Section: .. / 0405-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 46

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	0405-exploits.tgz
Description:	Packet Storm new exploits for May, 2004.
File Size:	414325
Last Modified:	Jun 2 09:14:13 2004
MD5 Checksum:	8091badf8b1f17341e46f8155a23e2d5

/// File Name:	waraxe-2004-SA031.txt
Description:	e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	6020
Last Modified:	May 30 21:54:16 2004
MD5 Checksum:	97ae0e46335f1d8621318b47bb8ed913

/// File Name:	jportal.txt
Description:	JPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.
Author:	Maciek Wierciski
File Size:	666
Last Modified:	May 30 21:47:25 2004
MD5 Checksum:	5d99778db6af0ad83abc1d85e30297a1

/// File Name:	metaexpl.tgz
Description:	Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.
Author:	priestmaster
Homepage:	http://www.priestmaster.org/
Related File:	metamailBUGS.txt
File Size:	5295
Related CVE(s):	CAN-2004-0104, CAN-2004-0105
Last Modified:	May 27 00:55:10 2004
MD5 Checksum:	c25cca5f2ea199cb78714642d720a041

/// File Name:	sp-x13-advisory.txt
Description:	Orenosv HTTP/FTP server version orenosv059f is susceptible to a remote denial of service attack when supplied with an overly long GET request.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	3443
Last Modified:	May 26 11:41:24 2004
MD5 Checksum:	b808aeba5f9878b8e97a72d00f4c1090

/// File Name:	sp-x12-advisory.txt
Description:	BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier versions are susceptible a denial of service due to a malicious crafted HTTP GET request. Sample exploit included. Tested on Windows XP SP1.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	3751
Last Modified:	May 24 08:16:30 2004
MD5 Checksum:	d70ca4fb4aa9ee3fd6e78f911a191794

/// File Name:	allegrodos.txt
Description:	Amusing simple one-liner that shows that 3COM 812 ADSL modems are still susceptible to 4 year old denial of service attacks.
Author:	Seth Alan Woolley
File Size:	1040
Last Modified:	May 24 08:10:44 2004
MD5 Checksum:	1125ca25c5750a65274d642901167a37

/// File Name:	cvs_solaris_HEAP.c
Description:	Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
Related File:	072004.txt
File Size:	19522
Related CVE(s):	CAN-2004-0396
Last Modified:	May 20 23:10:37 2004
MD5 Checksum:	2172d2e08430a16cd515d19de297d1de

/// File Name:	cvs_linux_freebsd_HEAP.c
Description:	Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
Related File:	072004.txt
File Size:	34487
Related CVE(s):	CAN-2004-0396
Last Modified:	May 20 23:09:57 2004
MD5 Checksum:	9cfad9f85d417e6bc59595d2781f88e6

/// File Name:	advisory13.txt
Description:	osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
Author:	l0om
Homepage:	http://www.excluded.org
File Size:	556
Last Modified:	May 19 23:23:41 2004
MD5 Checksum:	9f27e4abcf8a58882000fc1a740db958

/// File Name:	EXP_OmniHTTPd.BAT
Description:	Remote exploit for OmniHTTPd versions 3.0a and below.
Author:	CoolICE
File Size:	1512
Last Modified:	May 19 20:32:10 2004
MD5 Checksum:	38dc667070590ecbe6ef30723398ab92

/// File Name:	wgetuhoh.txt
Description:	Wget versions 1.9 and 1.9.1 are susceptible to a symlink attack during a phase where it downloads the file to a temporary filename but does not actually lock the file.
Author:	Hugo Vazquez
File Size:	2007
Last Modified:	May 18 05:49:42 2004
MD5 Checksum:	7883f0415aa5768d71876d6b6214fc75

/// File Name:	HOD-symantec-firewall-DoS-expl.c
Description:	Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
Author:	houseofdabus
Related File:	eEye.symantecDNS2.txt
File Size:	12857
Last Modified:	May 15 01:04:24 2004
MD5 Checksum:	af83f044e54bf09bbd062d507cf42714

/// File Name:	linksys-dhcp-exploit.c
Description:	Remote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.
Author:	Jon Hart
Homepage:	http://spoofed.org/files/linksys-dhcp-exploit.c
File Size:	11721
Last Modified:	May 13 23:37:34 2004
MD5 Checksum:	24f9533fa0e628134039465bd5cf8dc0

/// File Name:	ftpgrep.c
Description:	ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
Author:	l0om
Homepage:	http://www.excluded.org
File Size:	5719
Last Modified:	May 13 02:05:49 2004
MD5 Checksum:	5aa0a9f328551d2162919d3f19134247

/// File Name:	monit41.pl
Description:	Remote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.
Author:	Shadowinteger
Related File:	monit.txt
File Size:	7042
Last Modified:	May 11 19:23:39 2004
MD5 Checksum:	25f80041bd01686cdfe6e4a1c1287a64

/// File Name:	sasserftpd.c
Description:	Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
Author:	mandragore
Related Exploit:	win_msrpc_lsass_ms04-11_Ex.c"
File Size:	8033
Related CVE(s):	CAN-2003-0533
Last Modified:	May 11 19:18:52 2004
MD5 Checksum:	be9399c6c8b87c60bab1a07bd359570a

/// File Name:	paxdos.c
Description:	PaX with CONFIG_PAX_RANDMMAP for Linux 2.6 denial of service proof of concept exploit the send the kernel into an infinite loop. Originally discovered by ChrisR.
Author:	Shadowinteger
File Size:	3178
Last Modified:	May 11 06:45:27 2004
MD5 Checksum:	001c4ea7efedf19d582a2e5969a9939b

/// File Name:	getlvcb.c
Description:	Local exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.
Author:	matt0x
Homepage:	http://www.secnetops.com
File Size:	5212
Last Modified:	May 11 06:25:59 2004
MD5 Checksum:	18e3a10abcb8da2def7f727f56655658

/// File Name:	emule042e.pl
Description:	Remote denial of service exploit for Emule 0.42e.
Author:	Rafel Ivgi aka The-Insider
Homepage:	http://theinsider.deep-ice.com
File Size:	3398
Last Modified:	May 11 06:19:41 2004
MD5 Checksum:	22b00d28a310b84818beaccb735f864f

/// File Name:	auxploit-1.0.tgz
Description:	Auxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.
Author:	Teolupus
File Size:	286720
Last Modified:	May 9 21:43:59 2004
MD5 Checksum:	2fead7d1eee1fdd581feab5491a730b3

/// File Name:	305-pound.c
Description:	Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.
Author:	Nilanjan De
Homepage:	http://www.eos-india.net
File Size:	9282
Last Modified:	May 9 21:40:48 2004
MD5 Checksum:	b83dfe24c5d7c4676f6fcaf697c34950

/// File Name:	WFBE.txt
Description:	Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.
Author:	Tom
File Size:	4452
Last Modified:	May 9 21:33:15 2004
MD5 Checksum:	fbffc04301a182cd73ebc11c1d9aa44f

/// File Name:	win_msrpc_lsass_ms04-11_Ex.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.
Author:	houseofdabus, froggy 3s
File Size:	19983
Last Modified:	May 9 21:13:51 2004
MD5 Checksum:	e0f5a330f2b3069d91d6a22b3f60bede

/// File Name:	waraxe-2004-SA028.txt
Description:	The Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	3767
Last Modified:	May 9 21:01:34 2004
MD5 Checksum:	d66d60d7836ef40f78ee42673d0e47b9