[ packet storm ] - packetstorm.securify.com

			ArchivesForums

Welcome to the Exploits for July, 2000 Section.

Some of these exploits are from Bugtraq and Security Bugware

To change sort order, click on the category.
Sorted By: File Name.

File Name Downloads File Size Last Modified

0007-exploits.tgz 2567 137051 Aug 3 17:28:41 2000

Packet Storm new exploits for July, 2000.

7350qpop.c 2478 13372 Jul 15 16:34:29 2000

qpopper 2.53 euidl x86/linux remote exploit. Includes a procedure to abuse format strings to find the correct offset. Tested on Debian 2.1, RedHat 6.1, Slackware 7, Suse 5.2 and 6.0. Homepage: http://teso.scene.at. By Scut

alibaba.txt 1061 2124 Jul 18 15:01:06 2000

Alibaba is a http server for Windows 95/98/NT which contains buffer overflows and allow remote users to execute commands remotely. By Prizm

alienform2-xploit.pl 518 1883 Jul 24 11:59:22 2000

AlienForm2 remote cgi exploit - Spawns an xterm from target machine. Homepage: http://teleh0r.cjb.net. By Telehor

bajie.webserver.txt 920 763 Jul 31 13:56:50 2000

Bajie is a freeware HTTP daemon written in Java has vulnerabilities which allow remote users to view any file on the system, and find out the real server path. Homepage: http://www.mdma.za.net. By Wizdumb

bb-14h2.txt 1521 974 Jul 13 10:25:08 2000

Big Brother up to version 1.4H2 contains a remote vulnerability which allows remote users to create a filename with an arbitrary extension. Since the file is droped into a directory accessible via the web server, any file extension that is parsed server side can be abused and commands can be executed remotely. By Xternal

bigbrother-1.4g.txt 1725 1235 Jul 12 17:56:29 2000

Big Brother v1.4g and below contains a vulnerability which allows a remote attacker to view any file on the system. By Safety

bitchx.dos.txt 2546 3263 Jul 8 16:03:30 2000

A denial of service bug was discovered in BitchX - a nasty user can invite you to a channel with a %s in it, causing the client to coredump. This is a classic case of printf(variable) where variable contains formatting chars. Patch available here. Homepage: htp://www.bitchx.com. By Colten Edwards

bnbform-xploit.pl 521 1780 Jul 24 11:56:41 2000

bnbform.cgi v4.0 and below remote exploit - reads any file on the system. Homepage: http://teleh0r.cjb.net. By Telehor

bulkmail-xploit.pl 432 1715 Jul 24 12:00:51 2000

bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm. Homepage: http://teleh0r.cjb.net. By Telehor

bxexpl.c 607 1570 Jul 28 11:42:49 2000

BitchX-75p3 local exploit, Redhat 6.2 x86. By Flea

clickrespond-xploit...> 449 1786 Jul 24 12:19:27 2000

Click Responder v1.02 remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor

cpd.c 3100 4567 Jul 1 14:43:17 2000

CheckPoint IP firewall crashes when it detects packets coming from a different MAC with the same IP address as itself. We simply send a few spoofed UDP packets to it. By Antipent

cvs-1.10.8.txt 816 4259 Jul 28 12:25:55 2000

CVS v1.10.8 allows users to execute any binary on the server using CVS/Checkin.prog or CVS/Update.prog. By Tanaka Akira

d-link.di-701.txt 889 919 Jul 28 11:35:16 2000

The D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password. By Brant Hale

DST2K0019.txt 1115 3284 Jul 5 15:21:26 2000

Delphis Consulting Plc Security Team Advisory DST2K0019 - WebBBS v1.17 for Windows NT contains multiple buffer overflows, some of which allow remote code execution. Homepage: http://www.delphisplc.com/thinking/whitepapers/. By Delphis Security Team

dune_poc.c 456 3815 Jul 20 10:53:18 2000

The Dune Webserver v0.6.7 has remotely exploitable buffer overflows. This code is a proof of concept exploit for linux/x86. Homepage: http://www.fakehalo.org. By Vade79

excel2000-exec.txt 1804 2344 Jul 13 10:20:40 2000

Excel 2000 serious vulnerability - Excel 2000/Windows 98 (other versions too) allows executing programs when opening an Excel Workbook (.xls file). This may be also be exploited thru IE or Outlook. This can easily lead to taking full control over user's computer. Demonstration available here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski

fawx2.c 1917 7262 Jul 24 16:34:35 2000

fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000. Homepage: http://www.slacknet.org. By Heeb

formmail-xploit.pl 565 1915 Jul 24 12:25:00 2000

Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor

FS-071000-5-JWS 854 5756 Jul 12 18:02:22 2000

The Sun Java Web Server for Solaris and Windows NT allows a remote attacker to execute arbitrary commands on the target system. Proof of concept included. Homepage: http://www.foundstone.com. By Saumil Shah

