Twenty Year Anniversary
Showing 1 - 25 of 73 RSS Feed


Posted Jul 28, 2000
Authored by Headflux | Site

Plusmail remote exploit - plusmail fails to check authenticity before creating new accounts.

tags | exploit, remote
MD5 | cb45bd9c9b86c81b068cef1ce3f8b5f9
Posted Feb 1, 2000
Authored by Todd J.

Packet Storm new exploits for January, 2000.

tags | exploit
MD5 | 38af88a541be851c1f2c5eb240a0e0e7
Posted Feb 1, 2000
Authored by Efrain Torres, lownoise

RightFax Web Client v5.2 allows anyone to hijack user's faxes.

tags | exploit, web
MD5 | 9bb7293d5c68e1a5c5585199bad613a5
Posted Feb 1, 2000
Authored by Arne Vidstrom | Site

The "Strip Script Tags" feature in Firewall-1 can be circumvented by adding an extra less than sign before the SCRIPT tag. The code will still execute in both Navigator and Explorer.

tags | exploit
MD5 | f6ba91a8013bd49f0441d329466bf7ce
Posted Feb 1, 2000
Authored by Michal Zalewski

Recent PAM implementations allow you to use su to rapidly crack accounts without being logged. Tested on RH 6.1.

tags | exploit
MD5 | 10423e8f8ff63e2145b21fec615ece68
Posted Feb 1, 2000
Authored by John Daniele and both use /tmp insecurely.

tags | exploit
MD5 | ff89f7c3c011f530b4c95ee396510a2b
Posted Feb 1, 2000
Authored by Neil Bortnak | Site

Many virus checking software skips directories entitled \\recycled or similar. This allows viruses and trojans a safe haven on many Windows 95, 98, and NT systems. Exploit code included.

tags | exploit, trojan, virus
systems | windows, 9x
MD5 | 320a950d8efaa33854f465fdb9e7eca2
Posted Feb 1, 2000

An HP-UX 10.30/11.00 system can be used as an IP traffic amplifier. Small amounts of inbound traffic can result in larger amounts of outbound traffic, using ICMP MTU discovery packets.

tags | exploit
systems | hpux
MD5 | 4fd026baa15caea8a3d981d0abc1bf4d
Posted Feb 1, 2000

All flavors of BSD have local root procfs holes. Exploit included.

tags | exploit, local, root
systems | bsd
MD5 | ddefadee77bc2088a7a5b5b032ca3ff1
Posted Feb 1, 2000

There is a buffer overflow in Subseven 2.1a causing it to quit quietly, crash, or overwrite variables.

tags | exploit, overflow
MD5 | a9ae10bc91758866af6d9e7695df2d28
Posted Feb 1, 2000

SMS 2.0 Remote Control (for Windows NT) introduces a security risk that will allow the attacker to run programs in system context, due to the fact that the executable used for the remote control service is copied to the workstation without any special permission settings to prevent a user from replacing the executable.

tags | exploit, remote
systems | windows, nt
MD5 | 939250f9f1bfa69849fd81cc78038d43
Posted Feb 1, 2000

Microimages X server for Windows allows anyone to kill your session and start an xterm on your machine if they know you are using the software.

tags | exploit
systems | windows
MD5 | 60bb7ab5ff38455203a8b08cd8d3ee0f
Posted Feb 1, 2000

Windows NT webservers using ASP can under some circumstances reveal the path of the server. A variable holds information about the internal structure of the website.

tags | exploit, asp
systems | windows, nt
MD5 | f3c9c247dda71acf38aebe0cb4c5c241
Posted Feb 1, 2000
Authored by Fredrik Widlund

IIScat exploits the recent Microsoft Index Server vulnerability to read any file on the server.

tags | exploit
MD5 | 6486fb070f99a76bcfc5dfc1a4b9f85d
Posted Jan 31, 2000
Authored by Skirkham

Exploit for Cobalt Raq2 Server. Requires Site Administrator access to one of the accounts on the server.

tags | exploit
MD5 | 3432696a228bd51795c33223d2d537b2
Posted Jan 28, 2000
Authored by Missinglnk | Site

A modified version of the original qpopper 3.0beta29 exploit by Zhodiac, added network support (no need for netcat) and allowed the user to specify which command to execute.

tags | exploit
MD5 | 82ad9b1f522d4dae7383117047b5f5bc
Posted Jan 28, 2000
Authored by David Litchfield | Site

Cerberus Information Security Advisory (CISADV000126) - Internet Information Server 4.0 ships with an ISAPI application webhits.dll that provides hit-highlighting functionality for Index Server. A vulnerability exists in webhits that allows an attacker to break out of the web virtual root file system and gain unathorized access to other files on the same logical disk drive. This vulnerability can also be used to obtain the source of Active Server Pages or any other server side script file which often contain UserIDs and passwords as well as other sensitive information. Vulnerable systems include Microsoft Windows NT 4 running Internet Information Server 4, all service packs. Microsoft FAQ on this issue is here.

