Section: .. / 0310-exploits /
| /// File Name: |
0310-exploits.tgz |
Description:
|
Packet Storm new exploits for October, 2003.
| | File Size: | 91652 | | Last Modified: | Dec 10 03:25:00 2003 |
| MD5 Checksum: | 63cd13d549e08c661624ae5de22a9818 |
|
| /// File Name: |
asl_plz.txt |
Description:
|
Information and packet capture of Mirc v6.11 and below DCC SEND buffer overflow exploit which crashes the client.
| | Author: | Omi Da | | File Size: | 2358 | | Last Modified: | Oct 27 21:06:44 2003 |
| MD5 Checksum: | a84a0c6eae3a016419e6195491cd79b4 |
|
| /// File Name: |
byebye.pl |
Description:
|
Xchat script which uses the DCC SEND overflow to kill mIRC clients v6.11 and below.
| | Author: | Josh Medley | | Homepage: | http://www.liquidcode.org | | File Size: | 675 | | Last Modified: | Oct 30 05:10:00 2003 |
| MD5 Checksum: | 1040b28d55d687b066bab53964c3f2e5 |
|
| /// File Name: |
c-sillyPoker.c |
Description:
|
Local proof of concept exploit that makes use of the HOME environment variable related overflow in Silly Poker v0.25.5. Yields group id of games.
| | Author: | demz | | Homepage: | http://www.c-code.net | | File Size: | 2317 | | Last Modified: | Oct 1 18:26:14 2003 |
| MD5 Checksum: | 2fd90ac8f55bff836228b9a176515ae2 |
|
| /// File Name: |
cafelog.txt |
Description:
|
WordPress Cafelog is vulnerable to a number of SQL injection attacks that allow a local attacker with access to the same filesystem as the database to exploit.
| | Author: | Seth Woolley | | File Size: | 2690 | | Last Modified: | Oct 3 23:23:10 2003 |
| MD5 Checksum: | ed17f61eb59c8f6d8edcea50685c919c |
|
| /// File Name: |
conexant.txt |
Description:
|
The Conexant Access Runner DSL Console has faulty authentication capabilities that allow an attacker to login as the administrator after one failed attempt.
| | Author: | Chris Norton | | File Size: | 785 | | Last Modified: | Oct 6 22:11:01 2003 |
| MD5 Checksum: | ef90ad98b9812873986dd8461f0b578c |
|
| /// File Name: |
cpCommerce.exp.txt |
Description:
|
cpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Exploit URL included. Fix available here. Additional information available here.
| | Author: | Astharot | | Homepage: | http://www.zone-h.org | | File Size: | 1627 | | Last Modified: | Oct 30 05:01:13 2003 |
| MD5 Checksum: | fc3d68bc4d70e84ecab8477883ba365d |
|
| /// File Name: |
dcpportal.txt |
Description:
|
DCP Portal 5.5 is susceptible to multitudes of SQL injection attacks.
| | Author: | Lifo Fifo | | Homepage: | http://www.hackingzone.org/ | | File Size: | 2097 | | Last Modified: | Oct 1 18:43:32 2003 |
| MD5 Checksum: | 142855eac3a735ea182606e9af60918d |
|
| /// File Name: |
deskpro.sql.txt |
Description:
|
DeskPRO v1.1.0 and below do not adequately filter user provided data, allowing a remote attacker to insert malicious SQL statements into existing ones. Allows attackers to login to the system as an administrator without knowing the password.
| | Author: | Aviram Jenik | | Homepage: | http://www.securiteam.com/unixfocus/6R0052K8KM.html | | File Size: | 1780 | | Last Modified: | Oct 21 03:59:29 2003 |
| MD5 Checksum: | 6c7179a6ec73486ce67c6556b01c6725 |
|
| /// File Name: |
dtprintinfo.txt |
Description:
|
HPUX dtprintinfo on B.11.00 is vulnerable to a buffer overflow that can allow for privilege escalation.
| | Author: | Davide Del Vecchio | | Homepage: | http://www.alighieri.org | | File Size: | 1936 | | Last Modified: | Oct 9 07:30:52 2003 |
| MD5 Checksum: | c28c1505ec6a76bab631cb245e45fd2f |
|
| /// File Name: |
easyfile12.txt |
Description:
|
Easy File Sharing Web Server 1.2 allows for remote access to logs and options without any type of authentication.
| | Author: | nimber | | Homepage: | http://nimber.plux.ru | | File Size: | 2544 | | Last Modified: | Oct 6 23:55:30 2003 |
| MD5 Checksum: | d5619a7af590c8ed019e96a20685cd2e |
|
| /// File Name: |
EMML.txt |
Description:
|
EMML version 1.32, or EternalMart Mailing List Manager, and EMGB version 1.1, or EternalMart Guestbook, are both vulnerable to cross site scripting attacks that allow for remote PHP code execution from another site.
| | Author: | Frog Man | | Homepage: | http://www.phpsecure.info | | File Size: | 1599 | | Last Modified: | Oct 6 21:04:59 2003 |
| MD5 Checksum: | 8c1b6f25babfb7d196152e0d98026950 |
|
| /// File Name: |
FlexWATCH.txt |
Description:
|
The FlexWATCH surveillance camera server is used by many banks and "secure" places and contains remotely exploitable vulnerabilities which allow remote attackers to view camera footage, add users, remove users, change the configuration, disable camera surveillance, and more.
