| File Name |
File Size |
Last Modified |
MD5 Checksum |
| 0103-exploits.tgz | 50558 | Apr 10 2001 13:51:24 | dc41d0896e54183fb228e0b24db8af30 |
| Packet Storm new exploits for March, 2001. |
| iemsdaipp.txt | 5547 | Mar 29 2001 17:55:48 | 85beec7e8445644e67cb4fa185ca6a0c |
| Georgi Guninski security advisory #40 - Security bugs in interactions between IE 5.x, IIS 5.0 and Exchange 2000. If a malicious web page is browsed with IE it is possible to list the directories of arbitrary IIS 5.0 servers to which the browsing user has access. Under certain circumstances it is also possible to read the user's email or folders if it is stored on an Exchange 2000 server with web storage (it uses IIS 5.0). It is also possible to create (or probably modify) files on the Exchange 2000 server with web storage. Example exploit included. Homepage: http://www.guninski.com. By Georgi Guninski |
| ASPSeek.txt | 754 | Mar 26 2001 16:42:11 | 46cec92ad366b836aa5f1751d55f8f0b |
| ASPSeek by SWSoft allows remote users to view any file on the webserver via a /../ bug. By Tack |
| ASPSeek-exploit.pl | 2277 | Mar 26 2001 15:34:16 | 15c85aa9f9e12cb5b98990e84cd5315c |
| Remote buffer overflow exploit for ASPSeek by SWSoft. Tested against Aspseek v1.0.3 running on Red Hat 6.2. Homepage: http://teleh0r.cjb.net. By Telehor |
| manhole.c | 12548 | Mar 26 2001 14:26:37 | 8b78e5731e6124a250d964d2c2e26d0d |
| Manhole.c is a local exploit for man. Bypasses non-executable stack patches. Tested against Slackware 7.1, Debian 2.2, SuSE Linux 6.3, 6.4, and 7.0. By Fish Stiqz |
| vv5.pl | 1390 | Mar 19 2001 00:46:15 | a2cab69356c0b04e87dc3307f26a0c1c |
| IIS 5.0 / Windows 200 WebDAV remote denial of service exploit - Sends a specially crafted request, as described in MS01-016. Homepage: http://www.guninski.com. By Georgi Guninski |
| n82x.c | 16706 | Mar 19 2001 00:39:54 | 572799a470381b834d7cc0e07e523894 |
| Named v8.2.x remote root exploit - Uses the tsig bug. Only includes linux shellcode. By Lucysoft, Ix |
| glob-abuse.c | 2552 | Mar 19 2001 00:33:17 | df4760b5d6daa9e70c4e505232f87908 |
| This code exploits a bug in the glob() function used in some ftpd's (like proftpd, netbsd ftpd, iis ftpd). It sends a 'ls' command for which will take up about 100% of a systems memory, creating a very effective dos. By R00T-dude |
| ftpsed.pl | 1260 | Mar 19 2001 00:22:21 | cf4a3464c6ceaaa5e194728e22f67628 |
| ftpsed.pl is a perl script which exploits a denial of service vulnerability in Proftpd v1.2 and below. Requires a username and password. Homepage: http://www.dutchriot.com. By Speedy |
| joe28.c | 3888 | Mar 19 2001 00:17:32 | 530287f848a25dff1eb7741d70ba2035 |
| Joe 2.8 local exploit - Requires sysadmin intervention. Tested on FreeBSD 4.2-Release. By Fides |
| suq_diq.zip | 16841 | Mar 15 2001 17:57:32 | b23af7e5a65ee8fcd01f9846db2e10a6 |
| Suq Diq v1.00 is a remote exploit for IBM Net.Commerce, WebSphere and possibly other IBM and Lotus applications as well. These products use Tripple DES with a fixed key by default, allowing remote users to gain the usernames and plaintext passwords of all Net.Commerce accounts. Exploit URL's included. By Xor37h and Darkman |
| openssh-2.2.0-exp.tg..> | 2968 | Mar 15 2001 17:32:47 | a975d944823b58f0e067a2c6cca0ae53 |
| OpenSSH-2.2.0 remote exploit - Includes a wrapper to brute force the offset. By Nemes||y |
| ascdcx.c | 2558 | Mar 15 2001 16:02:33 | 9e219e72bf260f2bb0957bf175ab7dc1 |
| Local exploit for /usr/X11R6/bin/ascdc v0.3-2-i386 which overflows the -c switch. Homepage: http://bse.die.ms. By The Itch |
| ssh-brute.sh | 776 | Mar 8 2001 18:38:30 | 986fe09b26708b20752e93a261f6b8b9 |
| Ssh-brute.sh brute force guesses root's password without being logged. See CLABS200101 for more information. Homepage: http://jose@crimelabs.net. |
| imapd_lsub.c | 1464 | Mar 4 2001 13:18:00 | 2943c1787b72ce3bf2bfe737ce29b72e |
| Imapd v12.264 remote exploit for Red Hat - Exploits an overflow in the LSUB command, which requires an account. Tested on Red Hat 5.1, 5.2, 6.0, 6.1, and 6.2 with IMAP4rev1 v10.223, v11.241, v12.250, and v12.264. Homepage: http://www.zone.ee/unix. By Narrow |
| sfgate-info.txt | 1188 | Mar 3 2001 00:14:43 | f9ed84c3893940a2fda06ebdbbea9de5 |
| SFGate v5.1 p11 gives sensitive information by allowing one to view a few lines of text from a file via an error message. Exploit URL included. By Krfinisterre |
| rdC270201.adv.en | 2346 | Mar 3 2001 00:10:36 | 678f89d8935aa6ca1cad7f09eab50496 |
| PHP-Nuke v4.4.1a contains remote vulnerabilities because arbitrary information can be passed to MySQL via the saveuser() function and several others. It's possible for the attacker to change the e-mail address of one of the users and ask for the password to be sent to the e-mail address that the attacker have provided. Exploit URL included. Homepage: http://www.rdcrew.com.ar. By Venomous |
| elvwreck.c | 1693 | Mar 1 2001 17:07:21 | 4ca21b5b596030f13a6882a0b80a67f3 |
| FreeBSD 3.5.1 and 4.2 ja-elvis and ko-helvis (ports packages) local root exploit. Both come with a utility called elvrec that is installed suid root by default. Homepage: http://www.synnergy.net. By Dethy |
| SA2K01.txt | 6325 | Mar 1 2001 17:04:02 | 8037a25480af2b21fdd09bcb932d4a38 |
| A quick fix against RFP2101 - PHP-Nuke v4.4 and below allows users to steal accounts via sql hacking. Homepage: http://SecurityApex.com. By Max |
