.:[ packet storm ]:.
                           
know better
know better

 Section:  .. / 0010-exploits  /

Some of these exploits are from Bugtraq

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 68
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0010-exploits.tgz
Description:
Packet Storm new exploits for October, 2000.
File Size:218360
Last Modified:Nov 2 10:22:03 2000
MD5 Checksum:b4e053bd12458db048f698092bb76d9d

 ///  File Name: 33_su.c
Description:
Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
Author:Kil3r of Lam3rz
File Size:4754
Last Modified:Oct 6 03:50:05 2000
MD5 Checksum:02402c03254c5da91d6dc0b2216ce25a

 ///  File Name: 7350cowboy.c
Description:
7350cowboy.c is supposedly a PHP/3.0.12, 3.0.15, and 3.0.16 with apache 1.3.12 remote format string exploit for FreeBSD 3.4, Slackware Linux 4.0, and 7.0. Very similar to http://packetstormsecurity.org/0010-exploits/phploit.c.
File Size:19629
Last Modified:Nov 17 15:04:24 2002
MD5 Checksum:49cb24b3e1a3f7c0b7a27e6879c6d0a2

 ///  File Name: A100400-1
Description:
Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
Author:Mnemonix
Homepage:http://www.atstake.com
File Size:3199
Last Modified:Oct 5 03:38:29 2000
MD5 Checksum:58071b7e5bee17ef6c7ced456689cebf

 ///  File Name: auction.weaver.txt
Description:
Auction Weaver LITE 1.0 - 1.04 contains remote vulnerabilities which allow users to read any file on the filesystem, and delete arbitrary files. Fix available here.
Homepage:http://coley[at]mitre.org
File Size:9729
Last Modified:Oct 19 02:21:41 2000
MD5 Checksum:0faa1f42e06c1dbd596780495acf70f4

 ///  File Name: bindview.lpc.txt
Description:
BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
Author:Todd Sabin
Homepage:http://razor.bindview.com
File Size:13765
Last Modified:Oct 5 00:26:47 2000
MD5 Checksum:96b9f202345b5e62a8cbdbc525678bd5

 ///  File Name: boa.server.txt
Description:
The BOA webserver version 0.94.8.2 and below contains a vulnerability which allows remote users to read any file on the system. Exploit URL included. Fix available here.
Author:Lluis Mora
Homepage:http://www.s21sec.com
File Size:3122
Last Modified:Oct 10 02:57:35 2000
MD5 Checksum:c26b8c2acc3599bbbffcc527d8d56761

 ///  File Name: bsd_chpass.c
Description:
/usr/bin/chpass local EDITOR variable format string exploit for *BSD. Tested on OpenBSD, FreeBSD, and NetBSD.
Author:Caddis
Homepage:http://www.team-teso.net
File Size:3461
Last Modified:Oct 3 23:21:05 2000
MD5 Checksum:c025c1bda4dc505ca81d54f066088915

 ///  File Name: cached_feed.cgi.txt
Description:
Cached_Feed.cgi v1.0 from moreover.com lacks input validation, allowing any file on the webserver to be read. Exploit URL included. Fix available in V2.0, available here.
Author:CDI
Homepage:http://www.thewebmasters.net
File Size:3446
Last Modified:Oct 5 02:54:13 2000
MD5 Checksum:abd24454de806bbd8004eaf17b05f6fd

 ///  File Name: DST2K0036.txt
Description:
Delphis Consulting Plc Security Team Advisory DST2K0036 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to modify the price of items because prices are set by a hidden form field.
Homepage:http://www.delphisplc.com/thinking/whitepapers
File Size:3582
Last Modified:Oct 5 03:08:01 2000
MD5 Checksum:155619749d8c95790ac47a4a26c9caa4

 ///  File Name: DST2K0039.txt
Description:
Delphis Consulting Plc Security Team Advisory DST2K0039 - WebData allows users which have an account to read any file on the webserver. Patch and exploit information included.
Homepage:http://www.delphisplc.com/thinking/whitepapers
File Size:4979
Last Modified:Oct 5 03:11:17 2000
MD5 Checksum:65cb5aa3930008e318573e03c7b28727

 ///  File Name: DST2K0040.txt
Description:
Delphis Consulting Plc Security Team Advisory DST2K0040 - QuotaAdvisor 4.1 by WQuinn For Windows NT allows users to list all the files contained on a file system which is on a server with QuotaAdvisor running on it.
Homepage:http://www.delphisplc.com/thinking/whitepapers
File Size:3002
Last Modified:Oct 7 07:48:09 2000
MD5 Checksum:bddc84d06469e6b7fdd53714769f55ba

 ///  File Name: easy-adv-exploit.pl
Description:
Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
Author:teleh0r[at]doglover.com and anno.
Homepage:http://teleh0r.cjb.net
File Size:1986
Last Modified:Oct 4 23:33:22 2000
MD5 Checksum:0c67e043fff6d5740cdf42aca2b9cdfe

 ///  File Name: formnow-exploit.pl
Description:
FormNow CGI script v1.0 remote exploit - Takes advantage of an insecure sendmail call to bind a shell to tcp port 60179.
Author:Telehor
Homepage:http://teleh0r.cjb.net
File Size:2186
Last Modified:Oct 28 22:23:39 2000
MD5 Checksum:753caf5727561d3032689d3fb5274607

