Section: .. / 0309-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 47

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	0309-exploits.tgz
Description:	Packet Storm new exploits for September, 2003.
File Size:	289863
Last Modified:	Oct 1 18:30:31 2003
MD5 Checksum:	59467f6e73e9c68cdd7add8c6a4a0c31

/// File Name:	09.14.mysql.c
Description:	Remote exploit for Mysql 3.x versions 3.23.56 and Mysql 4.x versions below 4.0.15. More information available here.
Author:	Bkbll
File Size:	8867
Related CVE(s):	CAN-2003-0780
Last Modified:	Sep 16 22:04:40 2003
MD5 Checksum:	6db4d9e49e4882f5622fd5b59932596c

/// File Name:	09.16.MS03-039-exp.c
Description:	Remote Windows exploit for the RPC DCOM long filename heap overflow discovered by NSFOCUS.
Author:	ey4s
Related File:	sa2003-06.txt
File Size:	13143
Last Modified:	Sep 16 23:53:46 2003
MD5 Checksum:	914d1c99e072cfb536a6d00fd8a75d8a

/// File Name:	0x333hztty.c
Description:	Local root exploit for hztty 2.0 that makes use of the buffer overflows discovered by Jens Steube.
Author:	c0wboy
Homepage:	http://www.0x333.org
File Size:	1688
Related CVE(s):	CAN-2003-0783TestedonRedHat90
Last Modified:	Sep 21 20:36:57 2003
MD5 Checksum:	1d319b945284869c7bd86d5af02d4d0e

/// File Name:	4DWS_ftp.c
Description:	4D WebSTAR FTP server suite version 5.3.1 remote exploit that binds a shell to port 6969 as the uid running the server. This exploit makes use of the pre-authentication buffer overflow that exists in the login mechanism of the WebSTAR FTP service.
Author:	B-r00t
Homepage:	http://doris.scriptkiddie.net
File Size:	8046
Last Modified:	Sep 13 09:02:47 2003
MD5 Checksum:	7456e23cbadbcbea96645ab9eee368c0

/// File Name:	atphttp0x06.c
Description:	Remote exploit for atphttpd version 0.4b and below on Linux x86 that binds a shell to port 65535. Tested against Debian 3.0 and RedHat 8.0.
Author:	r-code
File Size:	9954
Last Modified:	Sep 25 23:58:20 2003
MD5 Checksum:	12201535f967d9970d38c353615b22a4

/// File Name:	augustiner.c
Description:	Denial of service exploit for Microsoft Windows 98 that floods UDP traffic to random destination ports causing the system to lock up.
Author:	Warlord
Homepage:	http://www.nologin.org
File Size:	6171
Last Modified:	Sep 9 05:19:52 2003
MD5 Checksum:	e282c1433fab2315b14f50153e017834

/// File Name:	bandwebsite.txt
Description:	Bandsite portal system version 1.5 lacks authentication validation in its admin.php code when an administrator is added, thus allowing a remote attacker to gain administrative privileges.
Author:	Nasser.M.Sh
File Size:	1516
Last Modified:	Sep 13 09:34:11 2003
MD5 Checksum:	f7c0dc27a28dfa690190754c5b69973c

/// File Name:	bazooka_penaka.pl
Description:	Proof of concept remote exploit for Foxweb 2.5 on Microsoft Windows that achieves access of the web server user id and makes use of a buffer overflow found in the PATH_INFO variable in foxweb.dll.
Author:	pokleyzz
Homepage:	http://www.scan-associates.net
File Size:	4771
Last Modified:	Sep 6 02:46:22 2003
MD5 Checksum:	c3599adf8b5c36ef30b4eb85ff7a6773

/// File Name:	BRSwebweaver.txt
Description:	WebWeaver version 1.06 and below allows for anonymous surfing of the server if the Host field is set excessively long. It is also susceptible to various denial of services attacks.
Author:	euronymous
File Size:	2421
Last Modified:	Sep 25 04:27:51 2003
MD5 Checksum:	7ab029ca9b5cfba5799d80bcd08c6871

/// File Name:	cfengine.c
Description:	Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Binds a shell to port 26112. Tested against RedHat.
Author:	jsk
File Size:	8044
Last Modified:	Sep 29 20:14:22 2003
MD5 Checksum:	cc32ba54fe67a178fcd9b423342f3643

/// File Name:	chat-Xploit.c
Description:	Proof of concept exploit for /usr/sbin/chat on RedHat Linux 7.3. Note: chat is not setuid by default on most installations.
Author:	polygrithm
File Size:	3697
Last Modified:	Sep 25 04:45:03 2003
MD5 Checksum:	824304839459bd776fac887b83886e13

/// File Name:	dbabble.txt
Description:	DBabble 2.5i suffers from cross site scripting issues that can lead to cookie hijacking.
Author:	dr_insane
Homepage:	http://members.lycos.co.uk/r34ct/
File Size:	5399
Last Modified:	Sep 18 20:54:25 2003
MD5 Checksum:	d7bd98900757ac09369e6a2ae7509dfe