FS-072500-7-ANA.txt 629 4337 Jul 25 16:01:40 2000

Foundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples. Homepage: http://www.foundstone.com. By Robin Keir

FS-072600-8-ANA.txt 672 4165 Jul 26 17:44:30 2000

Foundstone Security Advisory - AnalogX SimpleServer:WWW v1.06 and below is vulnerable to a "relative directory path" attack that allows a remote user to retrieve any known file one the the server. Homepage: http://www.foundstone.com. By Robin Keir

FS-072800-9-BEA.txt 951 6121 Jul 30 02:48:31 2000

Foundstone Security Advisory - Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing an attacker to view the source code of any file within the web document root of the web server. Depending on web application and directory structure attacker can access and view unauthorized files. Proof of concept URL's included. Homepage: http://www.foundstone.com. By Saumil Shah

imeshexp.zip 1734 15785 Jul 3 20:41:15 2000

iMesh V1.02 Beta build 117 remote exploit for Windows 98. Exploits a buffer overflow to download a file from a given URL and execute it on the remote host. Includes windows binary and C source. Homepage: http://www.mxeleet.org. By Hitek

Infosec.20000712.wor..> 1648 2508 Jul 12 18:07:02 2000

Infosec Security Vulnerability Report - The web server for remote access to e-mail in WorldClient 2.1 for Windows NT is vulnerable for root dot dot. It is possible to read any file if the full path is known. By Christer Staffer

JRUNremoteXploit.tgz 1231 2560 Jul 1 13:45:44 2000

JRun 2.3 remote buffer overflow exploit. Runs a shell on the port where the JRun webserver daemon is running. By Wildcoyote

mw-exp.c 1234 1530 Jul 15 15:10:20 2000

makewhatis local dos exploit - overwrites /etc/passwd as soon as makewhatis runs, usually from cron. By Grazer1

ncsa1-3.c 1328 1004 Jul 31 14:25:09 2000

NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0. Homepage: http://www.r00tabega.com. By Xtremist

netscape.ad.00-07 1794 3324 Jul 12 18:28:26 2000

Security Advisory ( netscape.ad.00-07 ) - Netscape Administration Server Password Disclosure. Netscape SuiteSpot running on Netscape webservers has a password file which in the default configuration is readable by remote users. All platforms are affected. By F0bic

netscape.jpg-marker...> 823 10594 Jul 25 11:58:20 2000

Netscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms. Homepage: http://www.openwall.com/advisories. By Solar Designer

netware50-sp5.dos.tx..> 1071 1123 Jul 12 22:37:24 2000

NetWare 5.0 with SP 5 has a remote denial of service vulnerability. By sending random data to tcp port 40193, a buffer is overflowed and the server issues a memory allocation error and eventually crashes. By Dimuthu Parussalla

outlook.advisory.txt 848 3673 Jul 19 10:47:28 2000

Microsoft Outlook Advisory and Remote Exploit - A bug in a shared component of Microsoft Outlook and Outlook Express mail clients can allow a remote user to write arbitrary data to the stack. This bug has been found to exist in all versions of MS Outlook and Outlook Express on both Windows 95/98 and Windows NT 4. Includes in depth discussion and proof-of-point exploit that, when placed in the header field of a message or MIME attached message, will download and execute an executable from the web. By Aaron Drew

