Section:  .. / 0406-exploits  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 34
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0406-exploits.tgz
Packet Storm new exploits for June, 2004.
File Size:136567
Last Modified:Jul 14 10:48:06 2004
MD5 Checksum:29c7c2674eab4520cd20b7302b9e9301

 ///  File Name: 2004-06-11_kernel_crash.t2t.tar.bz2
A very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.
File Size:24523
Last Modified:Jun 14 22:01:50 2004
MD5 Checksum:2ab47694f55382d6c53256a0fabfb2ef

 ///  File Name: analysis.tgz
Complete analysis of the 180 Solutions trojan along with exploitation tools that demonstrate at least two new unpublished vulnerabilities in Microsoft Internet Explorer 6 that allow for arbitrary code execution.
File Size:9434
Last Modified:Jun 8 02:29:39 2004
MD5 Checksum:3673f2d74f6184a4a126bf6b2228c59f

 ///  File Name: argoxp.c
New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.
File Size:4242
Last Modified:Jun 25 13:14:00 2004
MD5 Checksum:4e4dbfcd6f6f4bdaeb0f815289d6dc24

 ///  File Name: blackboardLS.txt
A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
File Size:6326
Last Modified:Jun 14 09:07:12 2004
MD5 Checksum:24664bee21865c591e5ebeacf907e0f8

 ///  File Name:
Colin McRae Rally 04 remote denial of service exploit that makes use of a flaw where a client can passively block an entire gaming network by setting a value too high.
Author:Luigi Auriemma
Related File:colinmcraerally04.txt
File Size:7161
Last Modified:Jun 8 02:11:20 2004
MD5 Checksum:e6ba105eeddb87a5b00ecfe1dd699366

 ///  File Name:
Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
File Size:1073
Last Modified:Jun 22 09:44:18 2004
MD5 Checksum:5b1945a52edc14026d5441544d608175

 ///  File Name: cpanelInject.txt
Reseller accounts used with Cpanel are able to change all passwords without verification.
File Size:569
Last Modified:Jun 10 09:08:06 2004
MD5 Checksum:f1426a10b54aadf67391f001ffad1b4b

 ///  File Name: CYSA-0329.txt
Cyrillium Security Advisory CYSA-0329 - FoolProof Security 3.9.x for Windows 98/98SE/Me has a vulnerability in the password recovery functionality that allows an attacker to recover the Administrator password using the Control password and password recovery key. Exploit included.
Author:Cyrillium Security Solutions and Services
File Size:7613
Last Modified:Jun 9 07:12:48 2004
MD5 Checksum:a0822a9623e9b07dbce09d0268360f44

 ///  File Name: dlink614.txt
The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
Author:Gregory Duchemin
File Size:4505
Last Modified:Jun 23 00:52:26 2004
MD5 Checksum:bb1d151b3ef002c744a87226efe46e37

 ///  File Name: dnsPoison.cpp.txt
Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.
File Size:5814
Last Modified:Jun 18 02:32:34 2004
MD5 Checksum:ff4e422f5bdf7ce95c8bbba21561cd14

 ///  File Name: edimaxBackdoor.txt
Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
File Size:899
Last Modified:Jun 14 08:57:47 2004
MD5 Checksum:920cbf76ffc52c5242a7de9605b4317b

 ///  File Name: freebsd.local.txt
It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
Author:Marceta Milos
File Size:2583
Last Modified:Jun 25 11:59:00 2004
MD5 Checksum:3c696b8a9038e16be09743c489490177

 ///  File Name: imperva.crystal2.txt
Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
Author:Moran Surf, Amichai Shulman
File Size:5379
Last Modified:Jun 9 08:08:58 2004
MD5 Checksum:f8951acf73da7282b9b8a4924fe4e0a8

 ///  File Name: ircd-hybrid.txt
Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
Author:Erik Sperling Johansen
File Size:6972
Last Modified:Jun 22 09:38:53 2004
MD5 Checksum:6a0710b14b0f121eb374ed868255d400

 ///  File Name: linksysDoS2.txt
Multiple denial of service attacks exist against various Linksys routers, causing them to need a factory reset in order to function again. Version affected: Linksys BEFSR41, BEFSR41 v3, BEFSRU31, BEFSR11, BEFSX41, BEFSR81 v2/v3, BEFW11S4 v3, BEFW11S4 v4.
Author:b0f aka Alan McCaig
File Size:6376
Last Modified:Jun 3 19:17:24 2004
MD5 Checksum:0be46427267a6b41f9e15a64458137df

 ///  File Name: memplayer.c
All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
File Size:15554
Last Modified:Jun 27 22:58:00 2004
MD5 Checksum:cbe5d9e292378ea65f396eb994717fdb

 ///  File Name: mollensoftLightweight.txt
A security vulnerability have been discovered in the Mollensoft Lightweight FTP Server version 3.6. A buffer overflow can be committed via the CWD command allowing for a denial of service attack. Full exploitation included.
File Size:3661
Last Modified:Jun 2 09:54:36 2004
MD5 Checksum:ee8c7bb9f62f9592fe6be4e8f094cc9a

 ///  File Name: p_atari800.c
Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
File Size:3008
Related CVE(s):CAN-2003-0630
Last Modified:Jun 29 13:50:00 2004
MD5 Checksum:c80b76a6307ff17e08717de2e6550916

 ///  File Name: pdp11mkdir.c
A vulnerability in the mkdir system utility can allow an unprivileged user to gain root privileges in UNIX 7th Edition systems. Exploit for /bin/mkdir Unix V7 PDP-11 included.
Author:Tim Newsham
File Size:3748
Last Modified:Jun 3 19:10:22 2004
MD5 Checksum:aa7a376a389ca2ae20714b4961d0ce46

 ///  File Name: phpEscape.txt
PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.
Author:Daniel Fabian
File Size:1634
Last Modified:Jun 8 01:16:45 2004
MD5 Checksum:4c2259467e77e624482ad84e2fe1c526

 ///  File Name: pivot1.1.0SoundwaveAdv.txt
Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
Author:Alex Buck aka loofus
File Size:2175
Last Modified:Jun 18 09:11:48 2004
MD5 Checksum:1f673326a66b16d650c42b4c15f179a3

 ///  File Name:
Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.
Author:Priv8 Security Research
Related File:firebirdDB.txt
File Size:4823
Last Modified:Jun 9 07:52:29 2004
MD5 Checksum:64cc7abc7e92b0bb8f0e92b931e73d99

 ///  File Name:
Remote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.
Author:Luigi Auriemma
Related File:tocaracedriver120.txt
File Size:18049
Last Modified:Jun 9 08:14:14 2004
MD5 Checksum:d5fd2a22cd6cf8be1a8f6bf9e9461613

 ///  File Name:
Remote exploit that makes use of a format string vulnerability in rlpr version 2.x.
Author:Andrew Griffiths
Related File:rlpr204.txt
File Size:3798
Last Modified:Jun 25 14:18:00 2004
MD5 Checksum:b99e7c2ea67fa9b371ccb64ad4add409