Section: .. / 0405-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 46

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	0405-exploits.tgz
Description:	Packet Storm new exploits for May, 2004.
File Size:	414325
Last Modified:	Jun 2 09:14:13 2004
MD5 Checksum:	8091badf8b1f17341e46f8155a23e2d5

/// File Name:	auxploit-1.0.tgz
Description:	Auxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.
Author:	Teolupus
File Size:	286720
Last Modified:	May 9 21:43:59 2004
MD5 Checksum:	2fead7d1eee1fdd581feab5491a730b3

/// File Name:	cvs_linux_freebsd_HEAP.c
Description:	Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
Related File:	072004.txt
File Size:	34487
Related CVE(s):	CAN-2004-0396
Last Modified:	May 20 23:09:57 2004
MD5 Checksum:	9cfad9f85d417e6bc59595d2781f88e6

/// File Name:	callds.c
Description:	MS04-011 DsRoleUpgradeDownlevelServer remote exploit. Submitted anonymously.
File Size:	20192
Last Modified:	May 1 18:46:17 2004
MD5 Checksum:	5a3eed53d788b4bb830466ed24a0fb4e

/// File Name:	win_msrpc_lsass_ms04-11_Ex.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.
Author:	houseofdabus, froggy 3s
File Size:	19983
Last Modified:	May 9 21:13:51 2004
MD5 Checksum:	e0f5a330f2b3069d91d6a22b3f60bede

/// File Name:	cvs_solaris_HEAP.c
Description:	Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
Related File:	072004.txt
File Size:	19522
Related CVE(s):	CAN-2004-0396
Last Modified:	May 20 23:10:37 2004
MD5 Checksum:	2172d2e08430a16cd515d19de297d1de

/// File Name:	HOD-ms04011-lsasrv-expl.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server.
Author:	houseofdabus
File Size:	18075
Last Modified:	May 1 18:27:57 2004
MD5 Checksum:	336ff2588da990a705cc495d882c45fd

/// File Name:	dwgenkey.c
Description:	Dameware's Mini Remote Control System version 4.2 uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access to a key lookup table (KLT) consisting of 1000 32-bit values.
Author:	ax09001h
File Size:	15345
Last Modified:	May 4 04:40:19 2004
MD5 Checksum:	f971234888749d3f8d58c426d86398c0

/// File Name:	HOD-symantec-firewall-DoS-expl.c
Description:	Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
Author:	houseofdabus
Related File:	eEye.symantecDNS2.txt
File Size:	12857
Last Modified:	May 15 01:04:24 2004
MD5 Checksum:	af83f044e54bf09bbd062d507cf42714

/// File Name:	linksys-dhcp-exploit.c
Description:	Remote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.
Author:	Jon Hart
Homepage:	http://spoofed.org/files/linksys-dhcp-exploit.c
File Size:	11721
Last Modified:	May 13 23:37:34 2004
MD5 Checksum:	24f9533fa0e628134039465bd5cf8dc0

/// File Name:	exim1.html
Description:	Two stack based buffer overflows exist in Exim 3.35. Both bugs need features enabled and are not in the default configuration. Proof of concept exploitation given.
Author:	Georgi Guninski
Homepage:	http://www.guninski.com/exim1.html
File Size:	11050
Last Modified:	May 7 23:36:03 2004
MD5 Checksum:	a8e4942b9a3c3e0b2511c7b3e7f6a8d6

/// File Name:	cge-13.tar.gz
Description:	Cisco Global Exploiter is a tool that demonstrates exploitation of the Cisco 677/678 Telnet Buffer Overflow Vulnerability, IOS Router Denial of Service Vulnerability, IOS HTTP Auth Vulnerability and Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability, Cisco IOS Software HTTP Request Denial of Service Vulnerability, CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability, Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, %u Encoding IDS Bypass Vulnerability (UTF), and Cisco IOS HTTP Denial of Service Vulnerability.
Author:	Nemesis, E4m
Homepage:	http://www.blackangels.it
File Size:	9699
Last Modified:	May 1 17:59:03 2004
MD5 Checksum:	a236f742c3976c9864d84d55eb11ea7e

