what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 94 RSS Feed

Files Date: 2003-05-01 to 2003-05-31

Owl_Intranet_Engine.txt
Posted May 15, 2003
Authored by Christopher M Downs | Site angrypacket.com

Owl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.

tags | exploit
SHA-256 | 03f9bd851bb279e45b8bb81e862206499d29b6ff1c7a2b6bf67e4d7c8450af8f
posterv2.txt
Posted May 15, 2003
Authored by Peter Winter-Smith

Poster version.two, the PHP news posting system, suffers from a vulnerability in the index.php file that allows a user to edit their account. Since the user is allowed to change the embedded information in the code, they can achieve privilege escalation to an administrative level.

tags | exploit, php
SHA-256 | dc71044533eb04ee5b535377f6bf7916a5d9ffba89345827b2c427c81a5b49dc
puttypower.cpp
Posted May 15, 2003
Authored by Hi_Tech_Assassin

Putty v0.52 and below remote exploit which poses as an ssh daemon and will bind cmd.exe on port 31337 of the victim sshing inbound. Tested against Windows XP and 98SE.

tags | exploit, remote
systems | windows
SHA-256 | eafb21d90b54269b8a8b5aba1dbea160f82668e29aadfa66c25daf5443e53fc9
priv8cdr.pl
Posted May 13, 2003
Authored by wsxz | Site priv8security.com

Local root exploit for Cdrecord versions 2.0 and below under Linux. Version 1.10 is not vulnerable.

tags | exploit, local, root
systems | linux
SHA-256 | 914dac976a698edcc4171c58949751d969d9fb21519d7ad028595eb0ff3c9047
jscriptdll.txt
Posted May 13, 2003
Authored by Gregory R. Panakkal | Site evilcreations.net

Microsoft's Windows Script Engine within the Windows operating system has a flaw in its implementation of jscript.dll. When a malicious web page is loaded with code that points to self.window() random errors and lock ups occur in Internet Explorer. Tested against IE versions: 5.01 (Win2000), 5.5(Win98SE), 6.0(WinXP). Vulnerable jscript.dll versions: 5.1.0.8513 (Win2000), 5.5.0.8513 (Win98SE), 5.6.0.6626 (WinXP Pro), 5.6.0.8513 (Win2000).

tags | exploit, web
systems | windows
SHA-256 | 47ac1d606f466452571ac90777b13a37b24d69838cf1609016f6c7dfe9905845
Atstake Security Advisory 03-05-12.1
Posted May 13, 2003
Authored by David Goldsmith, Jeremy Rauch, Atstake | Site atstake.com

Atstake Security Advisory A051203-1 - The Apple AirPort XORs a password with a fixed maximum of 32 bytes against a predefined key. If a password is set to one character, a simple sniff of the 32 byte block will reveal 31 bytes of the XOR key. The final byte can be obtained by XORing the obfuscated first byte against the first character of the plaintext password.

tags | advisory
systems | apple
SHA-256 | 72c9a3c6b408f1e2bd344bc4e089fb5e6fd14d01b2497ba07065546cd0280432
secuniaOpera.txt
Posted May 13, 2003
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.

tags | advisory, remote, denial of service, vulnerability, code execution
SHA-256 | 6813e2fb04422a621b2923b0573f448627a664e0e64d5de3ab7ba2ce8d64ae00
snitz_exec.txt
Posted May 13, 2003
Authored by sharpiemarker

Snitz Forums v3.3.3 has an SQL injection vulnerability in its register.asp page with its Email variable. Because register.asp does not check user input, remote users can execute stored procedures, such as xp_cmdshell, to arbitrarily run non-interactive commands on the system.

tags | exploit, remote, sql injection, asp
SHA-256 | 88e2db0c77773604dc8879db1c1af96995d5144b910b58b58ca6716c337beb02
execve-bash.c
Posted May 13, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

Linux x86 shellcode (48 bytes) which does setreuid(0,0); execve("/bin/bash", NULL); exit(0);

tags | x86, shellcode, bash
systems | linux
SHA-256 | 9b5c6592a60521c7b883d20faff2a3b2f672c2706732bafb65e60fe26cd543f8
katax.c
Posted May 13, 2003
Authored by Gunzip

Local root exploit for Leksbot binary KATAXWR that was accidentally packaged setuid. Tested against Debian Linux 3.0.

tags | exploit, local, root
systems | linux, debian
SHA-256 | ccefd74ac440c99d2929476f1ac0e07bf8e39606aab167acff5334c8834e26e8
dsr-adv001.txt
Posted May 12, 2003
Authored by Bob, Knud Erik Hojgaard | Site dtors.net

Firebird has 3 binaries: gds_inet_server, gds_drop, and gds_lock_mgr, which all use insufficent bounds checking in conjunction with getenv(), making each one susceptible to local exploitation. Enclosed are two local root exploits tested against versions 1.0.0 and 1.0.2 on FreeBSD.

tags | exploit, local, root
systems | freebsd
SHA-256 | 7841bcf9369b0cfc917765429ceb7118d676bfc4a650b097f57716bfab790d9a
eserv-mem.txt
Posted May 12, 2003
Authored by Matthew Murphy

eServ's connection handling routine contains a memory leak that may be exploited to cause the eServ daemon to become unavailable. After several thousand successful connections, memory use on the system becomes exceedingly high, resulting in a denial of service.