/// File Name:	DSR-cfengine.pl
Description:	Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.
Author:	kokanin
Homepage:	http://www.dtors.net
File Size:	1679
Last Modified:	Sep 26 15:39:32 2003
MD5 Checksum:	bec7a5ae73b4eb63bb76d5151e18f80b

/// File Name:	easyfile.txt
Description:	Easy File Sharing Web Server 1.2 is vulnerable to directory traversal bugs, cross site scripting, HTML injection, and password snatching due to them being left in the clear.
Author:	Dr_insane
Homepage:	Http://members.lycos.co.uk/r34ct/
File Size:	3960
Last Modified:	Sep 16 20:52:52 2003
MD5 Checksum:	10386b500c650364176e96a1890fc114

/// File Name:	ftgatepro.txt
Description:	Secunia Research Advisory - Two vulnerabilities have been identified in FTGatePro mail server version 1.x that allow malicious users to access sensitive information. One lies in the file ftgatedump.fts allowing an attacker to see the system configuration while another lies in exportmbx.fts that holds all the usernames and passwords for the system.
Author:	Phuong Nguyen
Homepage:	http://www.secunia.com/advisories/
File Size:	1779
Last Modified:	Sep 14 00:33:23 2003
MD5 Checksum:	92c1ea9ed17988649d4fcb386b69df54

/// File Name:	geeklog2.txt
Description:	Geeklog versions 2.x and below are susceptible to cross site scripting vulnerabilities and various SQL injection attacks.
Author:	Lorenzo Hernandez Garcia-Hierro
Homepage:	http://security.novappc.com
File Size:	9088
Last Modified:	Sep 29 20:18:03 2003
MD5 Checksum:	5e292ac0ff2be42ecabd916e479a3305

/// File Name:	guppy.txt
Description:	GuppY versions 2.4p1 and below are susceptible to cross site scripting attacks.
Homepage:	http://www.echu.org
File Size:	3207
Last Modified:	Sep 30 00:47:06 2003
MD5 Checksum:	d9b975da70fae430922d7527eeb5c876

/// File Name:	gyan_pine.c
Description:	Remote Pine exploit for versions 4.56 and below. Makes use of a vulnerability discussed here. Binds a shell to port 10000. Tested against RedHat Linux 7.0.
Author:	Gyan Chawdhary
File Size:	3944
Last Modified:	Sep 18 23:09:48 2003
MD5 Checksum:	2b5be512d212c9827dc8c6867ec28473

/// File Name:	IBM-DB2-db2licm.c
Description:	Local root exploit for IBM DB2 Universal Database version 7.2 for Linux/s390 which makes use of the db2licm binary that is setuid by default.
Author:	Juan Manuel Pascual Escriba
Homepage:	http://concepcion.upv.es/~pask
Related File:	core.db2.txt
File Size:	2234
Related CVE(s):	CAN-2003-0758, CAN-2003-0759
Last Modified:	Sep 27 01:24:08 2003
MD5 Checksum:	66f6d20f27d150e451308763e3f84b2f

/// File Name:	lansuite2003.txt
Description:	602PRO LanSuite 2003 for Windows is vulnerable to sensitive information disclosure, logs freely being accessible to any remote attacker, the ability to read any file on the server, and directory traversal attacks.
Author:	Phuong Nguyen
File Size:	2777
Last Modified:	Sep 25 04:13:56 2003
MD5 Checksum:	3f7b94da5c8b74ee04a3d3dcc11918d5

/// File Name:	leak-sploit.c
Description:	Stunnel v3.25 and below exploit which makes use of the file descriptor leak discussed in this Conectiva Security Advisory. Allows local attackers to hijack the stunnel server.
File Size:	3100
Related CVE(s):	CAN-2002-1563, CAN-2003-0740
Last Modified:	Sep 9 05:47:54 2003
MD5 Checksum:	a2b33220a6e0cb0535781760d121f2ce

/// File Name:	liquidwar-exploit.c
Description:	Liquidwar 5.4.5 local exploit that has been tested on Slackware Linux 9.0.0 and Gentoo Linux 1.4.
Author:	Angelo Rosiello
Homepage:	http://www.rosiello.org
File Size:	1552
Last Modified:	Sep 18 20:16:48 2003
MD5 Checksum:	e19fe2d76a0e5359b37326a9f8ffec8c

/// File Name:	lsh_exploit.c
Description:	Remote exploit for lsh 1.4.x that makes use of a boundary error in read_line.c when checking for errors. Spawns a bindshell on port 45295.
Author:	Haggis aka Carl Livitt.
File Size:	8179
Last Modified:	Sep 23 17:22:37 2003
MD5 Checksum:	60a9d09b21839048217308ccd3cf3dd4

/// File Name:	minihttp.txt
Description:	Minihttpserver 1.x Host Engine is susceptible to a directory traversal attack and has a login parsing flaw that allows a remote attacker to gain administrative privileges.
Author:	Peter Winter-Smith
File Size:	3162
Last Modified:	Sep 16 20:57:25 2003
MD5 Checksum:	52c72989566b10fad57a9d48c623658b