 ///  File Name: freebsd-systat.c
Description:
FreeBSD 4.X local /usr/bin/systat exploit. Gives a sgid kmem shell by exploiting the .terminfo bug in ncurses.
Author:Przemysaw Frasunek
File Size:2634
Last Modified:Oct 11 20:42:49 2000
MD5 Checksum:814c885a5a67051785ba29eee6076b4b

 ///  File Name: fwsa.sh
Description:
Fwsa.sh is a tool to penetration test Checkpoint Firewall-1 remotely which implements the recently published holes in session authentication. It attempts to recover user passwords, execute dos attacks, and brute force the firewall managment password.
Homepage:http://c3rb3r[at]hotmail.com
File Size:12582
Last Modified:Oct 7 07:33:37 2000
MD5 Checksum:090d009a4a1ab2f02e4c96beffe6c77a

 ///  File Name: gdmurder.txt
Description:
GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.
Homepage:http://ashtar[at]dragon.hack.tc
File Size:4620
Last Modified:Oct 15 21:45:37 2000
MD5 Checksum:66a92436e635f0235a94d49b88ece2d7

 ///  File Name: godmessageIII.zip
Description:
Godmessage 3 (Revision 4) is an Active X trojan which automatically uploads a binary to unpatched IE browsers by simply viewing HTML code. Tested against IE 5.0, 5.01, and 5.5 on Windows NT, 2000, and 98. WARNING: Viewing this HTML very well may break your computer if you run Windows!
Author:The Pull
File Size:20308
Last Modified:Oct 7 05:32:32 2000
MD5 Checksum:6a1bd333ed8f29840de315b6c794a225

 ///  File Name: godmessageIV.zip
Description:
Godmessage 4 Revision 5 is an implementation of Georgi Guninski's recent ActiveX exploit for Internet Explorer which attempts to install a trojan on any machine which views the included HTML.
Author:The Pull
Changes:Revision 5 has all of the rest of the bug updates, plus includes an encrypted version, and denial of service versions (to force the user to reboot and shut down the server). It also includes an important hints section, and generally has been the work of the three developer's and a ton of testers. Warning: Do not view the included HTML files with an unpatched browser if you run Windows.
File Size:15015
Last Modified:Oct 27 10:00:42 2000
MD5 Checksum:8e5db743f337d4d85b3f115ab59a48c5

 ///  File Name: guninski23.txt
Description:
Georgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here or here.
Author:Georgi Guninski"> courtesy of Bugtraq
Homepage:http://www.nat.bg/~joro
File Size:4458
Last Modified:Oct 6 02:52:57 2000
MD5 Checksum:cd308ec05b7a2b26be70588e9af754ac

 ///  File Name: guninski24.txt
Description:
Georgi Guninski security advisory #24 - IE 5.5, Outlook, and Outlook Express has a serious security vulnerability which allows remote users to read local files, arbitrary URLs, and local directory structure after viewing a web page or reading HTML message. The problem is that you are allowed to specify an arbitrary codebase for an applet loaded from <OBJECT> tag and a jar file. Demonstration exploit available here.
Author:Georgi Guninski">
Homepage:http://www.nat.bg/~joro
File Size:2994
Last Modified:Oct 19 02:07:03 2000
MD5 Checksum:37c0ccba570189e89b7140ff3f4dcb64

 ///  File Name: guninski26.txt
Description:
Georgi Guninski security advisory #26 - Using specially designed URLs, IIS 5.0 may return user specified content to the browser. This poses great security risk, especially if the browser is JavaScript enabled and the problem is greater in IE.
Author:clicking on links, just visiting hostile web pages or opening HTML email the target IIS sever may return user defined malicous active content. This is a bug in IIS 5.0, but it affects end users and is exploited with a browser. A typical exploit scenario is stealing cookies which may contain sensitive information. ;Homepage here.
File Size:1991
Last Modified:Oct 31 01:21:02 2000
MD5 Checksum:99ca5d2c719f28f27cf6a01742c1c615

 ///  File Name: half-life.txt
Description:
The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.
Author:Mark Cooper
File Size:3161
Last Modified:Oct 19 02:29:05 2000
MD5 Checksum:e1dc7dab4d9f39bd6f77d91cddb82325

 ///  File Name: hl-advisory.asc
Description:
The Half-life Dedicated Server for Linux contains remotely exploitable buffer overflow vulnerabilities. Includes remote buffer overflow exploit hl-rcon.c which has been tested against v3.1.0.x for Linux x86.
Author:Condor, Csh
Homepage:http://www.sekure.org
File Size:13943
Last Modified:Oct 28 10:40:35 2000
MD5 Checksum:4debd0504db2a01634e63b2ab921c401

 ///  File Name: hostexp.c
Description:
Older version of the host command contains a remotely exploitable buffer overflow. The host command is used to perform the AXFR request to obtain the zone transfer information, and can be caused to execute arbitrary code when connecting to a fake DNS server, a netcat process listening on port 53.
Author:Antirez
Homepage:http://www.kyuzz.org/antirez
File Size:2016
Last Modified:Oct 28 12:55:51 2000
MD5 Checksum:21f7ca8c7a3d22f7143d8b703491149e