OW-002-netscape-jpeg..> 528 6471 Jul 25 12:17:10 2000

Netscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape. Homepage: http://www.openwall.com/advisories. By Solar Designer

pasvagg.pl 568 5679 Jul 24 12:47:23 2000

Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups. Homepage: http://www.digitaloffense.net. By H.D. Moore

poll_it.txt 1822 1028 Jul 13 10:07:31 2000

Pollit, a cgi application, has a vulnerability which allows remote users to read any file on the system. A URL such as /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 will spit out /etc/passwd. By Adrian Daminato

pop2d.fold.txt 1667 2173 Jul 15 14:30:01 2000

Pop2d any file on the system can be read remotely on a pop2 server with a valid pop account due to a bug in the fold command. By Dotslash

proftpX.c 2111 5175 Jul 1 13:51:53 2000

ProFTPD 1.2pre4 remote buffer overflow exploit. Requires a writable directory. By Wildcoyote

ralfchat12.txt 936 3050 Jul 11 21:51:13 2000

Ralf Chat 1.2, a free CGI based chat system has remote vulnerabilities. User passwords can be retrieved in plain text and the default admin password is rarely changed. By Daniel Wischnewski

razor.password.txt 623 10692 Jul 5 15:10:39 2000

Razor is a configuration management tool which has a serious flaw with the Razor password file, rz_passwd. It can be decrypted with dumprazorpasswd.c or passwd_rz.pl which are included. By Shawn Clifford

SA2000-02.ism.dll 1008 2040 Jul 25 17:28:51 2000

ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included. Homepage: http://www.isbase.com. By Isbase Security Team

snoop.servlet.txt 502 2091 Jul 20 10:56:12 2000

The Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from Apache Software Foundation reveals the full path to the webserver and OS. By Efrain Torres

SuSeLocaltmpXploit.c 1510 2920 Jul 1 14:04:12 2000

SuSe 6.1 through 6.4 local exploit - when root switches users, /tmp/ will be the $HOME. This exploit will create a suid (user) shell when root su's to a user account. By Wildcoyote

SX-20000620-1 1101 1533 Jul 6 22:10:53 2000

SecureXpert Labs Advisory [SX-20000620-1] - Denial of Service vulnerability in Microsoft Windows 2000 Telnet Server. A remote user can cause the telnet server to stop responding to requests by sending a stream of binary zeros to the telnet server. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc target.host 23 < /dev/zero". Homepage: http://www.securexpert.com.

SX-20000620-2 1414 1736 Jul 6 22:14:24 2000

SecureXpert Labs Advisory [SX-20000620-2] - Multiple services on Windows 2000 Server are vulnerable to a simple attack which allows remote network users to drive the CPU utilization to 100% in an extremely short period of time, at little cost to the attacker's machine. Homepage: http://www.securexpert.com.

SX-20000620-3 1416 1872 Jul 6 22:16:32 2000

SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT. The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%. Homepage: http://www.securexpert.com.

telsrv.txt 887 5564 Jul 17 15:47:05 2000

GAMSoft's TelSrv 1.4/1.5 contains a remote denial of service vulnerability. If supplied with a very large login name, the service will crash. By Prizm

tetrinet_dos.c 467 2890 Jul 12 14:12:44 2000

Tetrinet v0.6 for linux denial of service exploit. If a user on the local network sends an encrypted string and disconnects before the login is completed, the Tetrinet server exits with a broken pipe. Homepage: http://www.fakehalo.org. By Vade79

tomcat-3.1.path.txt 483 542 Jul 19 21:57:29 2000

Tomcat v3.1 from the Apache Software Foundation displays the full path of the web server. By ET LoWNOISE

VIGILANTE-2000003.tx..> 2122 2338 Jul 15 16:50:39 2000

Microsoft IIS v4.0 and 5.0 contain a remote denial of service vulnerability if the server has been upgraded from v3.0. Issuing a malformed request for a certain file contained in /scripts/iisadmin can result in the webserver going into to an infinite loop, causing the web server to no longer accept requests. Microsoft bulletin available here. Homepage: http://www.vigilante.com. By Vigilante

