seeing is believing
Showing 1 - 25 of 40 RSS Feed

Files

0311-exploits.tgz
Posted Dec 10, 2003
Authored by Todd J.

Packet Storm new exploits for November, 2003.

tags | exploit
MD5 | 98a752eda0e42dae02e16f317b81af46
rnnguest12.txt
Posted Dec 1, 2003
Authored by Chris Rahm

The RNN Guestbook version 1.2 has multitudes of vulnerabilities. They range from allowing a remote attacker to execute commands to the ability to achieve full administrative access without authentication. Full descriptions and exploitation enclosed.

tags | exploit, remote, vulnerability
MD5 | 0754b26af27338e25b349e9041d28689
phpBB206.txt
Posted Dec 1, 2003
Authored by Hat-Squad Security Team

Remote exploit that makes use of a SQL injection vulnerability that exists in the viewtopic.php file in phpBB version 2.06. Using a malformed query against the searching functionality, the MD5 password hash will be exposed. Related type of vulnerability here.

tags | exploit, remote, php, sql injection
MD5 | a0d71696e8ccf3834d85f4c6baa42746
_BSSADV-0000.txt
Posted Dec 1, 2003
Authored by The Bugtraq Team | Site bugtraq.org

Bugtraq Security Systems Security Advisory - Multiple vulnerabilities have been discovered in the Applied Watch Command Center IDS. Two exploits have been released to demonstrate these flaws. The first, appliedsnatch.c, allows a remote attacker to add a user to the console without having to authenticate to the system. The second, addrule.c, allows a remote attacker to add custom IDS alerts to all sensor nodes in a network, enabling a human denial-of-service attack by making good packets look bad.

tags | exploit, remote, vulnerability
advisories | CVE-2003-0970, CVE-2003-0971
MD5 | d75b0941421c1810583106423f646868
epic4-exp.c
Posted Nov 27, 2003
Authored by Li0n7

EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.

tags | exploit, remote, overflow, shell
MD5 | 60364157eaa053fedb0f4fd986a98e85
myegallery.txt
Posted Nov 27, 2003
Authored by Bojan Zdrnja

My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.

tags | exploit, php
MD5 | b43abc56c3104b46370ca73811988658
commerceSQL.txt
Posted Nov 25, 2003
Authored by Mariusz Ciesla

CommerceSQL shopping cart allows remote file reading via a directory traversal vulnerability in its index.cgi.

tags | exploit, remote, cgi
MD5 | 5a17b3f5332c2e8437aa225dc2841a71
TCM315.txt
Posted Nov 25, 2003
Authored by Andres Tarasco

The embedded webserver for the Thomson TCM315 cable modem is vulnerable to a buffer overflow during a typical GET method HTTP request.

tags | exploit, web, overflow
MD5 | 51198bef948a30a3927152acb48c8e3f
SCSA021.txt
Posted Nov 25, 2003
Authored by frog-man | Site Security-Corp.com

Security Corporation Security Advisory [SCSA-021]: vBPortal versions 2.0 alpha 8.1 and below allow a remote attacker the ability to send mail anonymously via a vulnerability in its friend.php script.

tags | exploit, remote, php
MD5 | b9b406a1de68f15e93c5a0044938ddfa
kill-Taidu.c
Posted Nov 25, 2003
Authored by jsk

webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.

tags | exploit, remote, overflow, shell, root
MD5 | 5d7053881beaf39ab594c60a0b0cd44c
msnbug.txt
Posted Nov 25, 2003
Authored by Hi_Tech_Assassin, Brice aka THR

A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.

tags | exploit
MD5 | 20299636636f63dc45c73c692442d9d2
85mod_gzip.c
Posted Nov 20, 2003
Authored by Crazy Einstein

Remote exploit for mod_gzip when in debug mode for versions 1.2.26.1a and below. Yields user id of the webserver. Tested against RedHat 8.0 and FreeBSD 4.7.

tags | exploit, remote
systems | linux, redhat, freebsd
MD5 | ccd4dcff6acad5955766d739f2551aff
msuxobsd2.c
Posted Nov 19, 2003
Authored by Georgi Guninski | Site guninski.com

OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here. Also works against OpenBSD v2.x.

tags | exploit, denial of service, overflow, kernel, local, root
systems | openbsd
MD5 | d2c5ec9e1b0e56417a1369edc4c038f3
iawebmail.pl
Posted Nov 19, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

IA WebMail Server v3.1 and below (iaregdll.dll version 1.0.0.5) remote exploit in perl. Tested against Windows XP Home SP1 and Windows 2000 Pro SP4. Included shellcode downloads netcat and spawns a shell.

tags | exploit, remote, shell, perl, shellcode
systems | windows, 2k, xp
MD5 | 2e7f7b1bf13faa2e9a6f5a50715033eb
rush13.txt
Posted Nov 17, 2003
Authored by idtwolf | Site rsteam.ru

Rolis Guestbook version 1.0 is susceptible to php injection cross site scripting attacks.

tags | exploit, php, xss
MD5 | 1972e31d4135891fa96c056c66ac386f
rush12.txt
Posted Nov 17, 2003
Authored by idtwolf | Site rsteam.ru

phpWebFileManager version 2.0.0 is susceptible to a directory traversal attack due to a lack of input validation.

tags | exploit
MD5 | 9eb1029ff44f80602acd4bef54d419dc
netserve107.txt
Posted Nov 17, 2003
Authored by nimber | Site nimber.plux.ru

NetServe version 1.0.7 suffers from a directory traversal vulnerability that allows a remote attack to download any file outside of the webroot. Using this knowledge, a remote attacker can exploit this vulnerability to access the config.dat file that holds the login and password for the administrative account. Tested on Microsoft Windows XP and 2000.

tags | exploit, remote
systems | windows, xp
MD5 | 8ff8a7c0a6c99ee99b37b46c84a0bbd6
pserv.c
Posted Nov 17, 2003
Authored by jsk

pServ 2.0.x Beta webserver remote exploit that makes use of the User-Agent HTTP Header buffer overflow.

tags | exploit, remote, web, overflow
MD5 | 27078b058c1063db9695a706a4f68b1d
fp30reg.c
Posted Nov 17, 2003
Authored by Adik | Site netninja.to.kg

Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.

tags | exploit, remote, shell, tcp
systems | windows, 2k
MD5 | e28d8512b7f0f40aa755ac0c05d43e14
FBHterminator.c
Posted Nov 15, 2003
Authored by Bobby

Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.

tags | exploit, local, root
MD5 | a2817a1ad499a35cdb5469a0b032ce00
gEEk-0verkill.c
Posted Nov 15, 2003
Authored by demz | Site geekz.nl

0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.

tags | exploit, overflow, local, proof of concept
MD5 | ee4378534a1ac7e7c6ff82037218678f
gEEk-unace.c
Posted Nov 15, 2003
Authored by demz | Site geekz.nl

UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.

tags | exploit, local, proof of concept
systems | linux, debian
MD5 | 2b33f62481726d5a0a5ecbdf48ec57e1
unace-exp.c
Posted Nov 15, 2003
Authored by Li0n7

UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Bruteforcing option included.

tags | exploit, local, proof of concept
MD5 | 652bbe547dbd598468bd44680ceda980
execdror5-Demo.zip
Posted Nov 15, 2003
Authored by Liu Die Yu | Site safecenter.net

Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here.

tags | exploit, web, vulnerability
MD5 | 61fe983e637f9bb67381751df8664ae7
sp-myserver0.5-dos.c
Posted Nov 14, 2003
Authored by Badpack3t | Site security-protocols.com

Remote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.

tags | exploit, remote, denial of service
systems | windows, 2k, xp
MD5 | 5003eaa9233aaba1997a86319e2b57aa
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close