Section: .. / 0010-exploits /
|
Some of these exploits are from Bugtraq
|
| /// File Name: |
0010-exploits.tgz |
Description:
|
Packet Storm new exploits for October, 2000.
| | File Size: | 218360 | | Last Modified: | Nov 2 10:22:03 2000 |
| MD5 Checksum: | b4e053bd12458db048f698092bb76d9d |
|
| /// File Name: |
33_su.c |
Description:
|
Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
| | Author: | Kil3r of Lam3rz | | File Size: | 4754 | | Last Modified: | Oct 6 03:50:05 2000 |
| MD5 Checksum: | 02402c03254c5da91d6dc0b2216ce25a |
|
| /// File Name: |
7350cowboy.c |
Description:
|
7350cowboy.c is supposedly a PHP/3.0.12, 3.0.15, and 3.0.16 with apache 1.3.12 remote format string exploit for FreeBSD 3.4, Slackware Linux 4.0, and 7.0. Very similar to http://packetstormsecurity.org/0010-exploits/phploit.c.
| | File Size: | 19629 | | Last Modified: | Nov 17 15:04:24 2002 |
| MD5 Checksum: | 49cb24b3e1a3f7c0b7a27e6879c6d0a2 |
|
| /// File Name: |
A100400-1 |
Description:
|
Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
| | Author: | Mnemonix | | Homepage: | http://www.atstake.com | | File Size: | 3199 | | Last Modified: | Oct 5 03:38:29 2000 |
| MD5 Checksum: | 58071b7e5bee17ef6c7ced456689cebf |
|
| /// File Name: |
auction.weaver.txt |
Description:
|
Auction Weaver LITE 1.0 - 1.04 contains remote vulnerabilities which allow users to read any file on the filesystem, and delete arbitrary files. Fix available here.
| | Homepage: | http://coley[at]mitre.org | | File Size: | 9729 | | Last Modified: | Oct 19 02:21:41 2000 |
| MD5 Checksum: | 0faa1f42e06c1dbd596780495acf70f4 |
|
| /// File Name: |
bindview.lpc.txt |
Description:
|
BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
| | Author: | Todd Sabin | | Homepage: | http://razor.bindview.com | | File Size: | 13765 | | Last Modified: | Oct 5 00:26:47 2000 |
| MD5 Checksum: | 96b9f202345b5e62a8cbdbc525678bd5 |
|
| /// File Name: |
boa.server.txt |
Description:
|
The BOA webserver version 0.94.8.2 and below contains a vulnerability which allows remote users to read any file on the system. Exploit URL included. Fix available here.
| | Author: | Lluis Mora | | Homepage: | http://www.s21sec.com | | File Size: | 3122 | | Last Modified: | Oct 10 02:57:35 2000 |
| MD5 Checksum: | c26b8c2acc3599bbbffcc527d8d56761 |
|
| /// File Name: |
bsd_chpass.c |
Description:
|
/usr/bin/chpass local EDITOR variable format string exploit for *BSD. Tested on OpenBSD, FreeBSD, and NetBSD.
| | Author: | Caddis | | Homepage: | http://www.team-teso.net | | File Size: | 3461 | | Last Modified: | Oct 3 23:21:05 2000 |
| MD5 Checksum: | c025c1bda4dc505ca81d54f066088915 |
|
| /// File Name: |
cached_feed.cgi.txt |
Description:
|
Cached_Feed.cgi v1.0 from moreover.com lacks input validation, allowing any file on the webserver to be read. Exploit URL included. Fix available in V2.0, available here.
| | Author: | CDI | | Homepage: | http://www.thewebmasters.net | | File Size: | 3446 | | Last Modified: | Oct 5 02:54:13 2000 |
| MD5 Checksum: | abd24454de806bbd8004eaf17b05f6fd |
|
| /// File Name: |
DST2K0036.txt |
Description:
|
Delphis Consulting Plc Security Team Advisory DST2K0036 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to modify the price of items because prices are set by a hidden form field.
