Section: .. / 0405-exploits /

Page 2 of 2
<< 1 2 >> Files 25 - 46 of 46

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	linksys-dhcp-exploit.c
Description:	Remote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.
Author:	Jon Hart
Homepage:	http://spoofed.org/files/linksys-dhcp-exploit.c
File Size:	11721
Last Modified:	May 13 23:37:34 2004
MD5 Checksum:	24f9533fa0e628134039465bd5cf8dc0

/// File Name:	metaexpl.tgz
Description:	Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.
Author:	priestmaster
Homepage:	http://www.priestmaster.org/
Related File:	metamailBUGS.txt
File Size:	5295
Related CVE(s):	CAN-2004-0104, CAN-2004-0105
Last Modified:	May 27 00:55:10 2004
MD5 Checksum:	c25cca5f2ea199cb78714642d720a041

/// File Name:	monit41.pl
Description:	Remote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.
Author:	Shadowinteger
Related File:	monit.txt
File Size:	7042
Last Modified:	May 11 19:23:39 2004
MD5 Checksum:	25f80041bd01686cdfe6e4a1c1287a64

/// File Name:	paxdos.c
Description:	PaX with CONFIG_PAX_RANDMMAP for Linux 2.6 denial of service proof of concept exploit the send the kernel into an infinite loop. Originally discovered by ChrisR.
Author:	Shadowinteger
File Size:	3178
Last Modified:	May 11 06:45:27 2004
MD5 Checksum:	001c4ea7efedf19d582a2e5969a9939b

/// File Name:	phpx326.txt
Description:	PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.
Author:	JeiAr
Homepage:	http://www.gulftech.org
File Size:	5698
Last Modified:	May 7 19:03:45 2004
MD5 Checksum:	5bc64564204e7b43c40dfb249c361ca4

/// File Name:	sasserftpd.c
Description:	Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
Author:	mandragore
Related Exploit:	win_msrpc_lsass_ms04-11_Ex.c"
File Size:	8033
Related CVE(s):	CAN-2003-0533
Last Modified:	May 11 19:18:52 2004
MD5 Checksum:	be9399c6c8b87c60bab1a07bd359570a

/// File Name:	servuLIST.txt
Description:	Serv-U ftpd versions older than 5.0.0.6 suffer from a flaw where a user issuing a long parameter as a value to a LIST command can cause the server to try and read a value that is outside the memory location causing a crash.
Author:	Storm
File Size:	2455
Last Modified:	May 4 05:06:01 2004
MD5 Checksum:	e1ac518faa09770360a61a3b10698007

/// File Name:	SMCwhoops.txt
Description:	SMC broadband routers ship with remote administration enabled by default on port 1900 on the WAN side of the router. Hitting the external IP address on port 1900 and clicking Login allows a malicious attacker to gain full access to the device. Tested against model 7008ABR and 7004VBR.
Author:	user86
File Size:	2327
Last Modified:	May 4 01:24:38 2004
MD5 Checksum:	9691f91745efcee0c1abd98be7860c91

/// File Name:	sp-x11-advisory.txt
Description:	MyWeb version 3.3 is susceptible to a buffer overflow attack when a specifically crafted HTTP GET request which contains over 4096 bytes of data is sent to the server.
Author:	badpack3t
Homepage:	http://security-protocols.com/
File Size:	6691
Last Modified:	May 7 22:47:06 2004
MD5 Checksum:	513d1662430ae50e6576fa379a6de607

/// File Name:	sp-x12-advisory.txt
Description:	BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier versions are susceptible a denial of service due to a malicious crafted HTTP GET request. Sample exploit included. Tested on Windows XP SP1.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	3751
Last Modified:	May 24 08:16:30 2004
MD5 Checksum:	d70ca4fb4aa9ee3fd6e78f911a191794

