Exploit the possiblities
Showing 1 - 25 of 41 RSS Feed

Files

lsassaroot.zip
Posted May 17, 2004
Authored by sub

Microsoft LSASS vulnerability auto rooter. Downloads and executes code from a FTP server.

tags | exploit
MD5 | 54785e01d3034f714dbe01506d1c699f
0x333maelstrom.c
Posted Dec 14, 2003
Authored by Cowboy, 0x333 | Site 0x333.org

Maelstrom local exploit that gives gid for user games making use of the overflow found in the -server switch. Tested against /usr/bin/Maelstrom on Red Hat 9.0

tags | exploit, overflow, local
systems | linux, redhat
MD5 | a935d6a8cc4501c955311239727e64af
0305-exploits.tgz
Posted Jul 14, 2003
Authored by Todd J.

Packet Storm new exploits for May, 2003.

tags | exploit
MD5 | 723abc458b5ea3d570004d5677c44135
MaelstromX.c
Posted Jul 9, 2003
Authored by Knight420

Maelstrom local exploit that gives gid of games and makes use of the overflows found in the -player and -server switch.

tags | exploit, overflow, local
MD5 | 8b3420c452404597f9baf138d0ce82c3
kerio563.txt
Posted Jun 25, 2003
Authored by B-r00t

Kerio Mail Server 5.6.3 remote buffer overflow exploit. Adds wide open root account to /etc/passwd. Written based upon the vulnerability discussed here.

tags | exploit, remote, overflow, root
MD5 | 842c5e7826baf9519f128b2ea7d11c1b
ne0.c
Posted May 31, 2003
Authored by Shashank Pandey

Microsoft IIS versions 5.0 and 5.1 remote denial of service exploit that makes use of the vulnerability recently published by SPI dynamics. Full advisory located here.

tags | exploit, remote, denial of service
MD5 | d78db11ab87227da9b8cfab3f0c3f213
b2cafelog.txt
Posted May 30, 2003
Authored by Pokleyzz | Site scan-associates.net

b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.

tags | exploit, remote, php
MD5 | ea5c0bc0de678c217be1cbe85a7d9052
geeklog.txt
Posted May 30, 2003
Authored by Pokleyzz | Site scan-associates.net

Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.

tags | exploit, remote, php, vulnerability
MD5 | 3dd132c2b949914f5bf8010768bf739e
baby.txt
Posted May 29, 2003
Authored by Dr. Insane

Baby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.

tags | exploit, remote
MD5 | 6a83ff2f09457fbac90e7f8623734cee
shoutbox.txt
Posted May 29, 2003
Authored by Pokleyzz | Site scan-associates.net

Webfroot Shoutbox v2.32 and below suffers from a directory traversal and code injection vulnerability that allows a remote attacker to view any file on the system and the ability to commit remote command execution.

tags | exploit, remote
MD5 | c7ef81a32642aa53a38a48220ff5a153
iisDoS.txt
Posted May 29, 2003
Authored by SPI Labs | Site spidynamics.com

Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.

tags | exploit, denial of service
MD5 | 466be4f57551e6a920e9059e50eaddf3
sunone.txt
Posted May 28, 2003
Authored by SPI Labs | Site spidynamics.com

The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.

tags | exploit, remote, vulnerability, xss
systems | windows, 2k
MD5 | 5695d1e0f86bf5009e22b5b2c09ac452
core.axis.txt
Posted May 28, 2003
Authored by Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.

tags | exploit, remote, web, root
MD5 | a5e3469f753ba4068c41d8a4e0396b5b
priv8gbn.pl
Posted May 28, 2003
Authored by wsxz | Site Priv8security.com

Remote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.

tags | exploit, remote, overflow
systems | linux, mandrake
MD5 | d975b9a72eb72639c21c11ad67d727b2
bncDoS.txt
Posted May 28, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.

tags | exploit, remote, denial of service
MD5 | 19b82bf820cb2ac8cc6dc2cea49ef122
pnews.txt
Posted May 28, 2003
Authored by Peter Winter-Smith

P-News versions 1.6 is vulnerable to a privilege escalation attack by allowing a remote attacker to populate strings with the | used for delimiting data stored about the account.

tags | exploit, remote
MD5 | 369a8bfaa9af899f10559745c738d09b
maelx.pl
Posted May 23, 2003
Authored by akcess

Maelstrom local exploit that gives gid of user games which makes use of an overflow in the -player switch.

tags | exploit, overflow, local
MD5 | 4f7903d9b1f6bc6aca7417e2c825c448
badblue052003.txt
Posted May 23, 2003
Authored by Matthew Murphy

BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.

tags | exploit, remote, web
MD5 | 54488984601b3f7a45a3c8af421f9df2
maelst0x00.c.gz
Posted May 23, 2003
Authored by r-code

Local root exploit for the game Maelstrom with is sometimes setuid to root for the purpose of faster frame rates.

tags | exploit, local, root
MD5 | bfd34d743e37c8ee7b7f8490438cadb2
b-WsMP3dvuln.txt
Posted May 23, 2003
Authored by Xpl017Elz | Site inetcop.org

INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.

tags | exploit, remote, overflow
MD5 | fee1e5ee6009d22f0754405163419c14
a-WsMPdvuln.txt
Posted May 23, 2003
Authored by Xpl017Elz | Site inetcop.org

INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.

tags | exploit, remote, web
MD5 | 1ff2d86a592f92c1751dc263dab6ada1
iDEFENSE Security Advisory 2003-05-22.t
Posted May 23, 2003
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 05.22.03 - iisPROTECT is a utility designed to provide password protection to web directories similar to the htaccess method utilized by Apache. When protected files are referenced through different URL-encoded representations, this authentication can be completely bypassed.

tags | exploit, web
MD5 | 3b4927deb5e89ac467996a11b1770203
Pi3web-DoS.c
Posted May 23, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

A simple denial of service exists in the Pi3 webserver that allows a remote attacker to crash the daemon by feeding it a GET request with 354+ forward slashes after it.

tags | exploit, remote, denial of service
MD5 | e627c9f9fd6b442a7aeffec686744f3a
happymall-adv.txt
Posted May 15, 2003
Authored by e2fsck

Happymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 747291e08548a2e6cf2f161a68843c34
Owl_Intranet_Engine.txt
Posted May 15, 2003
Authored by Christopher M Downs | Site angrypacket.com

Owl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.

tags | exploit
MD5 | 77ea64312fa5085245a0e207ac560633
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close