| | Homepage: | http://www.delphisplc.com/thinking/whitepapers | | File Size: | 3582 | | Last Modified: | Oct 5 03:08:01 2000 |
| MD5 Checksum: | 155619749d8c95790ac47a4a26c9caa4 |
|
| /// File Name: |
DST2K0039.txt |
Description:
|
Delphis Consulting Plc Security Team Advisory DST2K0039 - WebData allows users which have an account to read any file on the webserver. Patch and exploit information included.
| | Homepage: | http://www.delphisplc.com/thinking/whitepapers | | File Size: | 4979 | | Last Modified: | Oct 5 03:11:17 2000 |
| MD5 Checksum: | 65cb5aa3930008e318573e03c7b28727 |
|
| /// File Name: |
DST2K0040.txt |
Description:
|
Delphis Consulting Plc Security Team Advisory DST2K0040 - QuotaAdvisor 4.1 by WQuinn For Windows NT allows users to list all the files contained on a file system which is on a server with QuotaAdvisor running on it.
| | Homepage: | http://www.delphisplc.com/thinking/whitepapers | | File Size: | 3002 | | Last Modified: | Oct 7 07:48:09 2000 |
| MD5 Checksum: | bddc84d06469e6b7fdd53714769f55ba |
|
| /// File Name: |
easy-adv-exploit.pl |
Description:
|
Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
| | Author: | teleh0r[at]doglover.com and anno. | | Homepage: | http://teleh0r.cjb.net | | File Size: | 1986 | | Last Modified: | Oct 4 23:33:22 2000 |
| MD5 Checksum: | 0c67e043fff6d5740cdf42aca2b9cdfe |
|
| /// File Name: |
formnow-exploit.pl |
Description:
|
FormNow CGI script v1.0 remote exploit - Takes advantage of an insecure sendmail call to bind a shell to tcp port 60179.
| | Author: | Telehor | | Homepage: | http://teleh0r.cjb.net | | File Size: | 2186 | | Last Modified: | Oct 28 22:23:39 2000 |
| MD5 Checksum: | 753caf5727561d3032689d3fb5274607 |
|
| /// File Name: |
freebsd-systat.c |
Description:
|
FreeBSD 4.X local /usr/bin/systat exploit. Gives a sgid kmem shell by exploiting the .terminfo bug in ncurses.
| | Author: | Przemysaw Frasunek | | File Size: | 2634 | | Last Modified: | Oct 11 20:42:49 2000 |
| MD5 Checksum: | 814c885a5a67051785ba29eee6076b4b |
|
| /// File Name: |
fwsa.sh |
Description:
|
Fwsa.sh is a tool to penetration test Checkpoint Firewall-1 remotely which implements the recently published holes in session authentication. It attempts to recover user passwords, execute dos attacks, and brute force the firewall managment password.
| | Homepage: | http://c3rb3r[at]hotmail.com | | File Size: | 12582 | | Last Modified: | Oct 7 07:33:37 2000 |
| MD5 Checksum: | 090d009a4a1ab2f02e4c96beffe6c77a |
|
| /// File Name: |
gdmurder.txt |
Description:
|
GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.
| | Homepage: | http://ashtar[at]dragon.hack.tc | | File Size: | 4620 | | Last Modified: | Oct 15 21:45:37 2000 |
| MD5 Checksum: | 66a92436e635f0235a94d49b88ece2d7 |
|
| /// File Name: |
godmessageIII.zip |
Description:
|
Godmessage 3 (Revision 4) is an Active X trojan which automatically uploads a binary to unpatched IE browsers by simply viewing HTML code. Tested against IE 5.0, 5.01, and 5.5 on Windows NT, 2000, and 98. WARNING: Viewing this HTML very well may break your computer if you run Windows!
