5niffi7.c - Remote root exploit for sniffit (-L mail) 0.3.7.beta on Debian 2.2. Includes a detailed explanation of how the exploit works.
024ddcc5e92f17b5a21a0b1e29b8e09fbda58d5ab78d29e5646d0557c2a197ffGauntlet firewall remote proof of concept code, tested against BSDI.
e083c880ad28d303ffd72c300afb16fe308a4792b9bb9ff3042cfa2e79c3b4d2/usr/bin/xaos local root buffer overflow exploit. Works on suse 6.1, and could be modified for 6.2.
41063c66d14d76b252432334dc2031dd8d874cf94f253caf555c2a55974289a0The thttpd web server comes with a CGI script called /cgi-bin/ssi which allows any file on the system to be read. Exploit URL included.
25679f8183d70073b7bf52ab21666b2b31569ed14056ca67fae4e26e726dd272elm_again.c exploits another buffer overflow in elm v2.5 giving a gid=12 shell if /usr/bin/elm is SGID. Tested on Slackware 3.6 and RedHat on elm2.5PL3.
a63af30bfc97eb80e07b9f38915a5c778463721196ce3c7f4a6bf9172b6729c7Cerberus Information Security Advisory (CISADV000524a) - The Cerberus Security Team has discovered a serious security flaw with Rockliffe's MailSite Management Agent for Windows (version 4.2.1.0). This server allows remote users to access their POP3 accounts and read their mail over HTTP. The service usually listens on TCP port 90. Unfortunately there exists a buffer overrun vulnerability that allows attackers to execute arbitrary code. As this service runs as system, by default, any code executed will run with system privileges - meaning any server running this agent could be fully compromised.
201140e806c2e3d3ec0bd2fb4cfda30b1743e7b0fd7054bcce93c848c6ca1a7aA popular CGI web page acess counter, version 4.0.7 by George Burgyan permits execution of arbitrary commands as a result of unchecked user input. Commands are executed as the same permission of the webserver.
94ace7ee3453cc97474d0f764a764949d5e6287f3e4ff04fcae1b290ca7c34b5Elm v2.5 buffer overflow exploit which provides a gid=12 shell if /usr/bin/elm is SGID. Tested on elm 2.5PL1-3, on Red Hat. Perl script to find offsets included.
de3ca64288f925a9826cafbf271fc6605aa272bb27361e89cf5913320a7c513fElm v2.4 buffer overflow exploit which provides a gid=12 shell if /usr/bin/elm is SGID. Tested on Slackware 3.6, elm 2.4PL25. Perl script to find offsets included.
03d1978ea3b8ab5173fda42c7786dc04993514aae31b5c97466470d36a8dddcfSecurax-SA-03 - Ezboard v5.3.9 remote dos attack via wildcards in URL.
ed822a1fc27e53ef490ca1eaffb4b388a0110ab561a1a5b201ae6e3397654cf5solaris 2.7 lpset local exploit, i386.
82677b09b51b7eeb5f50474a25d70291b3e7b4d5eae939b2f28a8b28490519fa/usr/bin/fdmount local linux exploit.
bf34985b1a8b79c1e149fa1edad4560a07632b016f0109a4da99d03ceb463282filterape.c exploits a new elm buffer overflow to get EGID mail on Slackware.
0283514040bf44953fc6a6a2b5828645f76e0fbbd4376d98586c0470084c52fcXwindows remote dos attack - creates a sequence of socket connections to tcp port 6000. Xwindows slows to a crawl and sometimes does not respond to user input.
efe31e621870f97e050c9ccd97b857ea4370bb4acee4752fe8205face4d0fa94The Cerberus Security Team has discovered that a flaw in the Carello web shopping cart enables remote attackers to vi ew .asp files on the the server's computer Affected system: Windows NT running IIS.
660eb984197ab48859340fb6d1ef3d916beb70b6534fb06bb49318f17b072048There is a remote denial of service exploit against tcpdump. Tcpdump interprets UDP packets on port 53 as DNS traffic, however, domain names in DNS packets use a compression scheme that jumps to a particular offset in the packet to avoid multiple occurances. Sending a packet that has the offset set to a particular location and if a program trying to decompress the domain name does not have a strategy for avoiding infinite loops, tcpdump may fall into an infinite loop.
3cb11869215cdb4a624ad46e732b853b543df65c25669d3daa61fa3108233ad0BufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
3b9258be6be245c764411f6a0fb9887e6d3353efa7d0f966e6a4b94561a41ad0socket-dos.c is a local ssh-1.2.27 exploit which creates a UNIX domain socket with an arbitrary file name anywhere in the filesystem on some machines.
7bdb442b497c168920cf7dcefe4563db3d8741d098266c65dd84c6cadc0ad94aSniffit 0.3.7Beta Remote Exploit - sniffit has to be running (-L mail) flag set for this to work. Tested on RedHat 6.0.
b573a5413280903555b0ee0798458bf852149647ac3a38ccab820bebcba4ba44killsentry.c shows that automatic firewalling is a bad idea by sending spoofed FIN packets from different hosts in an attempt to confuse Portsentry. Tested on FreeBSD 3.2.
53c616376a8cf4e338ec21587c689c67facb4791006565268125022e9ce67769Ascend remote denial of service - Upon receiving a packet with non zero length tcp offsets ascend terminal servers will crash. Linux based exploit included.
1c9d5ce7aadfbcbc5a0f59fb1a4d4366d8f996bd3022ebe70ecda1d75003f9cfkshux.c -- krshd remote root exploit. This program exploits a vulnerability in the 'krshd' daemon included with the MIT Kerberos distribution. All versions are apparently vulnerable. This exploit is for Linux/x86 with Kerberos version 1.0.
21dbac49e32798d882c9cc979e90d774e5d8ce9558b1930028784d9a54094e1bjoe v2.8 stack overflow. joe overflows when trying to open() $HOME/.joerc. This is simply proof of concept code, hopefully to get the bug fixed. It will attempt to spawn a rootshell.
92174114b15928ccc797f3ac28878ca4c0229150414ef0e2334636a47b1b6e21ksux.c -- ksu exploit. This program exploits a vulnerability in the 'ksu' utility included with the MIT Kerberos distribution. Versions prior to 1.1.1 are vulnerable. This exploit is for Linux/x86 with Kerberos version 1.0. Exploits for other operating systems and versions of Kerberos should also work.
575f9b9cd458226ac2f5b33532684894fb83b67d2d03b4ba8441db5ccbd69505shellhit.c - TESO Hellkit contains a buffer overflow - exploit is just meant to be funny. To all scriptkiddies: You won't get root from this, go and find something more useful.
a3e149bc4123017c3cbb604fcda0c4db3c04f6e279d5b9a75f8c0c48fe6dd47f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed