Solaris 8 LDAP_OPTIONS local buffer overflow exploit which takes advantage of a bug in libsldap.so.1.
fbf6de6cb08309b916fc1f7834bc383860b579ea95037740cc187c35f913b224Oracle application server 4.0.8.2 + Netscape Enterprise 4.0 webserver remote exploit in perl which attempts to execute commands remotely as root. Netscape Enterprise webserver must be configured as external 'web listener' for Oracle. Overflow happens when a long string requested with prefix which has been 'linked' to oas. by default it is /jsp/. Takes advantage of the Oracle Application Server shared library buffer overflow which affects Oracle application server 4.0.8.2 + iWS 4.0/4.1 webserver, running on Sparc/Solaris 2.7.
045f497e451554365c75a888a54888851684db64b10d241f5348b3d6b422abc1Packet Storm new exploits for May, 2001.
f57f3b5f09f5712f1bd0ed4dd43383a800ec94fcc48e9e6646e82555f0ff4323Gnupig is an advisory and exploit for the Gnupg v1.0.5 format string vulnerability which creates an encrypted file which executes code when it is decrypted.
ac649f815afe8db3e8e2d13836c1870964dd972e44857e461df7104d04761240HP/UX local exploit for /opt/OV/bin/ecsd.
2de424af94be9fb6a61cd2c72d940df117c2eeaae50d877ddb06a4652ee9abceCool2 is a perl script which checks a list of hosts for IIS servers which are vulnerable to the decode bug and the old unicode bug.
992e799ee26d6aaa457432a5be7c3db3479c2f5ed9f94b41f92878e2fb8ebdd8Securax Security Advisory #20 - The 1st Up Mail Server version 4.1.6a and below contains a remote denial of service vulnerability. Fix available here.
c9d3d44add8e60cf5afe922404991f19df0341b12c9296a9ea83fa9b2c70ae33Omnised.pl is an exploit for Omnihttpd v2.08 for Windows 98/me/nt/2000 which lets you dump the source of php perl and other files to a txt file. These files may contain passwords.
9276193adbdd9b969f90b2323644d613d1e30a9bebe9d41fa67790946031064bX-Chat v1.2.x format string bug exploit. Tested against x-chat v1.2.1 on Slackware 7.1.
b469eda18d6e1805cd4e8a0be2fbb3cb43284ad07087b99b32725d1ff02f9fc4This little piece of perl code tries to exploit the double decoding BUG on IIS 4 & 5.
33a120d3fdad4e6ced42a48f9ed06541f1a7acdd6e07b660fa045c63cafecb32The WebAvail LinkMax2 (ASP) allows website visitors to view the LinkMax2 admin login and password. Fix included.
bc49f92d642851afebdaa716c8669034d092c6652034fd4a9c0ddaa830453e4fDQS package v3.2.7 (/usr/bin/dsh) local root exploit. Tested against SuSE 6.3, 6.4, and 7.0.
dc781082f966e7e84fd45bc05a9af244e12da062b9438a7c4ce05fe3639b7a91Execiis.c is a remote exploit for Bugtraq ID 2708 - Microsoft IIS CGI filename decode error.
930daed1380743902694409c2275d36ed101487eb3dbd8df8b795068aba598baSensedecode.tgz includes 2 perl scripts which exploit the IIS url decoding bug. Decodecheck.pl checks for hosts that have the "decode" problem, and decodexecute executes code using the decoding problem, with redirection.
d32db266c769e68dd5e55144cdff5aac3d5f570243d3c50560169d168c96b542NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system commands with IUSER_machinename account privilege. Exploit URL's included.
1f24fde1bac96def60ac10c00a6e82940ada309470835ba73f5d78b25c6f6fecAcadsoft's webcgi98.exe displays the full path to the binary in an error message.
87a2492754de406640b736c27877e5fea0ea2bf16f000790a41c42110d3365f5/usr/bin/mailx local buffer overflow exploit. Gives gid=mail shell. Tested against Solaris 8.
8270d776c54245c8f9730bdf87c4de6ee29ce8e325d9e3fb78e6f9951ae96cbcCfingerd prior to v1.4.3 remote root exploit for linux/x86. Exploits a format string vulnerability in the syslog() call.
d8bf8ec5db51a03a2a06971d1a62f5b817394a89a0963c7f4adf17a3b5bfdc71Jill.c (fixed version) is a remote exploit for the IIS 5.0 / Windows 2000 remote .printer overflow. Spawns a reverse cmd shell.
4eaf53b6615baedb4fac1be5c4beb5aa4c9708ae0370a0dd8b34bf8080a4ddbbCfingerd prior to v1.4.2 remote root exploit - Takes advantage of the syslog format string bug. Tested on Debian 2.1 and 2.2.
70f413a4d20fd258ec79ede4b34842fe8435ef1209fb32fae0d717b0718d3107Ronin.c is a FreeBSD-4.2 remote root exploit. Requires user access and a writable home directory without chroot.
d2e33c037790692c389b96a7601e8f1408b6545023a8abce9baf0cbcdda89c20The G6 FTP server v2.00 freezes if told to create a directory "COM1", "COM2", "COM3" or "COM4".
716e570229564b04ebe6d9eb93f65830929d5d4b253495f360aab2e142e6e52fWindows 2000 / IIS 5.0 sp0 + sp1 remote exploit. Overflows the Host: header of the isapi .printer extension. The included shellcode creates a file in the root drive of c:\ which contains instructions on how to patch your vulnerable server. Compiles on Windows, linux, and *bsd.
9fff87f325e3b0b2e95b688b5c791f29e66f7277f9fd816703595f63a89b9eebWindows 2000 / IIS 5.0 + SP1 Internet Printing Protocol vulnerability test. Causes a memory leak and reports whether or not the remote site is vulnerable, but does not contain shellcode.
7acc303c4980d09fc650229e55553b5c0ada450b62f78168bace6cbcf5152918
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed