Section:  .. / 0401-exploits  /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 67
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: 0401-exploits.tgz
Description:
Packet Storm new exploits for January, 2004.
File Size:111178
Last Modified:Feb 23 03:46:21 2004
MD5 Checksum:dc3485ad8b2762b423d11d688c681c3e

 ///  File Name: SCSA026.txt
Description:
Security Corporation Security Advisory [SCSA-026]: A vulnerability has been discovered in DUWARE Products, which allows malicious users to become administrators. It affects approximately 15 different products in all.
Author:frog-man
Homepage:http://www.Security-Corp.com
File Size:18506
Last Modified:Jan 21 08:40:00 2004
MD5 Checksum:e0f69730ba6f5ceede94ff8f24ddb128

 ///  File Name: servu2.c
Description:
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:kkqq, lion
Related File:servu.txt
File Size:14341
Last Modified:Jan 27 15:42:00 2004
MD5 Checksum:471231a0f4338ed849231470c392dea8

 ///  File Name: proxyNow2x.txt
Description:
ProxyNow! versions 2.75 and below are susceptible to both heap memory corruption and stack-based buffer overflows. Exploitation of these vulnerabilities can lead to a denial of service and/or code execution with SYSTEM privileges. Detailed analysis and exploit included.
Author:Peter Winter-Smith
Homepage:http://www.elitehaven.net/proxynow.txt
File Size:11440
Last Modified:Jan 27 01:44:00 2004
MD5 Checksum:56a50454322d1252538d57d7ca7db26e

 ///  File Name: lftp.c
Description:
Remote exploit that makes use of the try_netscape_proxy() overflow in versions 2.3 to 2.6.9 of lftp.
Author:Li0n7
Related File:lftpadv.tgz
File Size:11177
Last Modified:Jan 30 12:01:00 2004
MD5 Checksum:aa27e2f0a9caa7e80db62d9cd472b247

 ///  File Name: DameWeird.c
Description:
DameWare Mini Remote Control versions 3.73 and below remote exploit. Tested against Windows 2000 with versions 3.68 and 3.72.
Author:kralor
Homepage:http://www.coromputer.net
File Size:9141
Last Modified:Jan 11 05:04:00 2004
MD5 Checksum:4cd04d7261c12d9e3fe068c4eb2e2ccc

 ///  File Name: sslexp.c
Description:
Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below.
Author:Bram Matthys
Related File:secadv_20030930.txt
File Size:8914
Related CVE(s):CAN-2003-0545, CAN-2003-0543, CAN-2003-0544
Last Modified:Jan 30 12:02:00 2004
MD5 Checksum:c1c971d5bc02630efc56c819b2b2d5b1

 ///  File Name: SwitchOff.c
Description:
Switch Off 2.3 remote exploit that achieves SYSTEM privileges from a buffer overflow in the message parameter. Tested on Windows 2000 SP0 and XP SP0.
Author:Mr. Nice
Homepage:http://www.coromputer.net
Related File:switchoff.txt
File Size:6977
Last Modified:Jan 8 19:23:51 2004
MD5 Checksum:66f4b3f4d6252750baf6177084444df0

 ///  File Name: servu3.c
Description:
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:kkqq, mandragore
Related File:servu.txt
File Size:6852
Last Modified:Jan 30 15:34:00 2004
MD5 Checksum:196d47c57e8dd07092d004eaac160800

 ///  File Name: nfshp2cbof.zip
Description:
Need for Speed Hot Pursuit 2 remote exploit that makes use of a vulnerable client that is susceptible to a buffer overflow attack by a hostile server.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related File:nfshp2cbof-adv.txt
File Size:6179
Last Modified:Jan 23 01:46:00 2004
MD5 Checksum:a2533e96a41fae2797422a54576747d5

 ///  File Name: phpshopProject.txt
Description:
phpShop Project versions 0.6.1-b and earlier are prone to SQL injection attacks, script injection, cross site scripting, and user information disclosure vulnerabilities.
Author:JeiAr
Homepage:http://www.gulftech.org
File Size:5779
Last Modified:Jan 16 10:15:00 2004
MD5 Checksum:076eaaa70fe151462a72ab91f8f525d4

 ///  File Name: servu.c
Description:
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
Author:kkqq, mslug
Related File:servu.txt
File Size:5730
Last Modified:Jan 26 15:00:00 2004
MD5 Checksum:480b668830de70170b51ba045aa17e00

 ///  File Name: serv-ME.c
Description:
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below that binds a shell to port 28876.
Author:SkyLined
Related File:servu.txt
File Size:5670
Last Modified:Jan 31 22:43:00 2004
MD5 Checksum:df97fa08733ac9a559651c1560ae605b