/// File Name:	305-pound.c
Description:	Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.
Author:	Nilanjan De
Homepage:	http://www.eos-india.net
File Size:	9282
Last Modified:	May 9 21:40:48 2004
MD5 Checksum:	b83dfe24c5d7c4676f6fcaf697c34950

/// File Name:	xxchat-socks5.c
Description:	X-Chat versions 2.0.8 through 1.8.0 remote exploit that makes use of a buffer overflow in the SOCKS-5 proxy code. Successful exploitation binds a shell to port 7979.
Author:	vade79
Related File:	msg00000.html
File Size:	9061
Last Modified:	May 4 05:10:21 2004
MD5 Checksum:	962882454041913d71efc4a5444ef886

/// File Name:	sasserftpd.c
Description:	Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
Author:	mandragore
Related Exploit:	win_msrpc_lsass_ms04-11_Ex.c"
File Size:	8033
Related CVE(s):	CAN-2003-0533
Last Modified:	May 11 19:18:52 2004
MD5 Checksum:	be9399c6c8b87c60bab1a07bd359570a

/// File Name:	autoRST.c
Description:	autoRST is an automated TCP RST exploit. It uses the Winpcap libraries to sniff for TCP packets on a network and then sends out a forged RST packet after calculating the appropriate sequence number and forging the MAC address. Makes use of the recent vulnerable released by Paul A. Watson.
Author:	Matt Edman
Related File:	SlippingInTheWindow_v1.0.doc
File Size:	7992
Related CVE(s):	CAN-2004-0230
Last Modified:	May 4 06:53:37 2004
MD5 Checksum:	654ea5a0648371422ac6c68929cff3d4

/// File Name:	monit41.pl
Description:	Remote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.
Author:	Shadowinteger
Related File:	monit.txt
File Size:	7042
Last Modified:	May 11 19:23:39 2004
MD5 Checksum:	25f80041bd01686cdfe6e4a1c1287a64

/// File Name:	sp-x11-advisory.txt
Description:	MyWeb version 3.3 is susceptible to a buffer overflow attack when a specifically crafted HTTP GET request which contains over 4096 bytes of data is sent to the server.
Author:	badpack3t
Homepage:	http://security-protocols.com/
File Size:	6691
Last Modified:	May 7 22:47:06 2004
MD5 Checksum:	513d1662430ae50e6576fa379a6de607

/// File Name:	04252004.ms04011lsass.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. To make this exploit work remotely you have to use the sbaaNetapi.dll which modifies the DsRoleUpgradeDownlevelServer API.
Author:	sbaa
File Size:	6494
Last Modified:	May 1 18:30:01 2004
MD5 Checksum:	60309c0cc0bc6cb4b687ed57dd0a9e3b

/// File Name:	waraxe-2004-SA031.txt
Description:	e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	6020
Last Modified:	May 30 21:54:16 2004
MD5 Checksum:	97ae0e46335f1d8621318b47bb8ed913

/// File Name:	ftpgrep.c
Description:	ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
Author:	l0om
Homepage:	http://www.excluded.org
File Size:	5719
Last Modified:	May 13 02:05:49 2004
MD5 Checksum:	5aa0a9f328551d2162919d3f19134247

/// File Name:	phpx326.txt
Description:	PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	5698
Last Modified:	May 7 19:03:45 2004
MD5 Checksum:	5bc64564204e7b43c40dfb249c361ca4

/// File Name:	metaexpl.tgz
Description:	Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.
Author:	priestmaster
Homepage:	http://www.priestmaster.org/
Related File:	metamailBUGS.txt
File Size:	5295
Related CVE(s):	CAN-2004-0104, CAN-2004-0105
Last Modified:	May 27 00:55:10 2004
MD5 Checksum:	c25cca5f2ea199cb78714642d720a041

/// File Name:	getlvcb.c
Description:	Local exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.
Author:	matt0x
Homepage:	http://www.secnetops.com
File Size:	5212
Last Modified:	May 11 06:25:59 2004
MD5 Checksum:	18e3a10abcb8da2def7f727f56655658

/// File Name:	WFBE.txt
Description:	Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.
Author:	Tom
File Size:	4452
Last Modified:	May 9 21:33:15 2004
MD5 Checksum:	fbffc04301a182cd73ebc11c1d9aa44f