tags | exploit, web, root
systems | windows, nt
MD5 | 512cf5e159aee75a024d84adc45e0996
Posted Jan 27, 2000
Authored by Tim Yardley

Explanation of the 'spank' attack - a new breed stream/raped. Stream/Raped mearly flooded the host with ack's (or no flags) and came from random ips with random sequence numbers and/or ack numbers. The difference now is that this not only does the previous stuff, but also directly attacks from and to multicast addresses as well.

tags | exploit
MD5 | c9e46f542b311ed9d0f7c9dbc1204c03
Posted Jan 27, 2000
Authored by ADM, Shane A. Macaulay

Solaris Solstice Internet Mail IMAP4 Server x86 exploit.

tags | exploit, x86
systems | solaris
MD5 | 821fc99233c6792e3a5d571544e02056
Posted Jan 27, 2000
Authored by Zhodiac | Site

Remote linux x86 exploit for Qpopper 3.0beta29 and below. (not 2.5.3) Overflows the LIST command and spawns a shell with the UID of the user who logged in (requires valid account), and GID mail.

tags | exploit, remote, overflow, shell, x86
systems | linux
MD5 | 089ae93a6c629d93a58194ac07cbb0b6
Posted Jan 27, 2000
Authored by Shane A. Macaulay | Site

w00w00 Security Advisory - qmail-pop3d may pass an overly long command argument to it's password authentication service. When vpopmail is used to authenticate user information a remote attacker may compromise the privilege level that vpopmail is running, naturally root.

tags | exploit, remote, root
MD5 | 68b6d3a1b05e5e257c57d90c820d08c0
Posted Jan 27, 2000
Authored by Harikiri | Site

w00w00 Security Advisory - Linux VMware 1.1.2 Symlink Vulnerability. VMware stores temporary log files within the /tmp directory. It does not check whether all of these files exist prior to creation, resulting in the potential for a symlink attack.

tags | exploit
systems | linux
MD5 | 4b31536039d42df62107f9f754799ae4
Posted Jan 27, 2000
Authored by Harikiri | Site

w00w00 Security Advisory - S/Key & OPIE Database Vulnerability affecting most Unixes (not NetBSD) running skey-2.2. (possibly earlier versions too) allowing offline password cracking.

tags | exploit
systems | netbsd
MD5 | 8f5d6179b615202fd4b8349769f9708e
Posted Jan 27, 2000
Authored by Shane A. Macaulay | Site

Remote exploit for the inter7 supported vchkpw/vpopmail package for (replacement for chkeckpasswd). Tested on Sol/x86,linux/x86,Fbsd/x86 against linux-2.2.1 and FreeBSD 3.[34]-RELEASE, running vpopmail-3.4.10a/vpopmail-3.4.11[b-e]. Unofficial patch here.

tags | exploit, remote, x86
systems | linux, freebsd
MD5 | 2d7dedcfe66b33095eeacda82febfcc6
Posted Jan 26, 2000

MS IIS 5.0 has problems handling a specific form of URL ending with "ida". The extension ida has been taken from the Bugtraq posting "IIS revealing webdirectories" The problem causes 2 kind of results. The one result is that the server responds with a message like "URL String too long"; "Cannot find the specified path" The other error causes the server to terminate with an Access Violation. When the server "Access violates" it displays as last message.

tags | exploit
MD5 | 420df2c0f778194590d6ca0d2f538ccd
Page 1 of 3

Top Authors In Last 30 Days

Recent News

News RSS Feed
One Email Account With Clout Can Unleash Phishing Hell
Posted Sep 24, 2018

tags | headline, cybercrime, fraud, password, phish
SHEIN Fashion Retailer Announces Breach Affecting 6.42 Million Users
Posted Sep 24, 2018

tags | headline, hacker, privacy, cybercrime, data loss, fraud
Code-Cracking WW2 Bombe Operation Recreated At Bletchley
Posted Sep 24, 2018

tags | headline, britain, cyberwar, germany, science, cryptography
Twitter Warns Direct Messages Were Exposed
Posted Sep 24, 2018

tags | headline, privacy, data loss, flaw, twitter
Scottish Brewery Recovers From Ransomware Attack
Posted Sep 21, 2018

tags | headline, malware, scotland
Romanian CCTV Ransomware Culprit Admits Guilt
Posted Sep 21, 2018

tags | headline, government, malware, usa, fraud, romania
Thousands Of WordPress Sites Backdoored With Malicious Code
Posted Sep 21, 2018

tags | headline, hacker, malware, flaw, wordpress
Facebook Told To Speed Up Changes Or Face Sanctions
Posted Sep 21, 2018

tags | headline, government, privacy, facebook, social
Equifax Fined By ICO Over Data Breach That Hit Britons
Posted Sep 20, 2018

tags | headline, privacy, britain, data loss, fraud, identity theft
Hackers Steal Credit Cards From Newegg, Researchers Say
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, data loss, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By