Section:  .. / 0405-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 46
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0405-exploits.tgz
Packet Storm new exploits for May, 2004.
File Size:414325
Last Modified:Jun 2 09:14:13 2004
MD5 Checksum:8091badf8b1f17341e46f8155a23e2d5

 ///  File Name: 04252004.ms04011lsass.c
Remote exploit for the Lsasrv.dll RPC buffer overflow. To make this exploit work remotely you have to use the sbaaNetapi.dll which modifies the DsRoleUpgradeDownlevelServer API.
File Size:6494
Last Modified:May 1 18:30:01 2004
MD5 Checksum:60309c0cc0bc6cb4b687ed57dd0a9e3b

 ///  File Name: 305-pound.c
Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.
Author:Nilanjan De
File Size:9282
Last Modified:May 9 21:40:48 2004
MD5 Checksum:b83dfe24c5d7c4676f6fcaf697c34950

 ///  File Name:
Remote exploit that makes use of a file inclusion vulnerability in 4nalbum module version 0.92. To use, you must change the retrieve URL to point to a script that binds a shell to port 1234 of the server.
Related File:waraxe-2004-SA006.txt
File Size:1561
Last Modified:May 5 21:37:39 2004
MD5 Checksum:f942a9ae511f73f04df62b0e1921cf33

 ///  File Name: advisory13.txt
osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
File Size:556
Last Modified:May 19 23:23:41 2004
MD5 Checksum:9f27e4abcf8a58882000fc1a740db958

 ///  File Name: aldosweb.txt
Aldo's web server version 1.5 on Windows is susceptible to path disclosure and pathetic directory traversal attack that allows for remote access to any file on the system.
Author:Oliver Karow
File Size:1014
Last Modified:May 4 05:03:03 2004
MD5 Checksum:f0e78cddf0d74c429c81530532d3f80f

 ///  File Name: allegrodos.txt
Amusing simple one-liner that shows that 3COM 812 ADSL modems are still susceptible to 4 year old denial of service attacks.
Author:Seth Alan Woolley
File Size:1040
Last Modified:May 24 08:10:44 2004
MD5 Checksum:1125ca25c5750a65274d642901167a37

 ///  File Name: autoRST.c
autoRST is an automated TCP RST exploit. It uses the Winpcap libraries to sniff for TCP packets on a network and then sends out a forged RST packet after calculating the appropriate sequence number and forging the MAC address. Makes use of the recent vulnerable released by Paul A. Watson.
Author:Matt Edman
Related File:SlippingInTheWindow_v1.0.doc
File Size:7992
Related CVE(s):CAN-2004-0230
Last Modified:May 4 06:53:37 2004
MD5 Checksum:654ea5a0648371422ac6c68929cff3d4

 ///  File Name: auxploit-1.0.tgz
Auxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.
File Size:286720
Last Modified:May 9 21:43:59 2004
MD5 Checksum:2fead7d1eee1fdd581feab5491a730b3

 ///  File Name: callds.c
MS04-011 DsRoleUpgradeDownlevelServer remote exploit. Submitted anonymously.
File Size:20192
Last Modified:May 1 18:46:17 2004
MD5 Checksum:5a3eed53d788b4bb830466ed24a0fb4e

 ///  File Name: cge-13.tar.gz
Cisco Global Exploiter is a tool that demonstrates exploitation of the Cisco 677/678 Telnet Buffer Overflow Vulnerability, IOS Router Denial of Service Vulnerability, IOS HTTP Auth Vulnerability and Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability, Cisco IOS Software HTTP Request Denial of Service Vulnerability, CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability, Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, %u Encoding IDS Bypass Vulnerability (UTF), and Cisco IOS HTTP Denial of Service Vulnerability.
Author:Nemesis, E4m
File Size:9699
Last Modified:May 1 17:59:03 2004
MD5 Checksum:a236f742c3976c9864d84d55eb11ea7e

