Twenty Year Anniversary
Showing 1 - 25 of 155 RSS Feed

Files Date: 2003-09-01 to 2003-09-30

Posted Sep 29, 2003

GuppY versions 2.4p1 and below are susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | d9b975da70fae430922d7527eeb5c876
Posted Sep 29, 2003

CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.

tags | advisory, vulnerability
MD5 | 902f66495c6bec7e8a9822254d048fd1
Posted Sep 29, 2003
Authored by ThEcYnicaLonE

Simple tone generator script that will play the 2600Hz blue box tone on an HP39G graphical calculator.

tags | telephony
MD5 | a1df6a4d08ce5fd0799c1646e0911128
Posted Sep 29, 2003
Authored by Ulf Harnhammar, Richard R. Vasquez, Simon Cornelius P. Umacob | Site

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

tags | denial of service, overflow, php, xss
systems | unix
MD5 | d13edb1630ed39dbda47b125e8546620
Nikto Web Scanner 1.31
Posted Sep 29, 2003
Authored by Sullo | Site

Nikto 1.31 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: LibWhisker 1.8, additional configuration options, enhanced multiple-host scanning, and multiple bug fixes and more.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
MD5 | cb6719d7e0fd4659cb826f821f01cd64
Posted Sep 29, 2003
Authored by Todd MacDermid | Site

Stegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.

Changes: Added a reliable file transfer mode using Hamming-style error correction, and removes the requirement for a proxy IP address on some operating systems.
tags | encryption, tcp, steganography
MD5 | 80c70d10da7721c3ded5b931a18f9e03
Posted Sep 29, 2003

Packet Purgatory is a library the provides a portable API for intercepting, rewriting, and otherwise mangling flows of packets. It provides multiple mechanisms through the same interface for tweaking these packets, all without the local host's kernel being aware, or requiring any kernel modules. It enables odd packets to be modified in arbitrary streams without requiring the use of specialized client software.

tags | arbitrary, kernel, local, library
MD5 | 3095b395329d4489a3549d78453a40e0
Posted Sep 29, 2003

Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2003-0832, CVE-2003-0833
MD5 | 594440944622894635b9d3e601e21be9
Posted Sep 29, 2003
Authored by Brett Moore SA | Site

Version three of this paper discussing more shatter attacks that are possible using progress bars. Related information available here.

tags | exploit
MD5 | 1135794bd92aa08169c33e449387a87c
Posted Sep 29, 2003
Authored by Lorenzo Hernandez Garcia-Hierro | Site

Geeklog versions 2.x and below are susceptible to cross site scripting vulnerabilities and various SQL injection attacks.

tags | exploit, vulnerability, xss, sql injection
MD5 | 5e292ac0ff2be42ecabd916e479a3305
Posted Sep 29, 2003
Authored by jsk

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Binds a shell to port 26112. Tested against RedHat.

tags | exploit, remote, overflow, shell
systems | linux, redhat
MD5 | cc32ba54fe67a178fcd9b423342f3643
Posted Sep 29, 2003
Authored by rosiello

Contest ELF binary of arcs

MD5 | 682d04789bcfb445a70b722dcc9a7125
Posted Sep 29, 2003
Authored by rosiello

Contest file that has been encrypted with A.R.C.S. This file has a special message inside. Once cracked, utilize the instructions to redeem a free t-shirt.

MD5 | 04e33771caa9c31d42facdde52ddc5c3
Posted Sep 26, 2003
Authored by Juan Manuel Pascual Escriba | Site

Local root exploit for IBM DB2 Universal Database version 7.2 for Linux/s390 which makes use of the db2licm binary that is setuid by default.

tags | exploit, local, root
systems | linux
advisories | CVE-2003-0758, CVE-2003-0759
MD5 | 66f6d20f27d150e451308763e3f84b2f
Posted Sep 26, 2003
Authored by 0x333, nsn | Site

Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.

tags | tool, rootkit
systems | unix
MD5 | 008690b0235471672d814b9db06d94f4
HexView Security Advisory 2003-09-02.01
Posted Sep 26, 2003
Authored by HexView | Site

SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2003-0746
MD5 | a72c97334ef625ae17f2020de747904a
Posted Sep 26, 2003
Authored by _6mO_HaCk

Exploit that causes a denial of service against the SMC2404WBR BarricadeT Turbo 11/22 Mbps wireless cable/dsl broadband router by sending random UDP packets to multiple ports.

tags | exploit, denial of service, udp
MD5 | cd13536a95ff8f037417abe72891e053
Posted Sep 26, 2003
Authored by Gabucino

MPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.

tags | advisory, overflow, arbitrary
MD5 | edd046118752e03e9d2712cdc196fbc4
Posted Sep 26, 2003
Authored by Knud Erik Hojgaard | Site

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.

tags | exploit, remote, overflow, shell
systems | freebsd
MD5 | bec7a5ae73b4eb63bb76d5151e18f80b
Posted Sep 25, 2003
Authored by r-code

Remote exploit for atphttpd version 0.4b and below on Linux x86 that binds a shell to port 65535. Tested against Debian 3.0 and RedHat 8.0.

tags | exploit, remote, shell, x86
systems | linux, redhat, debian
MD5 | 12201535f967d9970d38c353615b22a4
Posted Sep 25, 2003
Authored by Arnaud Jacques | Site

MyServer 0.4.3 is susceptible to a directory traversal attack that allows access to files and directories outside of the web root.

tags | exploit, web, root
MD5 | b0cc267b208678ec8492add73805049f
Posted Sep 25, 2003
Authored by Nick Cleaton

The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.

tags | advisory, overflow
MD5 | 2a07b5b43930873626586fb1305d5015
Posted Sep 25, 2003
Authored by e2fsck | Site

sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.

tags | advisory, cgi
MD5 | 3b51d9073cab3e83dd79fb1c7efe05d8
Posted Sep 25, 2003
Authored by Sylvain Descoteaux

Remote MIRC proof of concept exploit that makes use of an overflow in the USERHOST reply to the mirc-client.

tags | exploit, remote, overflow, proof of concept
MD5 | 0c6308f424c2487217ea6a89f381c512
Posted Sep 25, 2003
Authored by Niels Provos | Site

Vomit, or voice over misconfigured internet telephones, is a utility that converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file.

tags | telephony
systems | cisco
MD5 | c81cd977ade651d9050f98326879dea0
Page 1 of 7

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    10 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By