Section: .. / 0311-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 40

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	0311-exploits.tgz
Description:	Packet Storm new exploits for November, 2003.
File Size:	121822
Last Modified:	Dec 10 03:25:05 2003
MD5 Checksum:	98a752eda0e42dae02e16f317b81af46

/// File Name:	execdror5-Demo.zip
Description:	Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here and here.
Author:	Liu Die Yu
Homepage:	http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
File Size:	26429
Last Modified:	Nov 15 01:22:27 2003
MD5 Checksum:	61fe983e637f9bb67381751df8664ae7

/// File Name:	rpc!exec.c
Description:	Windows remote rpc dcom exploit which bypasses non-executable stack protection by using return into libc. Tested against OverflowGuard and StackDefender (with kernel32 imagebase randomization) running on Windows 2000 SP0 and Windows XP SP0.
Author:	ins1der
File Size:	16612
Last Modified:	Nov 8 05:20:15 2003
MD5 Checksum:	9e3ef780cbba1ba342d85d3417f43325

/// File Name:	xmjong.c
Description:	mah-jong version 1.4 server/client remote buffer overflow exploit that makes use of the SetPlayerOption command in the server and the PlayerOptionSet command in the client.
Author:	vade79/v9
File Size:	15756
Last Modified:	Nov 4 07:02:11 2003
MD5 Checksum:	5c35b328c236f41bef652d708c08ca6b

/// File Name:	epic4-exp.c
Description:	EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.
Author:	Li0n7
File Size:	14651
Last Modified:	Nov 27 01:19:16 2003
MD5 Checksum:	60364157eaa053fedb0f4fd986a98e85

/// File Name:	kill-Taidu.c
Description:	webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.
Author:	jsk
File Size:	13395
Last Modified:	Nov 25 03:58:25 2003
MD5 Checksum:	5d7053881beaf39ab594c60a0b0cd44c

/// File Name:	o_wks.c
Description:	Remote exploit for the Microsoft Windows Workstation server (WKSSVC) buffer overflow.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
Related File:	ms03-049
File Size:	12873
Last Modified:	Nov 14 02:59:56 2003
MD5 Checksum:	42f040aa646dd00f2ed65f55541c93a4

/// File Name:	_BSSADV-0000.txt
Description:	Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad.
Author:	The Bugtraq Team
Homepage:	http://www.bugtraq.org
File Size:	12774
Related CVE(s):	CAN-2003-0970, CAN-2003-0971
Last Modified:	Dec 1 03:08:52 2003
MD5 Checksum:	d75b0941421c1810583106423f646868

/// File Name:	cf_exp.c
Description:	Cfservd v2.0.7 and below remote stack overflow exploit. Includes connect-back and port binding shellcode. Tested against cfservd v2.0.7 on Redhat 8.0. Info on the bug available here.
Author:	Snooq
Homepage:	http://www.angelfire.com/linux/snooq/
File Size:	12665
Last Modified:	Nov 8 03:10:25 2003
MD5 Checksum:	217fbdd97894588d7e1efd1f536b044e

/// File Name:	fp30reg.c
Description:	Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.
Author:	Adik
Homepage:	http://netninja.to.kg
File Size:	9281
Last Modified:	Nov 17 20:30:07 2003
MD5 Checksum:	e28d8512b7f0f40aa755ac0c05d43e14

/// File Name:	SCSA021.txt
Description:	Security Corporation Security Advisory [SCSA-021]: vBPortal versions 2.0 alpha 8.1 and below allow a remote attacker the ability to send mail anonymously via a vulnerability in its friend.php script.
Author:	frog-man
Homepage:	http://www.Security-Corp.com
File Size:	8009
Last Modified:	Nov 25 04:03:25 2003
MD5 Checksum:	b9b406a1de68f15e93c5a0044938ddfa

/// File Name:	shatterCommCtrl.txt
Description:	Shatter attack exploit against CommCtrl 6.0 Buttons. This write up and exploit demonstrates that any privileged application, which makes use of the Microsoft XP visual styles and creates a window on the interactive desktop, can be used by an attacker to gain elevated privileges.
Author:	Oliver Lavery
File Size:	7516
Last Modified:	Nov 4 07:11:38 2003
MD5 Checksum:	d08ebed3d21207d68c67d22e9b554a1d

