Section: .. / 0401-exploits /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 67

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	0401-exploits.tgz
Description:	Packet Storm new exploits for January, 2004.
File Size:	111178
Last Modified:	Feb 23 03:46:21 2004
MD5 Checksum:	dc3485ad8b2762b423d11d688c681c3e

/// File Name:	apache2047.txt
Description:	In the Apache httpd server version 2.0.47, a user can bypass a Deny directive by setting the ErrorDocument directive in their .htaccess file to access a php script which can then access the data they should be denied.
Author:	Trung - caothuvolam
Homepage:	http://www.security.com.vn
File Size:	3211
Last Modified:	Jan 31 23:02:00 2004
MD5 Checksum:	62ade51afc01bff5975f1fa1fdd1605d

/// File Name:	serv-ME.c
Description:	Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below that binds a shell to port 28876.
Author:	SkyLined
Related File:	servu.txt
File Size:	5670
Last Modified:	Jan 31 22:43:00 2004
MD5 Checksum:	df97fa08733ac9a559651c1560ae605b

/// File Name:	PHPportal.txt
Description:	PHP Portal is vulnerable to a directory traversal attack.
Author:	Zero X
Homepage:	http://www.lobnan.de
File Size:	231
Last Modified:	Jan 31 21:55:00 2004
MD5 Checksum:	3f26598e6b2051b1aea5bf2fc745b574

/// File Name:	phototool.txt
Description:	thePHOTOtool is susceptible to SQL injection attacks.
Author:	KingSerb
File Size:	1806
Last Modified:	Jan 31 21:33:00 2004
MD5 Checksum:	6e55a492fd6335dab5c9c314475707ec

/// File Name:	servu3.c
Description:	Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:	kkqq, mandragore
Related File:	servu.txt
File Size:	6852
Last Modified:	Jan 30 15:34:00 2004
MD5 Checksum:	196d47c57e8dd07092d004eaac160800

/// File Name:	winblast.sh
Description:	Windows XP/2003 Samba file sharing resource exhaustion exploit that commits a denial of service.
Author:	Steve Ladjabi
File Size:	1398
Last Modified:	Jan 30 12:09:00 2004
MD5 Checksum:	1f187919aeadfc08e3f6a4eb4ebd472d

/// File Name:	sslexp.c
Description:	Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below.
Author:	Bram Matthys
Related File:	secadv_20030930.txt
File Size:	8914
Related CVE(s):	CAN-2003-0545, CAN-2003-0543, CAN-2003-0544
Last Modified:	Jan 30 12:02:00 2004
MD5 Checksum:	c1c971d5bc02630efc56c819b2b2d5b1

/// File Name:	lftp.c
Description:	Remote exploit that makes use of the try_netscape_proxy() overflow in versions 2.3 to 2.6.9 of lftp.
Author:	Li0n7
Related File:	lftpadv.tgz
File Size:	11177
Last Modified:	Jan 30 12:01:00 2004
MD5 Checksum:	aa27e2f0a9caa7e80db62d9cd472b247

/// File Name:	phpGedView_v2.txt
Description:	phpGedView versions 2.65.1 and below suffer from multiple PHP Code Injection vulnerabilities that enable a malicious user to access arbitrary files or execute commands on the server.
Author:	Cedric Cochin
File Size:	3409
Last Modified:	Jan 30 09:27:00 2004
MD5 Checksum:	e9584f2836462dad732d60e5cccaec8d

/// File Name:	webBlog11.txt
Description:	Web Blog 1.1 allows for remote command execution due to an unsanitized file variable.
Author:	n3rd
File Size:	316
Last Modified:	Jan 30 03:01:00 2004
MD5 Checksum:	27881ec769823c8bfb94bc4deef2d730

/// File Name:	ZH2004-02SA.txt
Description:	PJ CGI Neo review is vulnerable to a directory traversal attack that allows a remote attacker to access any file outside of the webroot.
Author:	Zone-h Security Labs
Homepage:	http://www.zone-h.org/advisories/read/id=3824
File Size:	962
Last Modified:	Jan 29 20:00:00 2004
MD5 Checksum:	f8400a39bd6c8be8aa4b3e6d64609c32