/// File Name:	sp-x13-advisory.txt
Description:	Orenosv HTTP/FTP server version orenosv059f is susceptible to a remote denial of service attack when supplied with an overly long GET request.
Author:	badpack3t
Homepage:	http://www.security-protocols.com
File Size:	3443
Last Modified:	May 26 11:41:24 2004
MD5 Checksum:	b808aeba5f9878b8e97a72d00f4c1090

/// File Name:	sq-chpass-exp.c
Description:	Local root exploit for Squirrelmail's chpasswd utility. Tested on GNU/Debian with kernel 2.4.24 and on RH 9.0 shrike with kernel 2.4.20. Original bug found by Matias Neiff.
Author:	Michal Stys
Related File:	chpasswd.txt
File Size:	1721
Last Modified:	May 4 05:21:01 2004
MD5 Checksum:	0d39b4dd9b57ce7c70057d669bb68cfd

/// File Name:	squirrel142.txt
Description:	SquirrelMail, a PHP based webmail package, has multiple cross-site scripting vulnerabilities. Version 1.4.2 and earlier are affected.
Author:	Alvin Alex
File Size:	1104
Last Modified:	May 4 01:09:38 2004
MD5 Checksum:	38ea4e0bb3227b77fcb7d5585e0ce880

/// File Name:	titanDoS.txt
Description:	A security vulnerability exists in South River Technologies' Titan FTP Server. An attacker issuing a LIST command and disconnecting before the LIST command had the time to connect, will cause the program to try and access an invalid socket. This results in the FTP service crashing. Version affected: 3.01 build 163.
Author:	Storm
Homepage:	http://www.securiteam.com/windowsntfocus/5RP0215CUU.html
File Size:	2543
Last Modified:	May 7 22:29:51 2004
MD5 Checksum:	06ec27cef6424d9953fbee1c03bdbe2c

/// File Name:	waraxe-2004-SA027.txt
Description:	PHP-Nuke version 6.x through 7.2 suffer from various SQL injection and cross site scripting vulnerabilities.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	3656
Last Modified:	May 7 23:42:01 2004
MD5 Checksum:	e6e2537ec2fd1485641bcb0bfc844659

/// File Name:	waraxe-2004-SA028.txt
Description:	The Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	3767
Last Modified:	May 9 21:01:34 2004
MD5 Checksum:	d66d60d7836ef40f78ee42673d0e47b9

/// File Name:	waraxe-2004-SA031.txt
Description:	e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
Author:	Janek Vind aka waraxe
Homepage:	http://www.waraxe.us/
File Size:	6020
Last Modified:	May 30 21:54:16 2004
MD5 Checksum:	97ae0e46335f1d8621318b47bb8ed913

/// File Name:	WFBE.txt
Description:	Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.
Author:	Tom
File Size:	4452
Last Modified:	May 9 21:33:15 2004
MD5 Checksum:	fbffc04301a182cd73ebc11c1d9aa44f

/// File Name:	wgetuhoh.txt
Description:	Wget versions 1.9 and 1.9.1 are susceptible to a symlink attack during a phase where it downloads the file to a temporary filename but does not actually lock the file.
Author:	Hugo Vazquez
File Size:	2007
Last Modified:	May 18 05:49:42 2004
MD5 Checksum:	7883f0415aa5768d71876d6b6214fc75

/// File Name:	win_msrpc_lsass_ms04-11_Ex.c
Description:	Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.
Author:	houseofdabus, froggy 3s
File Size:	19983
Last Modified:	May 9 21:13:51 2004
MD5 Checksum:	e0f5a330f2b3069d91d6a22b3f60bede

/// File Name:	xxchat-socks5.c
Description:	X-Chat versions 2.0.8 through 1.8.0 remote exploit that makes use of a buffer overflow in the SOCKS-5 proxy code. Successful exploitation binds a shell to port 7979.
Author:	vade79
Related File:	msg00000.html
File Size:	9061
Last Modified:	May 4 05:10:21 2004
MD5 Checksum:	962882454041913d71efc4a5444ef886