 ///  File Name: cvs_linux_freebsd_HEAP.c
Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
Related File:072004.txt
File Size:34487
Related CVE(s):CAN-2004-0396
Last Modified:May 20 23:09:57 2004
MD5 Checksum:9cfad9f85d417e6bc59595d2781f88e6

 ///  File Name: cvs_solaris_HEAP.c
Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
Related File:072004.txt
File Size:19522
Related CVE(s):CAN-2004-0396
Last Modified:May 20 23:10:37 2004
MD5 Checksum:2172d2e08430a16cd515d19de297d1de

 ///  File Name: dwgenkey.c
Dameware's Mini Remote Control System version 4.2 uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access to a key lookup table (KLT) consisting of 1000 32-bit values.
File Size:15345
Last Modified:May 4 04:40:19 2004
MD5 Checksum:f971234888749d3f8d58c426d86398c0

 ///  File Name:
Remote denial of service exploit for Emule 0.42e.
Author:Rafel Ivgi aka The-Insider
File Size:3398
Last Modified:May 11 06:19:41 2004
MD5 Checksum:22b00d28a310b84818beaccb735f864f

 ///  File Name: eudoraURL.txt
Eudora for windows has a buffer overflow in versions 6.1, 6.0.3, and 5.2.1. Sample exploitation included.
Author:Paul Szabo
File Size:1039
Last Modified:May 9 20:14:11 2004
MD5 Checksum:73206457f0b37c792b97ed6221062a41

 ///  File Name: exim1.html
Two stack based buffer overflows exist in Exim 3.35. Both bugs need features enabled and are not in the default configuration. Proof of concept exploitation given.
Author:Georgi Guninski
File Size:11050
Last Modified:May 7 23:36:03 2004
MD5 Checksum:a8e4942b9a3c3e0b2511c7b3e7f6a8d6

 ///  File Name: EXP_OmniHTTPd.BAT
Remote exploit for OmniHTTPd versions 3.0a and below.
File Size:1512
Last Modified:May 19 20:32:10 2004
MD5 Checksum:38dc667070590ecbe6ef30723398ab92

 ///  File Name: ftpgrep.c
ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
File Size:5719
Last Modified:May 13 02:05:49 2004
MD5 Checksum:5aa0a9f328551d2162919d3f19134247

 ///  File Name: getlvcb.c
Local exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.
File Size:5212
Last Modified:May 11 06:25:59 2004
MD5 Checksum:18e3a10abcb8da2def7f727f56655658

 ///  File Name: gyan_sendmail.c
Local root exploit for sendmail versions 8.12.9 and below that makes use of the prescan function vulnerability originally discovered by Michal Zalewski back in September.
Author:Gyan Chawdhary
Related File:sendmail8.12.9.txt
File Size:3612
Last Modified:May 7 20:44:23 2004
MD5 Checksum:e6a94843ad03750d2f73beb8a33a7cdd

 ///  File Name: HOD-ms04011-lsasrv-expl.c
Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server.
File Size:18075
Last Modified:May 1 18:27:57 2004
MD5 Checksum:336ff2588da990a705cc495d882c45fd

 ///  File Name: HOD-symantec-firewall-DoS-expl.c
Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
Related File:eEye.symantecDNS2.txt
File Size:12857
Last Modified:May 15 01:04:24 2004
MD5 Checksum:af83f044e54bf09bbd062d507cf42714

 ///  File Name: hsftpexpl.tgz
HSFTP versions 1.11 and below remote exploit that makes use of a format string vulnerability when processing file names.
File Size:4247
Last Modified:May 1 18:22:19 2004
MD5 Checksum:7cd8a65e47c3d8ce7e8abc637a3a3696

 ///  File Name: jportal.txt
JPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.
Author:Maciek Wierciski
File Size:666
Last Modified:May 30 21:47:25 2004
MD5 Checksum:5d99778db6af0ad83abc1d85e30297a1