| | Author: | Slaizer | | File Size: | 7284 | | Last Modified: | Oct 30 06:31:17 2003 |
| MD5 Checksum: | 656d2fad064108c3fe3c98b3b6f97e4f |
|
| /// File Name: |
gaimexploit.txt |
Description:
|
Simple notes on how to exploit GAIM via the festival plugin that was written quite poorly.
| | Author: | error | | File Size: | 1689 | | Last Modified: | Oct 16 07:59:43 2003 |
| MD5 Checksum: | bf092631c2e47257ae9f6aa6be652dda |
|
| /// File Name: |
gEEk-fuck-khaled.c |
Description:
|
mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.
| | Author: | Blasty | | Homepage: | http://www.geekz.nl | | File Size: | 3506 | | Last Modified: | Oct 21 03:11:05 2003 |
| MD5 Checksum: | bdc38dfedffb7977637c36ede12ea4e8 |
|
| /// File Name: |
guppy24.txt |
Description:
|
GuppY versions 2.4p3 and below are susceptible to cross site scripting attacks and have a lack of authentication when various data submissions are performed.
| | Author: | Frog Man | | Homepage: | http://www.phpsecure.info | | File Size: | 5835 | | Last Modified: | Oct 6 21:09:56 2003 |
| MD5 Checksum: | 750a17e26237a6be3d4788f970d7a31a |
|
| /// File Name: |
I2S-LAB-25-09-2003.txt |
Description:
|
I2S LAB Security Advisory - The HTTP daemon for FirstClass build 133 (SP3) and below suffers from a heap overflow that allows a remote attacker to shutdown various services on the server.
| | Author: | Fred Chaverot, Aurélien Boudoux | | Homepage: | http://www.I2S-LaB.com | | File Size: | 4561 | | Last Modified: | Oct 6 21:29:43 2003 |
| MD5 Checksum: | ba4b7562f6fe8af950ac6534737239a0 |
|
| /// File Name: |
iwconfig.c |
Description:
|
Iwconfig local proof of concept exploit - Causes a seg fault. Note that iwconfig is not suid.
| | Author: | NrAziz | | File Size: | 1128 | | Last Modified: | Oct 21 04:37:11 2003 |
| MD5 Checksum: | eccf7607942949f8ecfed824257cd7ac |
|
| /// File Name: |
iweb.traversal.txt |
Description:
|
Directory traversal attacks against the iWeb mini http server. Exploit URLs included. Vendor URL here.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net | | File Size: | 1145 | | Last Modified: | Oct 30 05:12:34 2003 |
| MD5 Checksum: | dcaefe6f98304668838e20ca5cbcf763 |
|
| /// File Name: |
ld.so.exp.c |
Description:
|
Solaris runtime linker (ld.so.1) local root buffer overflow exploit. Bug discovered by Jouko Pynnonen.
| | Author: | Osker178 | | File Size: | 12219 | | Last Modified: | Oct 30 05:21:23 2003 |
| MD5 Checksum: | 159fa40468397e901231ffb0c7a34c8f |
|
| /// File Name: |
leap.tgz |
Description:
|
Exploit that brute forces Microsoft's Active Directory authentication used in conjunction with the Cisco LEAP authentication on Cisco wireless access points. Related writing here.
| | File Size: | 11668 | | Last Modified: | Oct 3 22:38:34 2003 |
| MD5 Checksum: | e8a8d7a237a6939d59520e342161c120 |
|
| /// File Name: |
linksysDoS.txt |
Description:
|
The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.
| | Homepage: | http://www.DigitalPranksters.com | | File Size: | 2301 | | Last Modified: | Oct 16 08:08:22 2003 |
| MD5 Checksum: | 1e142d2d4429f36d6bdbd08409720df8 |
|
| /// File Name: |
ls_ftp.pl |
Description:
|
Denial of service exploit in ls, which is exploited remotely via wu-ftpd v2.6.2. In perl.
| | Author: | Druid | | File Size: | 701 | | Last Modified: | Oct 30 07:17:45 2003 |
| MD5 Checksum: | d172d1ad48e70d1f43bf8781bae6f7f1 |
|
| /// File Name: |
ms03-043.c |
Description:
|
Remote denial of service exploit for the Microsoft Messenger service buffer overflow described in ms03-043 which causes the target machine to reboot. Includes the ability to send the packet from a spoofed source address and requires the remote netbios name. Tested against Windows 2000 SP4.
| | Author: | LSD, ported to Linux and *bsd by VeNoMouS | | File Size: | 5930 | | Last Modified: | Oct 21 02:55:57 2003 |
| MD5 Checksum: | 75bde2a7d5758f67ec04524fa6b11be9 |
|
| /// File Name: |
ms03-046.pl |
Description:
|
Exploit for ms03-046 - Microsoft Exchange Server 5.5 and Exchange 2000 buffer overflow, in perl. Denial of service only.
| | Author: | HD Moore | | Homepage: | http://www.metasploit.com | | File Size: | 5499 | | Last Modified: | Oct 30 05:08:34 2003 |
| MD5 Checksum: | 17479c516711b178d64dbfcb23ff116f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
