sh
Description:	Hilariously amusing and simple exploit that makes use of the fact that the cuxs binary on InterSystems Corp. Cache management system executes a binary as root without that binary having a static path.
Author:	kokanin
Homepage:	http://www.dtors.net
Related File:	intersystems.txt
File Size:	525
Last Modified:	Jul 3 07:36:22 2003
MD5 Checksum:	329a7a5129be9aefbe9ce9427f75d63e

/// File Name:	intersystems.txt
Description:	iDEFENSE Security Advisory 07.01.03: InterSystems Corp. Cache installs with insecure file and directory permissions, thereby allowing local attackers to gain root access by manipulating items in the main package tree. The vulnerability specifically exists because files and directories are open to all users for read, write, and execute operations.
Author:	Larry W. Cashdollar
Homepage:	http://www.idefense.com/
File Size:	3493
Related CVE(s):	CAN-2003-0497, CAN-2003-0498
Last Modified:	Jul 3 07:30:44 2003
MD5 Checksum:	a64a4be588901be55acb1feceb00d908