VIGILANTE-2000004.tx..> 503 2446 Jul 19 13:07:58 2000

Vigilante Advisory #4 - HP Jetdirect FTP service has a remote denial of service vulnerability affecting versions 8.20 and below. A long quote command causes the printer to crash, requiring a power cycle. Homepage: http://www.vigilante.com. By Vigilante

webactive.txt 463 1660 Jul 13 10:17:13 2000

WEBactive HTTP Server 1.00 contains a remote denial of service vulnerability. By Prizm

wftpd241-11.tgz 545 1686 Jul 24 16:43:12 2000

WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each. Homepage: http://bluepanda.box.sk. By Blue Panda

wftpd241.txt 1148 1801 Jul 11 14:30:12 2000

WFTPD and WFTPD Pro 2.41 RC10 are vulnerable to a dos attack which requires a valid account. An out of sequence RNTO command will cause WFTPD to crash. Perl exploit included. Homepage: http://bluepanda.box.sk. By Blue Panda

winamp.m3u.txt 1285 2389 Jul 27 13:59:09 2000

Winamp contains a buffer overflow in its M3U playlist parser. It is possible to execute arbitrary code on a remote computer via a malicious playlist. Proof of concept playlist included. By Pauli Ojanpera

wn-ex.c 426 7238 Jul 21 10:46:52 2000

Remote buffer overflow exploit for the wn webserver for linux version v2.0.9 and below. Homepage: http://www.ccc.de. By Dvorak

wu-ftpd-v2.4.4.c 909 2206 Jul 21 11:51:15 2000

Wu-ftpd v2.4(4) remote root exploit. Exploits the SITE EXEC buffer overflow. By Pascal Bouchareine

wu-ftpd26.c 2007 7882 Jul 17 16:34:58 2000

Remote root exploit for Wu-ftpd 2.6.0 from the ports collection running on FreeBSD v3.3, 3.4 and 4.0. Homepage: http://www.hack.co.za. By Glitch

wuftpd-god.c 5769 20305 Jul 8 21:35:24 2000

Fixed version of the wu-ftpd 2.6.0 exploit. Now gets the return address correct much more often. By god-@efnet

Xnapster.c 3364 3240 Jul 1 13:58:14 2000

Gnapster 1.3.8 and Knapster 0.9 remote view file exploit. By Wildcoyote

xpbitchx.c 584 1327 Jul 21 11:56:28 2000

BitchX (75p3/1.0c16) local exploit. Homepage: http://www.undersec.com. By Raise

xppnc.c 570 2579 Jul 21 11:41:24 2000

PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0. Homepage: http://www.undersec.com. By Raise