/// File Name:	85mod_gzip.c
Description:	Remote exploit for mod_gzip when in debug mode for versions 1.2.26.1a and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.
Author:	xCrZx
Related File:	ZH2003-3SP
File Size:	7364
Last Modified:	Nov 20 21:03:33 2003
MD5 Checksum:	ccd4dcff6acad5955766d739f2551aff

/// File Name:	pserv.c
Description:	pServ 2.0.x Beta webserver remote exploit that makes use of the User-Agent HTTP Header buffer overflow.
Author:	jsk
File Size:	7159
Last Modified:	Nov 17 23:24:29 2003
MD5 Checksum:	27078b058c1063db9695a706a4f68b1d

/// File Name:	netserve107.txt
Description:	NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.
Author:	nimber
Homepage:	http://www.nimber.plux.ru
File Size:	7034
Last Modified:	Nov 17 23:28:57 2003
MD5 Checksum:	8ff8a7c0a6c99ee99b37b46c84a0bbd6

/// File Name:	msuxobsd2.c
Description:	OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here and v3.4 here. Also works against OpenBSD v2.x.
Author:	Georgi Guninski
Homepage:	http://www.guninski.com/
File Size:	6929
Last Modified:	Nov 19 20:41:08 2003
MD5 Checksum:	d2c5ec9e1b0e56417a1369edc4c038f3

/// File Name:	terminatorX-exp.c
Description:	TerminatorX version 3.81 and below local root exploit. Bruteforcing option included. Makes use of vulnerabilities discussed in this related advisory.
Author:	Li0n7
File Size:	6825
Last Modified:	Nov 14 02:10:03 2003
MD5 Checksum:	04ab215e46ffae3ec92f1b86dc5cfa09

/// File Name:	iawebmail.pl
Description:	IA WebMail Server v3.1 and below (iaregdll.dll version 1.0.0.5) remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.
Author:	Peter Winter-Smith
Homepage:	http://www.elitehaven.net
File Size:	6615
Last Modified:	Nov 19 20:29:42 2003
MD5 Checksum:	2e7f7b1bf13faa2e9a6f5a50715033eb

/// File Name:	85NIPrint.c
Description:	Remote exploit for Windows that makes use of the buffer overflow vulnerability in NIPrint discussed here.
Author:	xCrZx
File Size:	6010
Last Modified:	Nov 4 18:14:36 2003
MD5 Checksum:	067bbc3934292c0e48f3957e9ae13d9a

/// File Name:	sp-myserver0.5-dos.c
Description:	Remote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	5404
Last Modified:	Nov 14 21:30:36 2003
MD5 Checksum:	5003eaa9233aaba1997a86319e2b57aa

/// File Name:	phpBB206.txt
Description:	Remote exploit that makes use of a SQL injection vulnerability that exists in the viewtopic.php file in phpBB version 2.06. Using a malformed query against the searching functionality, the MD5 password hash will be exposed. Related type of vulnerability here.
Author:	Hat-Squad Security Team
File Size:	4953
Last Modified:	Dec 1 03:37:47 2003
MD5 Checksum:	a0d71696e8ccf3834d85f4c6baa42746

/// File Name:	msnbug.txt
Description:	A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.
Author:	Brice aka THR, Hi_Tech_Assassin
File Size:	4839
Last Modified:	Nov 25 03:41:16 2003
MD5 Checksum:	20299636636f63dc45c73c692442d9d2

/// File Name:	FBHterminator.c
Description:	Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
Author:	Bobby
Related File:	outsiders-terminatorX-001.txt
File Size:	4751
Last Modified:	Nov 15 19:00:39 2003
MD5 Checksum:	a2817a1ad499a35cdb5469a0b032ce00

/// File Name:	unace-exp.c
Description:	UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Bruteforcing option included.
Author:	Li0n7
File Size:	4471
Last Modified:	Nov 15 18:47:12 2003
MD5 Checksum:	652bbe547dbd598468bd44680ceda980

/// File Name:	rnnguest12.txt
Description:	The RNN Guestbook version 1.2 has multitudes of vulnerabilities. They range from allowing a remote attacker to execute commands to the ability to achieve full administrative access without authentication. Full descriptions and exploitation enclosed.
Author:	BrainRawt
File Size:	4395
Last Modified:	Dec 1 03:53:30 2003
MD5 Checksum:	0754b26af27338e25b349e9041d28689