.: Exploits for April, 2001 | ||||
Some of these exploits are from Bugtraq | ||||
To Change Sort Order, Click On A Category. | ||||
File Name | Downloads | File Size | Last Modified | MD5 Checksum |
splex.txt | 3567 | Apr 7 00:41:05 2001 | 8e91e1e4fdf37b1ed496cc2ff653f4c4 | |
Shareplex v2.x (Quest Software's product for Oracle database replication) contains a local security hole which allows users to read any file on the system. Vulnerable platforms include Solaris 2.6, HP/UX 10.20 & 11.00, AIX 3 and OSF/1 4.0. Patched in v2.1.3.21. By Echo8 | ||||
globulka.pl | 4229 | Apr 16 19:09:29 2001 | 21542904375f11b565ae7d3ffa7495eb | |
FreeBSD-4.2-Stable ftpd GLOB remote root exploit in perl. This version requires user access and writeable home dir without chroot. By Venglin | ||||
border.c | 4341 | Apr 30 17:01:17 2001 | 8695675d22aea76b6602e26ae4c3856d | |
Novell Border Manager Enterprise Edition 3.5 remote denial of service attack. Sends 256+ SYN's to TCP port 353. By Honoriak | ||||
0104-exploits.tgz | 1374021 | May 2 18:45:27 2001 | 65315bb0b6099178d43574302c335902 | |
Packet Storm new exploits for April, 2001. | ||||
Unisploit1.0.zip | 569297 | Apr 8 23:07:44 2001 | 9142a16a7f5238c306aa06d9059c6da4 | |
IIS Unicode graphical exploit for Windows. By DarkWizard&Drakaz | ||||
iexslt.txt | 3884 | Apr 20 18:08:46 2001 | 4526c231ea4ece969f1f44a5d9a5e543 | |
Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable. Homepage: http://www.guninski.com. By Georgi Guninski | ||||
xnetprint.c | 3969 | Apr 30 10:34:32 2001 | 684f4fd7980f8cd288d4c7246a74c4e0 | |
Irix Netprint local root exploit. Exploits netprint's -n option. Tested on IRIX 6.2, but should work on other versions. Homepage: http://www.realhalo.org. By Vade79 | ||||
Hexyn-sa-16.TXT | 1647 | Apr 24 17:22:47 2001 | 270d0d0f482a3c8fd89332c222d6b825 | |
Securax / Hexyn Security Advisory #16 - G6 FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to c:\ and sub directories. Homepage: http://t-omicr0n.hexyn.be. By T-Omicron | ||||
Hexyn-sa-17.txt | 1573 | Apr 24 17:23:31 2001 | 226bb3737e08888dbe5e63e5dda1af09 | |
Securax / Hexyn Security Advisory #17 - Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to any directory. Homepage: http://t-omicr0n.hexyn.be. By T-Omicron | ||||
hfaxd-fs-exploit.pl | 2835 | Apr 25 11:30:48 2001 | 58b40d4fd0e65019435163abc426cf3b | |
Hylafax (/usr/libexec/fax/hfaxd) format string local root exploit. Tested on hylafax-4.0pl2-2. Homepage: http://teleh0r.cjb.net. By Telehor | ||||
fbsdftp-ex.c | 6624 | Apr 16 18:19:54 2001 | 14c7eb1d7690679bec2bcaf582cce1af | |
FreeBSD v4.2 ftpd remote root exploit. Uses a GLOB vulnerability. Requires an account on the machine. Compiles on FreeBSD, Linux, and Solaris. Includes information on finding offsets. Homepage: http://ns2.crw.se/~tm. By Noah | ||||
cerberus.ftp.txt | 2110 | Apr 30 15:05:22 2001 | 9ef96dcb8278ccd0ef665ec60ee9307d | |
Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server. By Andris K | ||||
ccc_harvest.txt | 2808 | Apr 7 00:04:48 2001 | 7ea8c1da59f6808cfa1abe83419c11ac | |
CCC Harvest v5.0, a tool to audit and maintain access control to source code, uses an encryption method which is susceptible to a chosen plaintext attack, allowing users to capture and decrypt the application admin password. By Richard Scott | ||||