Privacy Statement

Welcome to the Exploits for July, 2000 Section.
Some of these exploits are from Bugtraq and Security Bugware
		To change sort order, click on the category. Sorted By: File Name.
File Name	Downloads	File Size	Last Modified
0007-exploits.tgz	2567	137051	Aug 3 17:28:41 2000
Packet Storm new exploits for July, 2000.
7350qpop.c	2478	13372	Jul 15 16:34:29 2000
qpopper 2.53 euidl x86/linux remote exploit. Includes a procedure to abuse format strings to find the correct offset. Tested on Debian 2.1, RedHat 6.1, Slackware 7, Suse 5.2 and 6.0. Homepage: http://teso.scene.at. By Scut
alibaba.txt	1061	2124	Jul 18 15:01:06 2000
Alibaba is a http server for Windows 95/98/NT which contains buffer overflows and allow remote users to execute commands remotely. By Prizm
alienform2-xploit.pl	518	1883	Jul 24 11:59:22 2000
AlienForm2 remote cgi exploit - Spawns an xterm from target machine. Homepage: http://teleh0r.cjb.net. By Telehor
bajie.webserver.txt	920	763	Jul 31 13:56:50 2000
Bajie is a freeware HTTP daemon written in Java has vulnerabilities which allow remote users to view any file on the system, and find out the real server path. Homepage: http://www.mdma.za.net. By Wizdumb
bb-14h2.txt	1521	974	Jul 13 10:25:08 2000
Big Brother up to version 1.4H2 contains a remote vulnerability which allows remote users to create a filename with an arbitrary extension. Since the file is droped into a directory accessible via the web server, any file extension that is parsed server side can be abused and commands can be executed remotely. By Xternal
bigbrother-1.4g.txt	1725	1235	Jul 12 17:56:29 2000
Big Brother v1.4g and below contains a vulnerability which allows a remote attacker to view any file on the system. By Safety
bitchx.dos.txt	2546	3263	Jul 8 16:03:30 2000
A denial of service bug was discovered in BitchX - a nasty user can invite you to a channel with a %s in it, causing the client to coredump. This is a classic case of printf(variable) where variable contains formatting chars. Patch available here. Homepage: htp://www.bitchx.com. By Colten Edwards
bnbform-xploit.pl	521	1780	Jul 24 11:56:41 2000
bnbform.cgi v4.0 and below remote exploit - reads any file on the system. Homepage: http://teleh0r.cjb.net. By Telehor
bulkmail-xploit.pl	432	1715	Jul 24 12:00:51 2000
bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm. Homepage: http://teleh0r.cjb.net. By Telehor
bxexpl.c	607	1570	Jul 28 11:42:49 2000
BitchX-75p3 local exploit, Redhat 6.2 x86. By Flea
clickrespond-xploit...>	449	1786	Jul 24 12:19:27 2000
Click Responder v1.02 remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor
cpd.c	3100	4567	Jul 1 14:43:17 2000
CheckPoint IP firewall crashes when it detects packets coming from a different MAC with the same IP address as itself. We simply send a few spoofed UDP packets to it. By Antipent
cvs-1.10.8.txt	816	4259	Jul 28 12:25:55 2000
CVS v1.10.8 allows users to execute any binary on the server using CVS/Checkin.prog or CVS/Update.prog. By Tanaka Akira
d-link.di-701.txt	889	919	Jul 28 11:35:16 2000
The D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password. By Brant Hale
DST2K0019.txt	1115	3284	Jul 5 15:21:26 2000
Delphis Consulting Plc Security Team Advisory DST2K0019 - WebBBS v1.17 for Windows NT contains multiple buffer overflows, some of which allow remote code execution. Homepage: http://www.delphisplc.com/thinking/whitepapers/. By Delphis Security Team
dune_poc.c	456	3815	Jul 20 10:53:18 2000
The Dune Webserver v0.6.7 has remotely exploitable buffer overflows. This code is a proof of concept exploit for linux/x86. Homepage: http://www.fakehalo.org. By Vade79
excel2000-exec.txt	1804	2344	Jul 13 10:20:40 2000
Excel 2000 serious vulnerability - Excel 2000/Windows 98 (other versions too) allows executing programs when opening an Excel Workbook (.xls file). This may be also be exploited thru IE or Outlook. This can easily lead to taking full control over user's computer. Demonstration available here. Homepage: http://www.nat.bg/~joro. By Georgi Guninski
fawx2.c	1917	7262	Jul 24 16:34:35 2000
fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000. Homepage: http://www.slacknet.org. By Heeb
formmail-xploit.pl	565	1915	Jul 24 12:25:00 2000
Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer. Homepage: http://teleh0r.cjb.net. By Telehor
FS-071000-5-JWS	854	5756	Jul 12 18:02:22 2000
The Sun Java Web Server for Solaris and Windows NT allows a remote attacker to execute arbitrary commands on the target system. Proof of concept included. Homepage: http://www.foundstone.com. By Saumil Shah
FS-072500-7-ANA.txt	629	4337	Jul 25 16:01:40 2000
Foundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples. Homepage: http://www.foundstone.com. By Robin Keir
FS-072600-8-ANA.txt	672	4165	Jul 26 17:44:30 2000
Foundstone Security Advisory - AnalogX SimpleServer:WWW v1.06 and below is vulnerable to a "relative directory path" attack that allows a remote user to retrieve any known file one the the server. Homepage: http://www.foundstone.com. By Robin Keir
FS-072800-9-BEA.txt	951	6121	Jul 30 02:48:31 2000
Foundstone Security Advisory - Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing an attacker to view the source code of any file within the web document root of the web server. Depending on web application and directory structure attacker can access and view unauthorized files. Proof of concept URL's included. Homepage: http://www.foundstone.com. By Saumil Shah
imeshexp.zip	1734	15785	Jul 3 20:41:15 2000
iMesh V1.02 Beta build 117 remote exploit for Windows 98. Exploits a buffer overflow to download a file from a given URL and execute it on the remote host. Includes windows binary and C source. Homepage: http://www.mxeleet.org. By Hitek
Infosec.20000712.wor..>	1648	2508	Jul 12 18:07:02 2000
Infosec Security Vulnerability Report - The web server for remote access to e-mail in WorldClient 2.1 for Windows NT is vulnerable for root dot dot. It is possible to read any file if the full path is known. By Christer Staffer
JRUNremoteXploit.tgz	1231	2560	Jul 1 13:45:44 2000
JRun 2.3 remote buffer overflow exploit. Runs a shell on the port where the JRun webserver daemon is running. By Wildcoyote
mw-exp.c	1234	1530	Jul 15 15:10:20 2000
makewhatis local dos exploit - overwrites /etc/passwd as soon as makewhatis runs, usually from cron. By Grazer1
ncsa1-3.c	1328	1004	Jul 31 14:25:09 2000
NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0. Homepage: http://www.r00tabega.com. By Xtremist
netscape.ad.00-07	1794	3324	Jul 12 18:28:26 2000
Security Advisory ( netscape.ad.00-07 ) - Netscape Administration Server Password Disclosure. Netscape SuiteSpot running on Netscape webservers has a password file which in the default configuration is readable by remote users. All platforms are affected. By F0bic
netscape.jpg-marker...>	823	10594	Jul 25 11:58:20 2000
Netscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms. Homepage: http://www.openwall.com/advisories. By Solar Designer
netware50-sp5.dos.tx..>	1071	1123	Jul 12 22:37:24 2000
NetWare 5.0 with SP 5 has a remote denial of service vulnerability. By sending random data to tcp port 40193, a buffer is overflowed and the server issues a memory allocation error and eventually crashes. By Dimuthu Parussalla
outlook.advisory.txt	848	3673	Jul 19 10:47:28 2000
Microsoft Outlook Advisory and Remote Exploit - A bug in a shared component of Microsoft Outlook and Outlook Express mail clients can allow a remote user to write arbitrary data to the stack. This bug has been found to exist in all versions of MS Outlook and Outlook Express on both Windows 95/98 and Windows NT 4. Includes in depth discussion and proof-of-point exploit that, when placed in the header field of a message or MIME attached message, will download and execute an executable from the web. By Aaron Drew
OW-002-netscape-jpeg..>	528	6471	Jul 25 12:17:10 2000
Netscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape. Homepage: http://www.openwall.com/advisories. By Solar Designer
pasvagg.pl	568	5679	Jul 24 12:47:23 2000
Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups. Homepage: http://www.digitaloffense.net. By H.D. Moore
poll_it.txt	1822	1028	Jul 13 10:07:31 2000
Pollit, a cgi application, has a vulnerability which allows remote users to read any file on the system. A URL such as /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 will spit out /etc/passwd. By Adrian Daminato
pop2d.fold.txt	1667	2173	Jul 15 14:30:01 2000
Pop2d any file on the system can be read remotely on a pop2 server with a valid pop account due to a bug in the fold command. By Dotslash
proftpX.c	2111	5175	Jul 1 13:51:53 2000
ProFTPD 1.2pre4 remote buffer overflow exploit. Requires a writable directory. By Wildcoyote
ralfchat12.txt	936	3050	Jul 11 21:51:13 2000
Ralf Chat 1.2, a free CGI based chat system has remote vulnerabilities. User passwords can be retrieved in plain text and the default admin password is rarely changed. By Daniel Wischnewski
razor.password.txt	623	10692	Jul 5 15:10:39 2000
Razor is a configuration management tool which has a serious flaw with the Razor password file, rz_passwd. It can be decrypted with dumprazorpasswd.c or passwd_rz.pl which are included. By Shawn Clifford
SA2000-02.ism.dll	1008	2040	Jul 25 17:28:51 2000
ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included. Homepage: http://www.isbase.com. By Isbase Security Team
snoop.servlet.txt	502	2091	Jul 20 10:56:12 2000
The Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from Apache Software Foundation reveals the full path to the webserver and OS. By Efrain Torres
SuSeLocaltmpXploit.c	1510	2920	Jul 1 14:04:12 2000
SuSe 6.1 through 6.4 local exploit - when root switches users, /tmp/ will be the $HOME. This exploit will create a suid (user) shell when root su's to a user account. By Wildcoyote
SX-20000620-1	1101	1533	Jul 6 22:10:53 2000
SecureXpert Labs Advisory [SX-20000620-1] - Denial of Service vulnerability in Microsoft Windows 2000 Telnet Server. A remote user can cause the telnet server to stop responding to requests by sending a stream of binary zeros to the telnet server. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc target.host 23 < /dev/zero". Homepage: http://www.securexpert.com.
SX-20000620-2	1414	1736	Jul 6 22:14:24 2000
SecureXpert Labs Advisory [SX-20000620-2] - Multiple services on Windows 2000 Server are vulnerable to a simple attack which allows remote network users to drive the CPU utilization to 100% in an extremely short period of time, at little cost to the attacker's machine. Homepage: http://www.securexpert.com.
SX-20000620-3	1416	1872	Jul 6 22:16:32 2000
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT. The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%. Homepage: http://www.securexpert.com.
telsrv.txt	887	5564	Jul 17 15:47:05 2000
GAMSoft's TelSrv 1.4/1.5 contains a remote denial of service vulnerability. If supplied with a very large login name, the service will crash. By Prizm
tetrinet_dos.c	467	2890	Jul 12 14:12:44 2000
Tetrinet v0.6 for linux denial of service exploit. If a user on the local network sends an encrypted string and disconnects before the login is completed, the Tetrinet server exits with a broken pipe. Homepage: http://www.fakehalo.org. By Vade79
tomcat-3.1.path.txt	483	542	Jul 19 21:57:29 2000
Tomcat v3.1 from the Apache Software Foundation displays the full path of the web server. By ET LoWNOISE
VIGILANTE-2000003.tx..>	2122	2338	Jul 15 16:50:39 2000
Microsoft IIS v4.0 and 5.0 contain a remote denial of service vulnerability if the server has been upgraded from v3.0. Issuing a malformed request for a certain file contained in /scripts/iisadmin can result in the webserver going into to an infinite loop, causing the web server to no longer accept requests. Microsoft bulletin available here. Homepage: http://www.vigilante.com. By Vigilante
VIGILANTE-2000004.tx..>	503	2446	Jul 19 13:07:58 2000
Vigilante Advisory #4 - HP Jetdirect FTP service has a remote denial of service vulnerability affecting versions 8.20 and below. A long quote command causes the printer to crash, requiring a power cycle. Homepage: http://www.vigilante.com. By Vigilante
webactive.txt	463	1660	Jul 13 10:17:13 2000
WEBactive HTTP Server 1.00 contains a remote denial of service vulnerability. By Prizm
wftpd241-11.tgz	545	1686	Jul 24 16:43:12 2000
WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each. Homepage: http://bluepanda.box.sk. By Blue Panda
wftpd241.txt	1148	1801	Jul 11 14:30:12 2000
WFTPD and WFTPD Pro 2.41 RC10 are vulnerable to a dos attack which requires a valid account. An out of sequence RNTO command will cause WFTPD to crash. Perl exploit included. Homepage: http://bluepanda.box.sk. By Blue Panda
winamp.m3u.txt	1285	2389	Jul 27 13:59:09 2000
Winamp contains a buffer overflow in its M3U playlist parser. It is possible to execute arbitrary code on a remote computer via a malicious playlist. Proof of concept playlist included. By Pauli Ojanpera
wn-ex.c	426	7238	Jul 21 10:46:52 2000
Remote buffer overflow exploit for the wn webserver for linux version v2.0.9 and below. Homepage: http://www.ccc.de. By Dvorak
wu-ftpd-v2.4.4.c	909	2206	Jul 21 11:51:15 2000
Wu-ftpd v2.4(4) remote root exploit. Exploits the SITE EXEC buffer overflow. By Pascal Bouchareine
wu-ftpd26.c	2007	7882	Jul 17 16:34:58 2000
Remote root exploit for Wu-ftpd 2.6.0 from the ports collection running on FreeBSD v3.3, 3.4 and 4.0. Homepage: http://www.hack.co.za. By Glitch
wuftpd-god.c	5769	20305	Jul 8 21:35:24 2000
Fixed version of the wu-ftpd 2.6.0 exploit. Now gets the return address correct much more often. By god-@efnet
Xnapster.c	3364	3240	Jul 1 13:58:14 2000
Gnapster 1.3.8 and Knapster 0.9 remote view file exploit. By Wildcoyote
xpbitchx.c	584	1327	Jul 21 11:56:28 2000
BitchX (75p3/1.0c16) local exploit. Homepage: http://www.undersec.com. By Raise
xppnc.c	570	2579	Jul 21 11:41:24 2000
PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0. Homepage: http://www.undersec.com. By Raise



Privacy Statement