Section:  .. / 0311-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: 0311-exploits.tgz
Description:
Packet Storm new exploits for November, 2003.
File Size:121822
Last Modified:Dec 10 03:25:05 2003
MD5 Checksum:98a752eda0e42dae02e16f317b81af46

 ///  File Name: rnnguest12.txt
Description:
The RNN Guestbook version 1.2 has multitudes of vulnerabilities. They range from allowing a remote attacker to execute commands to the ability to achieve full administrative access without authentication. Full descriptions and exploitation enclosed.
Author:BrainRawt
File Size:4395
Last Modified:Dec 1 03:53:30 2003
MD5 Checksum:0754b26af27338e25b349e9041d28689

 ///  File Name: phpBB206.txt
Description:
Remote exploit that makes use of a SQL injection vulnerability that exists in the viewtopic.php file in phpBB version 2.06. Using a malformed query against the searching functionality, the MD5 password hash will be exposed. Related type of vulnerability here.
Author:Hat-Squad Security Team
File Size:4953
Last Modified:Dec 1 03:37:47 2003
MD5 Checksum:a0d71696e8ccf3834d85f4c6baa42746

 ///  File Name: _BSSADV-0000.txt
Description:
Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad.
Author:The Bugtraq Team
Homepage:http://www.bugtraq.org
File Size:12774
Related CVE(s):CAN-2003-0970, CAN-2003-0971
Last Modified:Dec 1 03:08:52 2003
MD5 Checksum:d75b0941421c1810583106423f646868

 ///  File Name: epic4-exp.c
Description:
EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.
Author:Li0n7
File Size:14651
Last Modified:Nov 27 01:19:16 2003
MD5 Checksum:60364157eaa053fedb0f4fd986a98e85

 ///  File Name: myegallery.txt
Description:
My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.
Author:Bojan Zdrnja
File Size:1564
Last Modified:Nov 27 01:09:53 2003
MD5 Checksum:b43abc56c3104b46370ca73811988658

 ///  File Name: commerceSQL.txt
Description:
CommerceSQL shopping cart allows remote file reading via a directory traversal vulnerability in its index.cgi.
Author:Mariusz Ciesla
File Size:602
Last Modified:Nov 25 05:09:35 2003
MD5 Checksum:5a17b3f5332c2e8437aa225dc2841a71

 ///  File Name: TCM315.txt
Description:
The embedded webserver for the Thomson TCM315 cable modem is vulnerable to a buffer overflow during a typical GET method HTTP request.
Author:aT4r
File Size:3579
Last Modified:Nov 25 05:05:14 2003
MD5 Checksum:51198bef948a30a3927152acb48c8e3f

 ///  File Name: SCSA021.txt
Description:
Security Corporation Security Advisory [SCSA-021]: vBPortal versions 2.0 alpha 8.1 and below allow a remote attacker the ability to send mail anonymously via a vulnerability in its friend.php script.
Author:frog-man
Homepage:http://www.Security-Corp.com
File Size:8009
Last Modified:Nov 25 04:03:25 2003
MD5 Checksum:b9b406a1de68f15e93c5a0044938ddfa

 ///  File Name: kill-Taidu.c
Description:
webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.
Author:jsk
File Size:13395
Last Modified:Nov 25 03:58:25 2003
MD5 Checksum:5d7053881beaf39ab594c60a0b0cd44c

 ///  File Name: msnbug.txt
Description:
A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.
Author:Brice aka THR, Hi_Tech_Assassin
File Size:4839
Last Modified:Nov 25 03:41:16 2003
MD5 Checksum:20299636636f63dc45c73c692442d9d2

 ///  File Name: 85mod_gzip.c
Description:
Remote exploit for mod_gzip when in debug mode for versions 1.2.26.1a and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.
Author:xCrZx
Related File:ZH2003-3SP
File Size:7364
Last Modified:Nov 20 21:03:33 2003
MD5 Checksum:ccd4dcff6acad5955766d739f2551aff