imap-lsub.pl | 1139 | Apr 12 18:05:29 2001 | 6dfd90d7fccc7ed1bb95d9c18cfcdb67 | |
Remote imapd exploit for Red Hat 6.2 (Zoot) written in perl. Tested against IMAP4rev1 v12.264. Homepage: http://w3.swi.hu/zucco/. By Zucco | ||||
Hexyn-sa-18.txt | 1542 | Apr 24 17:24:15 2001 | 6f9c9d6f54652ba826358cf13d935982 | |
Securax / Hexyn Security Advisory #18 - Savant WWW Server is an HTTP server for Windows 9x/NT. A bug allows any user to change to any directory, and in most cases, execute MS-DOS commands. Homepage: http://t-omicr0n.hexyn.be. By T-Omicron | ||||
vim_exp.pl | 1127 | Apr 8 21:55:55 2001 | 6c239c910da655b40156601960be3d88 | |
Vim 5.7 local exploit - This perl script creates a text file which when edited in vim executes an arbitrary file on the local system as the user running vim. By Nemes||y | ||||
kmailbug.c | 4198 | Apr 8 23:27:39 2001 | 4fcfc83674bbb95dada05b491a1117cb | |
Remote buffer overflow exploit for Kmail, a mail client for KDE. Tested against kmail v1.0.29 and v1.0.20. By Crashkiller | ||||
Unisploit2.1.zip | 672355 | Apr 24 18:04:36 2001 | 4ca0e18dabb297eb8a393895fadd22ce | |
IIS Unicode graphical exploit for Windows. This is an updated version of Unisploit1.0-FireLust which has more cool stuff. By DarkWizard&Drakaz | ||||
Hexyn-sa-19.txt | 3891 | Apr 24 17:25:34 2001 | 4be170b50c9398765369f520a2c6f949 | |
Securax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit. Homepage: http://t-omicr0n.hexyn.be. By T-Omicron | ||||
fancylogin.c | 2314 | Apr 17 09:21:04 2001 | 3c29e9932f23dde8a2b48ea4fecacfe4 | |
Fancylogin 0.99.7 buffer overflow exploit. Fancylogin is usually not +s so this exploit isn't that dangerous. Tested on debian potato and kernel 2.2.18 and 2.2.19. By Ghost | ||||
ssh_dos.pl | 1180 | Apr 7 00:44:35 2001 | 1ec017d8169dcc2a2e97182f0e3dbf6f | |
Windows SSHD remote denial of service exploit - Written in perl, affects SSH Communications Security SSH 2.4 for Microsoft Windows 95,98,NT4,2000. By Nemes||y | ||||
ftp.server.025.txt | 4634 | Apr 27 14:06:19 2001 | c4ecb3963a8feb4c516a70dac3768fed | |
A bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system. By Andris K | ||||
crazywwwb-exploit.pl | 2573 | Apr 10 13:15:25 2001 | e6a7ed159294f3b434167387d0ac28b1 | |
Remote buffer overflow exploit for CrazyWWWBoard which executes arbitrary code with the privileges of the webserver. Tested against CrazyWWWBoard2000p4 for RedHat 6.0 and CrazyWWWBoard2000LEp5 for RedHat 6.1. This is NOT that same overflow as discovered by Jin Ho You, 01.30.2001. Homepage: http://teleh0r.cjb.net. By Telehor | ||||
clsidext.txt | 1911 | Apr 16 18:50:57 2001 | b09db7120def52b6ad9852216e070876 | |
Georgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here. Homepage: http://www.guninski.com. By Georgi Guninski | ||||
01-2001.txt | 15168 | Apr 16 20:36:24 2001 | dc606a55a73d02a1ef5404918f11a2bd | |
Security flaw in Linux 2.4 IPTables using FTP PORT - If an attacker can establish an FTP connection passing through a Linux 2.4.x IPTables firewall with the state options allowing "related" connections (almost 100% do), he can insert entries into the firewall's RELATED ruleset table allowing the FTP Server to connect to any host and port protected by the firewalls rules, including the firewall itself. Advisory available here. By Cristiano Lincoln Mattos | ||||
7350cfingerd-0.0.4.t..> | 19713 | Apr 23 18:35:18 2001 | b2014e7d2b6d5162f60557bb2a339a89 | |
