seeing is believing
Showing 1 - 25 of 34 RSS Feed

Files

0406-exploits.tgz
Posted Jul 14, 2004
Authored by Todd J.

Packet Storm new exploits for June, 2004.

tags | exploit
MD5 | 29c7c2674eab4520cd20b7302b9e9301
p_atari800.c
Posted Jun 29, 2004
Site pi3.int.pl

Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.

tags | exploit, local, root
advisories | CVE-2003-0630
MD5 | c80b76a6307ff17e08717de2e6550916
memplayer.c
Posted Jun 27, 2004
Authored by c0ntex

All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.

tags | exploit, overflow, local
systems | linux, redhat, freebsd
MD5 | cbe5d9e292378ea65f396eb994717fdb
rlprd.py.exploit
Posted Jun 25, 2004
Authored by Andrew Griffiths | Site felinemenace.org

Remote exploit that makes use of a format string vulnerability in rlpr version 2.x.

tags | exploit, remote
MD5 | b99e7c2ea67fa9b371ccb64ad4add409
argoxp.c
Posted Jun 25, 2004
Authored by Jocanor

New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.

tags | exploit, shell
systems | windows, xp
MD5 | 4e4dbfcd6f6f4bdaeb0f815289d6dc24
freebsd.local.txt
Posted Jun 25, 2004
Authored by Marceta Milos

It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.

tags | exploit, kernel
systems | freebsd
MD5 | 3c696b8a9038e16be09743c489490177
tn-linksys.txt
Posted Jun 23, 2004
Authored by Andrew

Linksys Web Camera versions 2.12 and below are vulnerable to a file inclusion vulnerability.

tags | exploit, web, file inclusion
MD5 | 8644bec47b491078fb0b317d247134a8
unsecure.zip
Posted Jun 22, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Remote proof of concept denial of service exploit that makes use of a flaw in the Unreal game engine where a simple UDP packet with a long value can overwrite important memory zones. Vulnerable games include: DeusEx versions below and equal to 1.112fm, Devastation versions below and equal to 390, Mobile Forces versions below and equal to 20000, Nerf Arena Blast versions below and equal to 1.2, Postal 2 versions below and equal to 1337, Rune versions below and equal to 107, Tactical Ops versions below and equal to 3.4.0, TNN Pro Hunter, Unreal 1 versions below and equal to 226f, Unreal II XMP versions below and equal to 7710, Unreal Tournament versions below and equal to 451b, Unreal Tournament 2003 versions below and equal to 2225, Unreal Tournament 2004 versions below 3236, Wheel of Time versions below and equal to 333b, X-com Enforcer.

tags | exploit, remote, denial of service, udp, proof of concept
MD5 | 361204957ff8fe968183581a523bd891
dlink614.txt
Posted Jun 22, 2004
Authored by Gregory Duchemin

The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.

tags | exploit
MD5 | bb1d151b3ef002c744a87226efe46e37
code.zip
Posted Jun 22, 2004
Authored by Jelmer Kuperus | Site jelmer.homedns.org

Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.

tags | exploit
MD5 | 5b1945a52edc14026d5441544d608175
ircd-hybrid.txt
Posted Jun 22, 2004
Authored by Erik Sperling Johansen

Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.

tags | exploit
MD5 | 6a0710b14b0f121eb374ed868255d400
pivot1.1.0SoundwaveAdv.txt
Posted Jun 18, 2004
Authored by Alex Buck aka loofus | Site 0x90.org

Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.

tags | exploit, remote, web, file inclusion
MD5 | 1f673326a66b16d650c42b4c15f179a3
dnsPoison.cpp.txt
Posted Jun 18, 2004
Authored by fryxar

Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.

tags | exploit, proof of concept
MD5 | ff4e422f5bdf7ce95c8bbba21561cd14
vpasp5x.txt
Posted Jun 18, 2004
Authored by Thomas Ryan | Site providesecurity.com

VP-ASP Shopping Cart version 5.x is remote susceptible to cross site scripting and SQL injection attacks.

tags | exploit, remote, xss, sql injection, asp
MD5 | 83b28a51651383ae29607899b22eac1c
Trustix Secure Linux Security Advisory 2004.6
Posted Jun 14, 2004
Authored by stian | Site gcc.gnu.org

A very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.

tags | exploit, denial of service, x86, kernel
systems | linux
MD5 | 2ab47694f55382d6c53256a0fabfb2ef
WinAgentsTFTP.txt
Posted Jun 14, 2004
Authored by Ziv Kamir

When an overly long filename is requested via the WinAgents TFTP server, a denial of service occurs due to an error in the handling of the request. Tested against version 3.0, other versions may be susceptible. Exploitation included.

tags | exploit, denial of service
MD5 | e9030ba21e5ba0c96dbfd3e2f3056239
waraxe-2004-SA032.txt
Posted Jun 14, 2004
Authored by Janek Vind aka waraxe | Site waraxe.us

PHP-Nuke versions 6.x - 7.3 suffer from multiple cross site scripting flaws and one SQL injection attack.

tags | exploit, php, xss, sql injection
MD5 | 29a12d03061abc3f21207ac954c01902
blackboardLS.txt
Posted Jun 14, 2004
Authored by killer | Site mostly-harmless.nl

A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.

tags | exploit, remote, perl
MD5 | 24664bee21865c591e5ebeacf907e0f8
edimaxBackdoor.txt
Posted Jun 14, 2004
Authored by msl

Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.

tags | exploit
MD5 | 920cbf76ffc52c5242a7de9605b4317b
roundUP.txt
Posted Jun 10, 2004
Authored by Vickenty Fesunov

Roundup is susceptible to a directory traversal attack that will permit an attacker to view files outside of the web root.

tags | exploit, web, root
MD5 | 751d0c8016c146f80cc191a6fe075334
cpanelInject.txt
Posted Jun 10, 2004
Authored by verb0s

Reseller accounts used with Cpanel are able to change all passwords without verification.

tags | exploit
MD5 | f1426a10b54aadf67391f001ffad1b4b
rdboom.zip
Posted Jun 9, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Remote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.

tags | exploit, remote, denial of service, proof of concept
MD5 | d5fd2a22cd6cf8be1a8f6bf9e9461613
imperva.crystal2.txt
Posted Jun 9, 2004
Authored by Amichai Shulman, Moran Surf | Site imperva.com

Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.

tags | exploit, web, denial of service, vulnerability
MD5 | f8951acf73da7282b9b8a4924fe4e0a8
usr8003.txt
Posted Jun 9, 2004
Authored by Fernando Sanchez

USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.

tags | exploit, remote, javascript
MD5 | c4938d18d1cff57950f3c87e7661cd54
priv8ibserver.pl
Posted Jun 9, 2004
Authored by Priv8 Security Research | Site Priv8security.com

Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.

tags | exploit, remote, shell
systems | linux
MD5 | 64cc7abc7e92b0bb8f0e92b931e73d99
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close