tags | exploit, denial of service, memory leak
SHA-256 | d2f4390109435ee36d5dc375522685bfd5454f284c2857c2ce225b3a35457ead
snuffi-0.1.tar.gz
Posted May 12, 2003
Authored by Maik Pfeil | Site arbon.elxsi.de

Snuffi v0.1 is a linux kernel module that adds a hook to the incoming and outgoing queue of netfilter. Currently this module only supports traffic for IPv4 and TCP.

tags | tool, kernel, tcp, firewall
systems | linux
SHA-256 | 6e6f24562877cbfa3f9ec480e172b0a06585a614fbf1ae92d4b99776ec86193e
cmail-vuln.txt
Posted May 12, 2003
Authored by Dennis Rand | Site Infowarfare.dk

A buffer overflow exists in the ESMTP CMailServer 4.0.2002.11.24 SMTP Service, resulting in a denial of service attack. It is possible to overwrite the exception handler on the stack allowing a system compromise with code execution running as SYSTEM.

tags | advisory, denial of service, overflow, code execution
SHA-256 | 5b6c7e29cda4b4895c96fe3a992e7e4f08e616bb0355e42816d8f3195bf180b9
logo.jpg
Posted May 9, 2003
Authored by rosiello

Logo for Rosiello Security.

SHA-256 | 0bfed6f5caae43af3e38e2ad5f5837e643c5bcfeee1d3d1070ce7bbe8ae7d868
srt2003-1137.txt
Posted May 9, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-05-08-1137: A problem appears to be created by a series of strcat(), sprintf(), and strcpy() functions in ListProc <= 8.2.09 enabling an attacker to gain root privileges through a buffer overflow.

tags | advisory, overflow, root
SHA-256 | 6f50fd0f97d230ad3274da01950442528af3f72db94c34f4def4b44e8d943785
defuserootkit.tar
Posted May 9, 2003
Authored by cameleonu

This utility removes LKM rootkits that normally are undetectable via the help of vmalloc which manages the memory for a kernel module. Tested against Adore, Knark, Sinapse, Heroin, and others.

tags | tool, kernel, rootkit
systems | unix
SHA-256 | 1a65bc5b515606ae0a738c74395b3b5abac289826e46616fd86d68bcd4dc0908
PFExploit.c
Posted May 9, 2003
Authored by ThreaT | Site s0h.cc

Kerio Personal Firewall <= 2.1.4 and Tiny Personal Firewall <= 2.0.15 remote exploit that makes use of a buffer overflow condition discovered in the PFEngine used for both products.

tags | exploit, remote, overflow
SHA-256 | e09529ee95b595d74fd8ddc93ccb3d46340c18332d5c962f794898dac30815bb
hotmailpassport.txt
Posted May 9, 2003
Authored by Muhammad Faisal Rauf Danka

Microsoft's Hotmail and Passport .NET accounts are vulnerable to having their password reset by a remote attacker due to lack of input validation for a secondary email address.

tags | exploit, remote
SHA-256 | da7c4583da30ce3f7f9b4d3258dccc122a3632f5231b1b2da644115ac2f10a3d
AudixShell.txt
Posted May 9, 2003
Authored by Cushman

The Intuity Audix voicemail system by default is maintained over port 23 (telnet) in a restricted command interface. If an attacker has a known account/password, they can circumvent this interface and get an unrestricted shell using rexec.

tags | exploit, shell
SHA-256 | 4fcde277b065ccb6ef5420098a7767fb530e514f5b5d5d99c34c266efcaab54a
unhappycgi.txt
Posted May 9, 2003
Authored by revin aldi

Happymall E-Commerce software versions 4.3 and 4.4 are vulnerable to remote command execution due to a lack of input validation in the normal_html.cgi script.

tags | exploit, remote, cgi
SHA-256 | eab0754ef30dce301af456ecddca51b467284212d77cc05906c7a6f626e4b8b0
wmedia.skin.txt
Posted May 9, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.

tags | advisory, web, arbitrary
systems | windows
SHA-256 | 6830f8477260f63dd614d39ad9542f854621edd6549ee5f678a0dddd09b987a6
SLWebmail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.

tags | advisory, overflow, arbitrary
SHA-256 | 54067ee210fce9b8f593df9b701aad1f9b7f8d14e93cc22925ce3b332df7bdb6
SLMail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.

tags | advisory, overflow
SHA-256 | f1596ac171952997d68b570e48c7d33e603793b70bb773d5a05f225bd2eec995
ciscoVPN3000.txt
Posted May 8, 2003
Authored by Cisco Systems PSIRT | Site cisco.com

Cisco Security Advisory: Multiple vulnerabilities have been found in the Cisco VPN 3000 Concentrator series which includes models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The enabling IPSec over TCP, malformed SSH initialization packet, and malformed ICMP traffic vulnerabilities are discussed.

tags | advisory, tcp, vulnerability
systems | cisco
SHA-256 | af88958829ec7097e77e47c07920a93812b55c63f638f0ac556a6c8a32743dc5
Page 3 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close