Section: .. / 0405-exploits /

Page 2 of 2
<< 1 2 >> Files 25 - 46 of 46

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	eudoraURL.txt
Description:	Eudora for windows has a buffer overflow in versions 6.1, 6.0.3, and 5.2.1. Sample exploitation included.
Author:	Paul Szabo
File Size:	1039
Last Modified:	May 9 20:14:11 2004
MD5 Checksum:	73206457f0b37c792b97ed6221062a41

/// File Name:	waraxe-2004-SA027.txt
Description:	PHP-Nuke version 6.x through 7.2 suffer from various SQL injection and cross site scripting vulnerabilities.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	3656
Last Modified:	May 7 23:42:01 2004
MD5 Checksum:	e6e2537ec2fd1485641bcb0bfc844659

/// File Name:	exim1.html
Description:	Two stack based buffer overflows exist in Exim 3.35. Both bugs need features enabled and are not in the default configuration. Proof of concept exploitation given.
Author:	Georgi Guninski
Homepage:	http://www.guninski.com/exim1.html
File Size:	11050
Last Modified:	May 7 23:36:03 2004
MD5 Checksum:	a8e4942b9a3c3e0b2511c7b3e7f6a8d6

/// File Name:	sp-x11-advisory.txt
Description:	MyWeb version 3.3 is susceptible to a buffer overflow attack when a specifically crafted HTTP GET request which contains over 4096 bytes of data is sent to the server.
Author:	badpack3t
Homepage:	http://security-protocols.com/
File Size:	6691
Last Modified:	May 7 22:47:06 2004
MD5 Checksum:	513d1662430ae50e6576fa379a6de607

/// File Name:	titanDoS.txt
Description:	A security vulnerability exists in South River Technologies' Titan FTP Server. An attacker issuing a LIST command and disconnecting before the LIST command had the time to connect, will cause the program to try and access an invalid socket. This results in the FTP service crashing. Version affected: 3.01 build 163.
Author:	Storm
Homepage:	http://www.securiteam.com/windowsntfocus/5RP0215CUU.html
File Size:	2543
Last Modified:	May 7 22:29:51 2004
MD5 Checksum:	06ec27cef6424d9953fbee1c03bdbe2c

/// File Name:	gyan_sendmail.c
Description:	Local root exploit for sendmail versions 8.12.9 and below that makes use of the prescan function vulnerability originally discovered by Michal Zalewski back in September.
Author:	Gyan Chawdhary
Related File:	sendmail8.12.9.txt
File Size:	3612
Last Modified:	May 7 20:44:23 2004
MD5 Checksum:	e6a94843ad03750d2f73beb8a33a7cdd

/// File Name:	phpx326.txt
Description:	PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	5698
Last Modified:	May 7 19:03:45 2004
MD5 Checksum:	5bc64564204e7b43c40dfb249c361ca4

/// File Name:	4nalb.pl
Description:	Remote exploit that makes use of a file inclusion vulnerability in 4nalbum module version 0.92. To use, you must change the retrieve URL to point to a script that binds a shell to port 1234 of the server.
Author:	adil
Related File:	waraxe-2004-SA006.txt
File Size:	1561
Last Modified:	May 5 21:37:39 2004
MD5 Checksum:	f942a9ae511f73f04df62b0e1921cf33

/// File Name:	autoRST.c
Description:	autoRST is an automated TCP RST exploit. It uses the Winpcap libraries to sniff for TCP packets on a network and then sends out a forged RST packet after calculating the appropriate sequence number and forging the MAC address. Makes use of the recent vulnerable released by Paul A. Watson.
Author:	Matt Edman
Related File:	SlippingInTheWindow_v1.0.doc
File Size:	7992
Related CVE(s):	CAN-2004-0230
Last Modified:	May 4 06:53:37 2004
MD5 Checksum:	654ea5a0648371422ac6c68929cff3d4

/// File Name:	sq-chpass-exp.c
Description:	Local root exploit for Squirrelmail's chpasswd utility. Tested on GNU/Debian with kernel 2.4.24 and on RH 9.0 shrike with kernel 2.4.20. Original bug found by Matias Neiff.
Author:	Michal Stys
Related File:	chpasswd.txt
File Size:	1721
Last Modified:	May 4 05:21:01 2004
MD5 Checksum:	0d39b4dd9b57ce7c70057d669bb68cfd

/// File Name:	xxchat-socks5.c
Description:	X-Chat versions 2.0.8 through 1.8.0 remote exploit that makes use of a buffer overflow in the SOCKS-5 proxy code. Successful exploitation binds a shell to port 7979.
Author:	vade79
Related File:	msg00000.html
File Size:	9061
Last Modified:	May 4 05:10:21 2004
MD5 Checksum:	962882454041913d71efc4a5444ef886

/// File Name:	servuLIST.txt
Description:	Serv-U ftpd versions older than 5.0.0.6 suffer from a flaw where a user issuing a long parameter as a value to a LIST command can cause the server to try and read a value that is outside the memory location causing a crash.
Author:	Storm
File Size:	2455
Last Modified:	May 4 05:06:01 2004
MD5 Checksum:	e1ac518faa09770360a61a3b10698007

/// File Name:	aldosweb.txt
Description:	Aldo's web server version 1.5 on Windows is susceptible to path disclosure and pathetic directory traversal attack that allows for remote access to any file on the system.
Author:	Oliver Karow
Homepage:	http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt
File Size:	1014
Last Modified:	May 4 05:03:03 2004
MD5 Checksum:	f0e78cddf0d74c429c81530532d3f80f

/// File Name:	dwgenkey.c
Description:	Dameware's Mini Remote Control System version 4.2 uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access to a key lookup table (KLT) consisting of 1000 32-bit values.
Author:	ax09001h
File Size:	15345
Last Modified:	May 4 04:40:19 2004
MD5 Checksum:	f971234888749d3f8d58c426d86398c0

/// File Name:	SMCwhoops.txt
Description:	SMC broadband routers ship with remote administration enabled by default on port 1900 on the WAN side of the router. Hitting the external IP address on port 1900 and clicking Login allows a malicious attacker to gain full access to the device. Tested against model 7008ABR and 7004VBR.
Author:	user86
File Size:	2327
Last Modified:	May 4 01:24:38 2004
MD5 Checksum:	9691f91745efcee0c1abd98be7860c91

/// File Name:	squirrel142.txt
Description:	SquirrelMail, a PHP based webmail package, has multiple cross-site scripting vulnerabilities. Version 1.4.2 and earlier are affected.
Author:	Alvin Alex
File Size:	1104
Last Modified:	May 4 01:09:38 2004
MD5 Checksum:	38ea4e0bb3227b77fcb7d5585e0ce880

/// File Name:	callds.c
Description:	MS04-011 DsRoleUpgradeDownlevelServer remote exploit. Submitted anonymously.
File Size:	20192
Last Modified:	May 1 18:46:17 2004
MD5 Checksum:	5a3eed53d788b4bb830466ed24a0fb4e

/// File Name:	04252004.ms04011lsass.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. To make this exploit work remotely you have to use the sbaaNetapi.dll which modifies the DsRoleUpgradeDownlevelServer API.
Author:	sbaa
File Size:	6494
Last Modified:	May 1 18:30:01 2004
MD5 Checksum:	60309c0cc0bc6cb4b687ed57dd0a9e3b

/// File Name:	HOD-ms04011-lsasrv-expl.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server.
Author:	houseofdabus
File Size:	18075
Last Modified:	May 1 18:27:57 2004
MD5 Checksum:	336ff2588da990a705cc495d882c45fd

/// File Name:	hsftpexpl.tgz
Description:	HSFTP versions 1.11 and below remote exploit that makes use of a format string vulnerability when processing file names.
Author:	priestmaster
Homepage:	http://www.priestmaster.org
File Size:	4247
Last Modified:	May 1 18:22:19 2004
MD5 Checksum:	7cd8a65e47c3d8ce7e8abc637a3a3696

/// File Name:	cge-13.tar.gz
Description:	Cisco Global Exploiter is a tool that demonstrates exploitation of the Cisco 677/678 Telnet Buffer Overflow Vulnerability, IOS Router Denial of Service Vulnerability, IOS HTTP Auth Vulnerability and Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability, Cisco IOS Software HTTP Request Denial of Service Vulnerability, CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability, Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, %u Encoding IDS Bypass Vulnerability (UTF), and Cisco IOS HTTP Denial of Service Vulnerability.
Author:	Nemesis, E4m
Homepage:	http://www.blackangels.it
File Size:	9699
Last Modified:	May 1 17:59:03 2004
MD5 Checksum:	a236f742c3976c9864d84d55eb11ea7e