 ///  File Name: wts_bo.c
Description:
Jordan Windows Telnet Server v1.2 remote buffer overflow exploit. Binds a shell on port 9191. Tested on Win32 and Unix.
Author:fiNis
File Size:5381
Last Modified:Jan 3 11:46:23 2004
MD5 Checksum:397649c591bb7a4d322df72b6a4212be

 ///  File Name: rapidcache.txt
Description:
RapidCache versions 2.2.6 and below suffer from denial of service and directory traversal bugs.
Author:Peter Winter-Smith
Homepage:http://www.elitehaven.net/rapidcache.txt
File Size:5286
Last Modified:Jan 15 23:17:00 2004
MD5 Checksum:9ec67f2bde13bce339f49f1bd384b38f

 ///  File Name: phpGedView.txt
Description:
phpGedView version 2.65 beta 5 is susceptible to SQL injection attacks, path disclosure issues, cross site scripting, and denial of service attacks.
Homepage:http://www.gulftech.org
File Size:5224
Last Modified:Jan 13 07:55:00 2004
MD5 Checksum:95a022a564bc919b1d05e11aff9c4f20

 ///  File Name: novellNetware.txt
Description:
Novell Netware Enterprise web server versions 5.1 and 6.0 are vulnerable to various cross site scripting, path dislosure, and directory listing attacks.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:4912
Last Modified:Jan 23 11:35:00 2004
MD5 Checksum:d40561da198da58da8e3bcd2c83aa6a5

 ///  File Name: mremap_bug.c
Description:
Modified version of the Christophe Devine exploit that tests whether or not a Linux system is vulnerable to the do_mremap() vulnerability discussed here. This version does not corrupt any kernel data.
Author:Angelo Dell'Aera
Homepage:http://buffer.antifork.org
File Size:4689
Last Modified:Jan 7 23:07:51 2004
MD5 Checksum:85646ea024f2d27587622b0f85db23a7

 ///  File Name: hdsoft.c
Description:
Remote exploit for Windows FTP server version 1.6. Data for original vulnerability discovery made by Peter Winter-Smith here.
Author:mandragore
File Size:4581
Last Modified:Jan 13 19:26:00 2004
MD5 Checksum:630232757bde88f3ee2b10ff364007ee

 ///  File Name: finjanSurfinGate.txt
Description:
When running in proxy mode, properly crafted requests sent to Finjan SurfinGate versions 6 and 7 can mimic control commands. Known vulnerabilities include viewing log data and causing the service to restart, potentially resulting in a DoS situation. The architecture for this application suggests there is a potential for modifying the filtering policy as well. The vendor has ignored the problem for over a year.
Author:David Byrne
File Size:4385
Last Modified:Jan 23 12:04:00 2004
MD5 Checksum:a70f0608854315d2b3d5d6fbf8a2c19f

 ///  File Name: adv_microsoft_word_protection.txt
Description:
All versions of Microsoft Word are susceptible to having the password protection on Word documents bypassed by clearing out the checksum in the document utilizing a hex editor and replacing it with 0x00000000 which equals an empty string.
Author:Thorsten Delbrouck
Homepage:http://www.guardeonic.com/
File Size:4221
Last Modified:Jan 5 23:58:51 2004
MD5 Checksum:d439fb571646d24b9b1db1620a73ca83

 ///  File Name: wwwfilesharepro.txt
Description:
WWW File Share Pro versions 2.42 and below allow for files outside of the webroot to be overwritten due to invalid input validation, a denial of service attack when POSTs are made with large amounts of bytes, and directory authorization bypass.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:4207
Last Modified:Jan 15 03:19:00 2004
MD5 Checksum:5e77a79be109409e5e90b1d986024226

 ///  File Name: geoHTTP.txt
Description:
GeoHttpServer is vulnerable to an authentication bypass and a denial of service attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:4144
Last Modified:Jan 23 02:00:00 2004
MD5 Checksum:01fc35d487f1ab59142f71a326fd8f7b

 ///  File Name: nextplace.txt
Description:
NextPlace.com E-Commerce ASP engine is susceptible to a cross site scripting vulnerability.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:3611
Last Modified:Jan 26 14:52:00 2004
MD5 Checksum:7537a2a81e8d2aeca8c75ab5ce02048d

 ///  File Name: goahead2.txt
Description:
The Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. The server has an internal problem where it will accept improper HTTP requests that allow a remote attacker to view source for CGI related files.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:3505
Last Modified:Jan 20 03:51:00 2004
MD5 Checksum:c3c9b58c5d94300aea7ebd8debfaa90b