Remote exploit that makes use of the BIND OPT vulnerability to create a denial of service attack.
b077d9697cf1a490bde07c32534be7b4artyfarty.c is a local root /opt/kde/bin/artswrapper exploit tested against Slakware 8.1. Artswrapper is setuid on some distributions.
5d4fe9514d8fcdb1df0501a379536b86Packet Storm new exploits for November, 2002.
983f14ce602bbef6a9a8f47f2f99a103Hlfsd local exploit tested on FreeBSD 4.6-STABLE and 4.7-RELEASE. Hlfsd is not SUID by default.
9785bb5cee9d785c0e97d286f37f68f6WSMP3 Remote root exploit for Linux which spawns a shell on tcp port 36864.
d511e3b41688c8eb1d3e2e07d7e128d4Pfinger v0.7.8 and below local root exploit. Tested on Red Hat 7.2 - 8.0, Debian 3.0, Slackware 8.0, FreeBSD-4.6 and OpenBSD-3.1.
b0bba19c112e81b8775fde89fcc0dc1aNanog traceroute v6.0 to 6.1.1 local root stack overflow exploit. Tested on SuSE 7.1, 7.2, 7.3 & 8.0, and should work on 7.0 and 6.x.
fd1b29e427bd7740cdb7f11217170d38Linux exploit for versions of sudo 1.6.3p7 and below. Takes advantage of the Sudo prompt overflow in v1.5.7 to 1.6.5p2. Detailed exploitation instructions included.
42847df931b3d90cce4fe4c5bac5f3ceCalisto Internet Talker Version 0.04 Remote Denial of Service exploit.
09acae77211b07f74c3142a55a4e2facZeroo HTTPd server remote command execution exploit. Based on advisory by InetCop.
85ea5cabd6e20390b1eb75c32ad83e69Mdaemon v6.0.7 and below remote denial of service exploit which takes advantage of the UIDL bug. Exploit code tested to run on Redhat8 and FreeBSD 4.7-STABLE. Requires POP3 account on vulnerable daemon.
826436855e62f7b3eb25b44c814679ddMSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53. Windows binary, C++ source code here.
0c44bf698947b98ba405d11f6ce7a339MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53.
84ce83fb7a4607df03a928124093ee3a/usr/sbin/grpck proof of concept local exploit. Not setuid by default. Tested on SuSE, Red Hat, Debian, and Mandrake.
4d8850d74917747f5a571735c247166bThe Oracle iSQL*Plus 91 R1 and R2 web based application has an authentication buffer overflow on all OS's in the User ID parameter which allows remote attackers to execute arbitrary code as the oracle user on Unix and SYSTEM on Windows. Patch available here.
327019a2b3830dce9355dbcfa12783eaTftpd TFTP server v2.50.2 and below remote exploit which allows any file on the system to be viewed and written to arbitrary locations. Fix available here.
18d1597e67623da2b320a5e61658f4b9Tftpd TFTP server v2.21 and below remote command execution exploit in perl. Fix available here.
bfdcaf6fee00de1a6085cff776e6672diPlanet Remote root exploit tested on v4.x up to SP11. Advisory for this bug here.
bfe033f7f720ac34128ceaca8fea4652Local root exploit for cifslogin on HP-UX 11.11 and below.
a5c4c35b2cef9d42a894f614dadc63f7Windows with Delphi interface denial of service exploit for Savant HTTP Server 3.0 and below. This exploit utilizes four methods, all from old known vulnerabilities, to crash the daemon.
643974eee11381fa51bda2e554138e47A vulnerability in the LiteServe combination server for Win32 exists in that the handling of filenames on Win32 platforms may reveal the code of a desired CGI script to an attacker. Windows handles file names with the period character (0x2E) on the end as if the character had been removed. LiteServe fails to compensate for this behavior, and is vulnerable to a simple CGI disclosure attack.
b7fabdfdb7bb9206e4b61e9d0855447eCross Site Scripting vulnerabilities exist in the e-mail web services of hotmail.com, yahoo.com, and excite.com. These problems allow for cookie capturing of unsuspecting victims who may easily give up their cookies via clicking on a link in an e-mail or elsewhere and with the link actually pointing to the legitimate site.
6c8859dbe61b1953b195e03088b63841Remote exploit for rsync version 2.5.1 and below run on Linux. This exploit makes use of a simple frame pointer overflow.
8338e72e4ebeaded8b24ff73a92fee78Another exploit for ipppd, the daemon that is part of the isdn4linux-utils package and is part of the default install for many linux distributions. Tested on SuSE 7.3 and should work on SuSE 8.0. Anonymously submitted.
27f0912fe4731939f9c6c5d741f2eaa1INetCop Security Advisory #2002-0x82-004 - Various buffer overflow vulnerabilities exist in Zeroo HTTP Server v1.5. Remote linux exploit included to gain root privileges.
a842ba1e9a7b5841befe87a3c82fda22
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed