what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files

0405-exploits.tgz
Posted Jun 2, 2004
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for May, 2004.

tags | exploit
SHA-256 | 8aa9e90a12b27246260794ffa77220a08db91dd5faf7f698b159a94ffdb39ae5
waraxe-2004-SA031.txt
Posted May 30, 2004
Authored by Janek Vind aka waraxe | Site waraxe.us

e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.

tags | exploit, remote, xss, sql injection, file inclusion
SHA-256 | 4648aabab47f7963e174173f3f04af7209fa7f43cb1be7217a8b81b3f861061f
jportal.txt
Posted May 30, 2004
Authored by Maciek Wierciski

JPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.

tags | exploit, sql injection
SHA-256 | c0618cb8789156cdb22120276d0f52027e54887b23146267952c77d16f08b639
metaexpl.tgz
Posted May 26, 2004
Authored by priestmaster | Site priestmaster.org

Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.

tags | exploit, remote, overflow, udp, shellcode
advisories | CVE-2004-0104, CVE-2004-0105
SHA-256 | 4b90ebafdf1d434a218d36dfbf9b51ff8ab8e7a904b5b69a39f31b140b267ee8
SP Research Labs Advisory 13
Posted May 26, 2004
Authored by Badpack3t, SP Research Labs | Site security-protocols.com

Orenosv HTTP/FTP server version orenosv059f is susceptible to a remote denial of service attack when supplied with an overly long GET request.

tags | exploit, remote, web, denial of service
SHA-256 | c43988c4383fe43ee1e20d45a9115e083e4a20aa16aeb0bc45277520a4eae545
SP Research Labs Advisory 12
Posted May 24, 2004
Authored by Badpack3t, SP Research Labs | Site security-protocols.com

BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier versions are susceptible a denial of service due to a malicious crafted HTTP GET request. Sample exploit included. Tested on Windows XP SP1.

tags | exploit, web, denial of service
systems | windows
SHA-256 | 9890d7016baddf8fdcf712e31a16c8da51096b32a041e1fa58e9d203e5c84240
allegrodos.txt
Posted May 24, 2004
Authored by Seth Alan Woolley

Amusing simple one-liner that shows that 3COM 812 ADSL modems are still susceptible to 4 year old denial of service attacks.

tags | exploit, denial of service
SHA-256 | 26aae1a7af5d89cbe48405ff5017b10bf4bc1bca154fd25e8194f64e0b22955e
cvs_solaris_HEAP.c
Posted May 20, 2004

Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.

tags | exploit, remote, root
systems | solaris
advisories | CVE-2004-0396
SHA-256 | 65c674ac77ccd4a45957f097a3fcebfc7836743e95663c5b329449a7e1d5d93e
cvs_linux_freebsd_HEAP.c
Posted May 20, 2004

Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.

tags | exploit, remote, root
systems | linux, freebsd
advisories | CVE-2004-0396
SHA-256 | cbba2ce54b3c6d2fab06e83029be065535aa55e80f9747949b5f4579b7f3ef21
advisory13.txt
Posted May 19, 2004
Authored by l0om | Site excluded.org

osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.

tags | exploit
SHA-256 | 3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136
EXP_OmniHTTPd.BAT
Posted May 19, 2004
Authored by CoolICE

Remote exploit for OmniHTTPd versions 3.0a and below.

tags | exploit, remote
SHA-256 | 10a187c64b2c3812f3886a960408b6c725c3e5e4e0c7b49ebb7470c071cdf861
wgetuhoh.txt
Posted May 18, 2004
Authored by Hugo Vazquez

Wget versions 1.9 and 1.9.1 are susceptible to a symlink attack during a phase where it downloads the file to a temporary filename but does not actually lock the file.

tags | exploit
SHA-256 | 3e19a9e65f1b07c2febfde7d6bffc9cc7a814a75db5421d998b8a9cb89dcc8c5
HOD-symantec-firewall-DoS-expl.c
Posted May 14, 2004
Authored by houseofdabus

Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.

tags | exploit, remote, denial of service, kernel
SHA-256 | 210a95aedb58ff218b08a68c2698d26d830137378183d72bec41e0c872f2d24d
linksys-dhcp-exploit.c
Posted May 13, 2004
Authored by Jon Hart | Site spoofed.org

Remote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.

tags | exploit, remote, proof of concept
SHA-256 | a52d05b85cc4f22be69b66ac3c00b8b81943177b893ff16c196ec2f810b93f70
ftpgrep.c
Posted May 13, 2004
Authored by l0om | Site excluded.org

ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.

tags | exploit, remote
SHA-256 | 3464aef370394a488838a73ebe145b21b8ec9a413fa217fe3f91b965c6cd0a8a
monit41.pl
Posted May 11, 2004
Authored by Shadowinteger

Remote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.

tags | exploit, remote, overflow, shellcode
SHA-256 | 9115921f367182e04c2a327689c0ea998acdbb7ffeb7313c0e4390f4bba7e4da
sasserftpd.c
Posted May 11, 2004
Authored by mandragore

Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.

tags | exploit, worm, remote
systems | windows
advisories | CVE-2003-0533
SHA-256 | fe6e7139ffe5455305da5e52b63eeb8d4a419766258966ceb2ef0016e7cbe63e
paxdos.c
Posted May 11, 2004
Authored by Shadowinteger

PaX with CONFIG_PAX_RANDMMAP for Linux 2.6 denial of service proof of concept exploit the send the kernel into an infinite loop. Originally discovered by ChrisR.

tags | exploit, denial of service, kernel, proof of concept
systems | linux
SHA-256 | 95b5b952163bbf90669cc041e19deedc691a3f09107b15798b7600eab1fcfb12
getlvcb.c
Posted May 11, 2004
Authored by matt0x | Site secnetops.com

Local exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.

tags | exploit, overflow, local, root
systems | aix
SHA-256 | df3a66c931856eab876e1324de9e8d0c39b833db157cad223585a48767935c92
emule042e.pl
Posted May 11, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Remote denial of service exploit for Emule 0.42e.

tags | exploit, remote, denial of service
SHA-256 | d97b9f4a450cf14a21ea099cb309d992c537fc5102c6f64ccf04d10875f1e39b
auxploit-1.0.tgz
Posted May 9, 2004
Authored by Teolupus

Auxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.

tags | exploit, remote
SHA-256 | 379b4e6b32cfd722ac33ffd4b3b82493967efcf5b1256e6d26c1f5cd867ec2a2
305-pound.c
Posted May 9, 2004
Authored by Nilanjan De | Site eos-india.net

Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.

tags | exploit, remote, local
SHA-256 | d32c4eb64924cacbd6138fbf93daad2d980fde8fa9dea7eb17cdfb06d23df785
WFBE.txt
Posted May 9, 2004
Authored by Tom

Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.

tags | exploit
systems | windows
SHA-256 | eba44110e3caccbe7c8b9b342ad17af2aa59924dd11497e268bd6624c6881869
win_msrpc_lsass_ms04-11_Ex.c
Posted May 9, 2004
Authored by houseofdabus, froggy 3s

Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.

tags | exploit, remote, overflow
systems | linux, windows
SHA-256 | de64cd542848869101fd0295b16efedcc16a5d8fa502380d2df58defde723411
waraxe-2004-SA028.txt
Posted May 9, 2004
Authored by Janek Vind aka waraxe | Site waraxe.us

The Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.

tags | exploit, xss, sql injection
SHA-256 | 2c563bf041f397f2368286aa9f5f303cec749c7907a27ee19b36a9362644cb89
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today
Posted Mar 28, 2024

tags | headline, fraud, cryptography
Sellafield To Be Prosecuted For IT Security Offenses
Posted Mar 28, 2024

tags | headline, government, britain, flaw
These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb
Posted Mar 28, 2024

tags | headline, microsoft, email, flaw
Analyse, Hunt, And Classify Malware Using .NET Metadata
Posted Mar 27, 2024

tags | headline, hacker, malware, microsoft
VPN Apps On Google Play Turn Android Devices Into Proxies
Posted Mar 27, 2024

tags | headline, privacy, phone, flaw, google
Fortinet FortiClient EMS SQL Injection Flaw Exploited In The Wild
Posted Mar 27, 2024

tags | headline, hacker, flaw
Google Reveals 0-Day Exploits In Enterprise Tech Surged 64% Last Year
Posted Mar 27, 2024

tags | headline, flaw, google, zero day
Ray AI Framework Vulnerability Exploited To Hack Hundreds Of Clusters
Posted Mar 27, 2024

tags | headline, hacker, flaw
Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government
Posted Mar 26, 2024

tags | headline, hacker, government, usa, china, cyberwar, spyware, backdoor
Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan
Posted Mar 26, 2024

tags | headline, hacker, malware, conference, cryptography
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close