Cfingerd prior to v1.4.2 remote root format string exploit. Includes information on finding offsets. Tested against Debian cfingerd v1.3.2, 1.4.0, 1.4.1, and RedHat 7.0 cfingerd 1.3.2. Homepage: https://www.team-teso.net. By Scut | ||||
man-exp.c | 1349 | Apr 16 17:48:34 2001 | a2c80424b46d2271f368728ff7b17215 | |
Man -l format string local exploit for Linux. Homepage: http://segfault.net. By Andi | ||||
openbsd.glob.c | 7252 | Apr 16 18:59:45 2001 | 0ceb3de432d5884f607492fb8e4209ec | |
OpenBSD 2.x remote root GLOB exploit w/ chroot break. It is possible to exploit an anonymous ftp without write permission under certain circumstances. This is most likely to succeed if there is a single directory somewhere with more than 16 characters in its name. With write permissions, one could easily create such a directory. Homepage: http://www.codefactory.se. By Tomas Kindahl | ||||
perlcal.txt | 1340 | Apr 30 12:10:09 2001 | cafeef1792da9c0feaa60892b0c79d59 | |
The Unix versions of the PerlCal CGI script have vulnerabilities which allow website visitors to view any file on the webserver. Exploit URL included. Homepage: http://www.whizkunde.org. By ThePike | ||||
Hexyn-sa-15.txt | 3177 | Apr 24 17:09:05 2001 | e39077c2d702f737ef80f3d3cfd316ef | |
Securax / Hexyn Security Advisory #15 - G6 FTP Server is a popular FTP server for Windows 9x/NT. A bug allows any user to change to the directory G6 was installed in. Due to good programming, the only way to exploit this bug is by viewing the full installation path. Downloading the user-file (Users.ini) is impossible. Homepage: http://t-omicr0n.hexyn.be. By T-Omicron | ||||
ISA.dos.txt | 3910 | Apr 16 19:05:34 2001 | fb36faae5492250e8401702bb8fed294 | |
Denial of Service in Microsoft ISA server v1.0 - Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted. Exploit URL's included. Homepage: http://www.securexpert.com. | ||||
talkback.txt | 1565 | Apr 9 19:12:02 2001 | f31b56c28fea99b943dffb44c10f3075 | |
Talkback.cgi allows remote users to view any file on the webserver. Exploit URL included. It is also possible to display the admin password. Fix available here. Homepage: http://www.whizkunde.org. By ThePike | ||||
unidebug.zip | 12278 | Apr 20 18:35:16 2001 | fc5d34b1372e206b79934199f9a5a707 | |
Unidebug is another exploit for the begging-to-get-patched IIS unicode bug. Takes advantage of the DOS/Win debug.exe to create binary files on the remote site. By Shrikant Raman | ||||
Malevolence.sit | 42912 | Apr 6 23:16:30 2001 | a9c4effc9ef6f59db26882c6026999ce | |
Malevolence is a exploit that allows users to view a unshadowed version of the /etc/password file on a Mac OS X computer. Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called "index.html" in the same directory as Malevolence. Then just open up the web browser of your choosing and view the index.html file that Malevolence created. Homepage: http://www.msec.net. By Marukka Der Inhaber | ||||
xlock.txt | 1045 | Apr 19 14:51:35 2001 | f33096b4c3b72a8ca3e83beb11d3f1e5 | |
Removing the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password. By Marco van Berkum | ||||
TalkBackcgi-exp.pl | 1461 | Apr 23 18:43:56 2001 | c1d3da4612b5f821a80c9c8926ac7f7a | |
TalkBack.cgi directory traversal remote exploit. By Nemes||y | ||||
Privacy Statement | ||||