 ///  File Name: msuxobsd2.c
Description:
OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here and v3.4 here. Also works against OpenBSD v2.x.
Author:Georgi Guninski
Homepage:http://www.guninski.com/
File Size:6929
Last Modified:Nov 19 20:41:08 2003
MD5 Checksum:d2c5ec9e1b0e56417a1369edc4c038f3

 ///  File Name: iawebmail.pl
Description:
IA WebMail Server v3.1 and below (iaregdll.dll version 1.0.0.5) remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.
Author:Peter Winter-Smith
Homepage:http://www.elitehaven.net
File Size:6615
Last Modified:Nov 19 20:29:42 2003
MD5 Checksum:2e7f7b1bf13faa2e9a6f5a50715033eb

 ///  File Name: rush13.txt
Description:
Rolis Guestbook version 1.0 is susceptible to php injection cross site scripting attacks.
Author:idtwolf
Homepage:http://www.rsteam.ru
File Size:3114
Last Modified:Nov 17 23:34:34 2003
MD5 Checksum:1972e31d4135891fa96c056c66ac386f

 ///  File Name: rush12.txt
Description:
phpWebFileManager version 2.0.0 is susceptible to a directory traversal attack due to a lack of input validation.
Author:idtwolf
Homepage:http://www.rsteam.ru
File Size:2621
Last Modified:Nov 17 23:31:15 2003
MD5 Checksum:9eb1029ff44f80602acd4bef54d419dc

 ///  File Name: netserve107.txt
Description:
NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
Author:nimber
Homepage:http://www.nimber.plux.ru
File Size:7034
Last Modified:Nov 17 23:28:57 2003
MD5 Checksum:8ff8a7c0a6c99ee99b37b46c84a0bbd6

 ///  File Name: pserv.c
Description:
pServ 2.0.x Beta webserver remote exploit that makes use of the User-Agent HTTP Header buffer overflow.
Author:jsk
File Size:7159
Last Modified:Nov 17 23:24:29 2003
MD5 Checksum:27078b058c1063db9695a706a4f68b1d

 ///  File Name: fp30reg.c
Description:
Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.
Author:Adik
Homepage:http://netninja.to.kg
File Size:9281
Last Modified:Nov 17 20:30:07 2003
MD5 Checksum:e28d8512b7f0f40aa755ac0c05d43e14

 ///  File Name: FBHterminator.c
Description:
Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
Author:Bobby
Related File:outsiders-terminatorX-001.txt
File Size:4751
Last Modified:Nov 15 19:00:39 2003
MD5 Checksum:a2817a1ad499a35cdb5469a0b032ce00

 ///  File Name: gEEk-0verkill.c
Description:
0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.
Author:demz
Homepage:http://geekz.nl/
File Size:2258
Last Modified:Nov 15 18:53:13 2003
MD5 Checksum:ee4378534a1ac7e7c6ff82037218678f

 ///  File Name: gEEk-unace.c
Description:
UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.
Author:demz
Homepage:http://geekz.nl/
File Size:2225
Last Modified:Nov 15 18:49:31 2003
MD5 Checksum:2b33f62481726d5a0a5ecbdf48ec57e1

 ///  File Name: unace-exp.c
Description:
UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Bruteforcing option included.
Author:Li0n7
File Size:4471
Last Modified:Nov 15 18:47:12 2003
MD5 Checksum:652bbe547dbd598468bd44680ceda980

 ///  File Name: execdror5-Demo.zip
Description:
Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here and here.
Author:Liu Die Yu
Homepage:http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
File Size:26429
Last Modified:Nov 15 01:22:27 2003
MD5 Checksum:61fe983e637f9bb67381751df8664ae7

 ///  File Name: sp-myserver0.5-dos.c
Description:
Remote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.
Author:badpack3t
Homepage:http://www.security-protocols.com
File Size:5404
Last Modified:Nov 14 21:30:36 2003
MD5 Checksum:5003eaa9233aaba1997a86319e2b57aa