| | Author: | The Pull | | File Size: | 20308 | | Last Modified: | Oct 7 05:32:32 2000 |
| MD5 Checksum: | 6a1bd333ed8f29840de315b6c794a225 |
|
| /// File Name: |
godmessageIV.zip |
Description:
|
Godmessage 4 Revision 5 is an implementation of Georgi Guninski's recent ActiveX exploit for Internet Explorer which attempts to install a trojan on any machine which views the included HTML.
| | Author: | The Pull | | Changes: | Revision 5 has all of the rest of the bug updates, plus includes an encrypted version, and denial of service versions (to force the user to reboot and shut down the server). It also includes an important hints section, and generally has been the work of the three developer's and a ton of testers. Warning: Do not view the included HTML files with an unpatched browser if you run Windows. | | File Size: | 15015 | | Last Modified: | Oct 27 10:00:42 2000 |
| MD5 Checksum: | 8e5db743f337d4d85b3f115ab59a48c5 |
|
| /// File Name: |
guninski23.txt |
Description:
|
Georgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here or here.
| | Author: | Georgi Guninski"> courtesy of Bugtraq | | Homepage: | http://www.nat.bg/~joro | | File Size: | 4458 | | Last Modified: | Oct 6 02:52:57 2000 |
| MD5 Checksum: | cd308ec05b7a2b26be70588e9af754ac |
|
| /// File Name: |
guninski24.txt |
Description:
|
Georgi Guninski security advisory #24 - IE 5.5, Outlook, and Outlook Express has a serious security vulnerability which allows remote users to read local files, arbitrary URLs, and local directory structure after viewing a web page or reading HTML message. The problem is that you are allowed to specify an arbitrary codebase for an applet loaded from <OBJECT> tag and a jar file. Demonstration exploit available here.
| | Author: | Georgi Guninski"> | | Homepage: | http://www.nat.bg/~joro | | File Size: | 2994 | | Last Modified: | Oct 19 02:07:03 2000 |
| MD5 Checksum: | 37c0ccba570189e89b7140ff3f4dcb64 |
|
| /// File Name: |
guninski26.txt |
Description:
|
Georgi Guninski security advisory #26 - Using specially designed URLs, IIS 5.0 may return user specified content to the browser. This poses great security risk, especially if the browser is JavaScript enabled and the problem is greater in IE.
| | Author: | clicking on links, just visiting hostile web pages or opening HTML email the target IIS sever may return user defined malicous active content. This is a bug in IIS 5.0, but it affects end users and is exploited with a browser. A typical exploit scenario is stealing cookies which may contain sensitive information. ;Homepage here. | | File Size: | 1991 | | Last Modified: | Oct 31 01:21:02 2000 |
| MD5 Checksum: | 99ca5d2c719f28f27cf6a01742c1c615 |
|
| /// File Name: |
half-life.txt |
Description:
|
The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.
| | Author: | Mark Cooper | | File Size: | 3161 | | Last Modified: | Oct 19 02:29:05 2000 |
| MD5 Checksum: | e1dc7dab4d9f39bd6f77d91cddb82325 |
|
| /// File Name: |
hl-advisory.asc |
Description:
|
The Half-life Dedicated Server for Linux contains remotely exploitable buffer overflow vulnerabilities. Includes remote buffer overflow exploit hl-rcon.c which has been tested against v3.1.0.x for Linux x86.
| | Author: | Condor, Csh | | Homepage: | http://www.sekure.org | | File Size: | 13943 | | Last Modified: | Oct 28 10:40:35 2000 |
| MD5 Checksum: | 4debd0504db2a01634e63b2ab921c401 |
|
| /// File Name: |
hostexp.c |
Description:
|
Older version of the host command contains a remotely exploitable buffer overflow. The host command is used to perform the AXFR request to obtain the zone transfer information, and can be caused to execute arbitrary code when connecting to a fake DNS server, a netcat process listening on port 53.
| | Author: | Antirez | | Homepage: | http://www.kyuzz.org/antirez | | File Size: | 2016 | | Last Modified: | Oct 28 12:55:51 2000 |
| MD5 Checksum: | 21f7ca8c7a3d22f7143d8b703491149e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