/// File Name:	open3sIDSonshowaudit.txt
Description:	Any user with AAO privileges over the onshowaudit binary in IBM's Informix IDSv9.40 can read any system file.
Author:	Juan Manuel Pascual Escriba
Homepage:	http://www.open3s.com
File Size:	2739
Last Modified:	Jan 29 19:40:00 2004
MD5 Checksum:	7b448d8860aaafd3ade38a2b65910bbb

/// File Name:	open3sIDSonedcu.txt
Description:	A local vulnerability exists in the IBM Informix IDSv9.40 onedcu binary that allows local users to overwrite any root owned file.
Author:	Juan Manuel Pascual Escriba
Homepage:	http://www.open3s.com
File Size:	2513
Last Modified:	Jan 29 19:12:00 2004
MD5 Checksum:	12bb227bc4ae476a696d8ce008eb5441

/// File Name:	BRSwebweaverXSS.txt
Description:	BRE WebWeaver version 1.07 is vulnerable a cross site scripting attack.
Homepage:	http://www.oliverkarow.de
File Size:	417
Last Modified:	Jan 28 21:40:00 2004
MD5 Checksum:	a51162aec7d678367d96d90ca56ecd80

/// File Name:	ZH2004-01SA.txt
Description:	Web Blog 1.1 allows for remote file retrieval outside of the web root via a directory traversal attack.
Author:	ZetaLabs
File Size:	1003
Last Modified:	Jan 28 19:15:00 2004
MD5 Checksum:	e365b5f00e124d7ee17a4838cd679cc3

/// File Name:	servu2.c
Description:	Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:	kkqq, lion
Related File:	servu.txt
File Size:	14341
Last Modified:	Jan 27 15:42:00 2004
MD5 Checksum:	471231a0f4338ed849231470c392dea8

/// File Name:	malwareSpoof.txt
Description:	Trivial way to do file spoofing in Internet Explorer versions 6.0.2800.1106 and below.
Author:	http-equiv@excite.com
Homepage:	http://www.malware.com/gooroo.html
File Size:	640
Last Modified:	Jan 27 13:09:00 2004
MD5 Checksum:	494805d0fdbf547e8ba0186e823e4ff2

/// File Name:	proxyNow2x.txt
Description:	ProxyNow! versions 2.75 and below are susceptible to both heap memory corruption and stack-based buffer overflows. Exploitation of these vulnerabilities can lead to a denial of service and/or code execution with SYSTEM privileges. Detailed analysis and exploit included.
Author:	Peter Winter-Smith
Homepage:	http://www.elitehaven.net/proxynow.txt
File Size:	11440
Last Modified:	Jan 27 01:44:00 2004
MD5 Checksum:	56a50454322d1252538d57d7ca7db26e

/// File Name:	oracleXSS.txt
Description:	Oracle HTTP Server powered by Apache is susceptible to a cross site scripting attack in its isqlplus script.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	2829
Last Modified:	Jan 26 21:31:00 2004
MD5 Checksum:	908544f617dbc1828099f53c7133c330

/// File Name:	BremsServer124.txt
Description:	BremsServer version 1.2.4 is vulnerable to directory traversal and cross site scripting attacks.
Author:	Donato Ferrante
Homepage:	http://www.autistici.org/fdonato
File Size:	1818
Last Modified:	Jan 26 17:30:00 2004
MD5 Checksum:	973777ad7fa56b40037a75a4241400b2

/// File Name:	servu.c
Description:	Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:	kkqq, mslug
Related File:	servu.txt
File Size:	5730
Last Modified:	Jan 26 15:00:00 2004
MD5 Checksum:	480b668830de70170b51ba045aa17e00

/// File Name:	nextplace.txt
Description:	NextPlace.com E-Commerce ASP engine is susceptible to a cross site scripting vulnerability.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	3611
Last Modified:	Jan 26 14:52:00 2004
MD5 Checksum:	7537a2a81e8d2aeca8c75ab5ce02048d

/// File Name:	inrtra.txt
Description:	Inrtra Forum is susceptible to a cross site scripting vulnerability.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	3050
Last Modified:	Jan 26 14:51:00 2004
MD5 Checksum:	41c1438eb8ab726423c3308d1345e047

/// File Name:	BWStraversal.txt
Description:	BWS or Borland Web Server, which is used as the Corel Paradox relational database interface, lacks input validation and is subject to directory traversal attacks. Versions 1.0b3 and below are affected.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	2175
Last Modified:	Jan 26 14:50:00 2004
MD5 Checksum:	8455d25f930d008b12b6b26bb08311d8