Section:  .. / 0311-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0311-exploits.tgz
Packet Storm new exploits for November, 2003.
File Size:121822
Last Modified:Dec 10 03:25:05 2003
MD5 Checksum:98a752eda0e42dae02e16f317b81af46

 ///  File Name: 85mod_gzip.c
Remote exploit for mod_gzip when in debug mode for versions and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.
Related File:ZH2003-3SP
File Size:7364
Last Modified:Nov 20 21:03:33 2003
MD5 Checksum:ccd4dcff6acad5955766d739f2551aff

 ///  File Name: 85NIPrint.c
Remote exploit for Windows that makes use of the buffer overflow vulnerability in NIPrint discussed here.
File Size:6010
Last Modified:Nov 4 18:14:36 2003
MD5 Checksum:067bbc3934292c0e48f3957e9ae13d9a

 ///  File Name: _BSSADV-0000.txt
Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad.
Author:The Bugtraq Team
File Size:12774
Related CVE(s):CAN-2003-0970, CAN-2003-0971
Last Modified:Dec 1 03:08:52 2003
MD5 Checksum:d75b0941421c1810583106423f646868

 ///  File Name:
Virthostmail (part of the Ensim WEBppliance Pro) local exploit for Linux/x86. Tested on Ensim 3.5.20-7 and others. Bug found by Kokanin.
Author:Joel Eriksson
File Size:696
Last Modified:Nov 8 03:20:28 2003
MD5 Checksum:dfc06bc790ea5e5dcbea2f03b8eb6269

 ///  File Name: boomerang.tgz
Local exploit for the ListBox/ComboBox vulnerabilities in Win32 platforms. Included is an example of a vulnerable program.
Related File:MS03-045
File Size:3638
Last Modified:Nov 14 03:05:55 2003
MD5 Checksum:2535d98788c7d94b7b1bc63be67d9adf

 ///  File Name: cf_exp.c
Cfservd v2.0.7 and below remote stack overflow exploit. Includes connect-back and port binding shellcode. Tested against cfservd v2.0.7 on Redhat 8.0. Info on the bug available here.
File Size:12665
Last Modified:Nov 8 03:10:25 2003
MD5 Checksum:217fbdd97894588d7e1efd1f536b044e

 ///  File Name: chemtrailX.c
Proof of concept local root exploit for iwconfig that is normally not setuid by default. Tested on RedHat Linux 9.0.
File Size:1728
Last Modified:Nov 14 02:42:59 2003
MD5 Checksum:b3da4e4973f8442505f7f11bb2442480

 ///  File Name: commerceSQL.txt
CommerceSQL shopping cart allows remote file reading via a directory traversal vulnerability in its index.cgi.
Author:Mariusz Ciesla
File Size:602
Last Modified:Nov 25 05:09:35 2003
MD5 Checksum:5a17b3f5332c2e8437aa225dc2841a71

 ///  File Name:
Wmapm v3.1 local exploit - Gives a shell with UID=operator in FreeBSD if compiled via ports collection, or UID=root if compiled from source on FreeBSD or Linux. Requires a valid X display.
Author:Knud Erik Højgaard
File Size:831
Last Modified:Nov 8 03:16:52 2003
MD5 Checksum:9c96e222a97fbced2e4789d67c4f010f

 ///  File Name: epic4-exp.c
EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.
File Size:14651
Last Modified:Nov 27 01:19:16 2003
MD5 Checksum:60364157eaa053fedb0f4fd986a98e85

 ///  File Name:
Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here and here.
Author:Liu Die Yu
File Size:26429
Last Modified:Nov 15 01:22:27 2003
MD5 Checksum:61fe983e637f9bb67381751df8664ae7

 ///  File Name: FBHterminator.c
Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
Related File:outsiders-terminatorX-001.txt
File Size:4751
Last Modified:Nov 15 19:00:39 2003
MD5 Checksum:a2817a1ad499a35cdb5469a0b032ce00

 ///  File Name: fp30reg.c
Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver Bug discovered by Brett Moore.
File Size:9281
Last Modified:Nov 17 20:30:07 2003
MD5 Checksum:e28d8512b7f0f40aa755ac0c05d43e14

 ///  File Name: gEEk-0verkill.c
0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.
File Size:2258
Last Modified:Nov 15 18:53:13 2003
MD5 Checksum:ee4378534a1ac7e7c6ff82037218678f

 ///  File Name: gEEk-unace.c
UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.
File Size:2225
Last Modified:Nov 15 18:49:31 2003
MD5 Checksum:2b33f62481726d5a0a5ecbdf48ec57e1

 ///  File Name:
IA WebMail Server v3.1 and below (iaregdll.dll version remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.
Author:Peter Winter-Smith
File Size:6615
Last Modified:Nov 19 20:29:42 2003
MD5 Checksum:2e7f7b1bf13faa2e9a6f5a50715033eb

 ///  File Name: iw-config.c
Proof of concept local root exploit for iwconfig, which is not setuid by default.
File Size:1344
Last Modified:Nov 14 02:17:07 2003
MD5 Checksum:5a3507650d6a7aa825d9cc3694338c88

 ///  File Name: kill-Taidu.c
webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.
File Size:13395
Last Modified:Nov 25 03:58:25 2003
MD5 Checksum:5d7053881beaf39ab594c60a0b0cd44c

 ///  File Name: kpopup.txt
Kpopup version 0.9.1 is susceptible to allowing privilege escalation due to format string bugs and an unsafe system() call. Local root exploit included.
File Size:3743
Last Modified:Nov 4 08:16:18 2003
MD5 Checksum:ef5877dfcaad27f0f1cbd792ee2650aa

 ///  File Name:
Remote exploit for mIRC versions below 6.12 that will cause the victim's client to crash.
File Size:1112
Last Modified:Nov 5 06:01:00 2003
MD5 Checksum:afd42a6a9c7cc811f4b482ebdeb88690

 ///  File Name: msnbug.txt
A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.
Author:Brice aka THR, Hi_Tech_Assassin
File Size:4839
Last Modified:Nov 25 03:41:16 2003
MD5 Checksum:20299636636f63dc45c73c692442d9d2

 ///  File Name: msuxobsd2.c
OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here and v3.4 here. Also works against OpenBSD v2.x.
Author:Georgi Guninski
File Size:6929
Last Modified:Nov 19 20:41:08 2003
MD5 Checksum:d2c5ec9e1b0e56417a1369edc4c038f3

 ///  File Name: myegallery.txt
My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.
Author:Bojan Zdrnja
File Size:1564
Last Modified:Nov 27 01:09:53 2003
MD5 Checksum:b43abc56c3104b46370ca73811988658

 ///  File Name: netserve107.txt
NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
File Size:7034
Last Modified:Nov 17 23:28:57 2003
MD5 Checksum:8ff8a7c0a6c99ee99b37b46c84a0bbd6