exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 155 RSS Feed

Files Date: 2003-09-01 to 2003-09-30

guppy.txt
Posted Sep 29, 2003
Site echu.org

GuppY versions 2.4p1 and below are susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 2f0514a9a3fa459e3558f6b788b7b89322133fbab342c2b85cfd06203c1aac33
certOpenSSH.txt
Posted Sep 29, 2003
Site cert.org

CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.

tags | advisory, vulnerability
SHA-256 | 8449aa3e99be0546fbd8e7e2af73625b1196bbdd34a3db0ff39bbc6bb7a4050a
tonengenerator.txt
Posted Sep 29, 2003
Authored by ThEcYnicaLonE

Simple tone generator script that will play the 2600Hz blue box tone on an HP39G graphical calculator.

tags | telephony
SHA-256 | 9bf3a037ffe01de3ed4f73753a1bff4dbfae8e03a78eba1a52e03d25492d6eeb
kses-0.2.1.tar.gz
Posted Sep 29, 2003
Authored by Ulf Harnhammar, Richard R. Vasquez, Simon Cornelius P. Umacob | Site sourceforge.net

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

tags | denial of service, overflow, php, xss
systems | unix
SHA-256 | 650ffa702ed6c8d0c73b7c94d754b38660d482b371122c9d3809924aab1d6f76
Nikto Web Scanner 1.31
Posted Sep 29, 2003
Authored by Sullo | Site cirt.net

Nikto 1.31 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: LibWhisker 1.8, additional configuration options, enhanced multiple-host scanning, and multiple bug fixes and more.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
SHA-256 | e659d4e34f697bd861c843571f8632c1cf0acc37372abe33af2f6c7ad8814846
stegtunnel-0.4.tar.gz
Posted Sep 29, 2003
Authored by Todd MacDermid | Site synacklabs.net

Stegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.

Changes: Added a reliable file transfer mode using Hamming-style error correction, and removes the requirement for a proxy IP address on some operating systems.
tags | encryption, tcp, steganography
SHA-256 | 11966b466a58cdf47871a9d251dd8d6cc2391268979f455414922b1a72b8a13d
packetp-0.4.1.tar.gz
Posted Sep 29, 2003
Site synacklabs.net

Packet Purgatory is a library the provides a portable API for intercepting, rewriting, and otherwise mangling flows of packets. It provides multiple mechanisms through the same interface for tweaking these packets, all without the local host's kernel being aware, or requiring any kernel modules. It enables odd packets to be modified in arbitrary streams without requiring the use of specialized client software.

tags | arbitrary, kernel, local, library
SHA-256 | e33b036f3f6e53cf86e1566a171ce75e7abe25f0e2054cf808d0b4f2b83cc211
DSA-392-1
Posted Sep 29, 2003
Site debian.org

Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2003-0832, CVE-2003-0833
SHA-256 | 9443b8e1123e6cdc03ed05065c4960fe80ad9286e2141b58396091a3b511d50b
shatterSEH3.txt
Posted Sep 29, 2003
Authored by Brett Moore SA | Site security-assessment.com

Version three of this paper discussing more shatter attacks that are possible using progress bars. Related information available here.

tags | exploit
SHA-256 | 787e917da3242f5237e198f43f899c54f8b8719ed978cf8961d1090447b3c4c9
geeklog2.txt
Posted Sep 29, 2003
Authored by Lorenzo Hernandez Garcia-Hierro | Site security.novappc.com

Geeklog versions 2.x and below are susceptible to cross site scripting vulnerabilities and various SQL injection attacks.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 00084a1aaef68a8f9088d25e72f314aded4e7fda302ffd1525cd89404e07df72
cfengine.c
Posted Sep 29, 2003
Authored by jsk

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Binds a shell to port 26112. Tested against RedHat.

tags | exploit, remote, overflow, shell
systems | linux, redhat
SHA-256 | 3d6399d602afc8e1234d04097ff5ebf01664d6980f11dcdde0306ddfc376b787
arcs
Posted Sep 29, 2003
Authored by rosiello

Contest ELF binary of arcs

SHA-256 | 615dc4fcd40c7f7d4123ecb43350ad08345f65e8de32e8c7d92f91c1ee49e6d3
CrackMe.ARCS
Posted Sep 29, 2003
Authored by rosiello

Contest file that has been encrypted with A.R.C.S. This file has a special message inside. Once cracked, utilize the instructions to redeem a free t-shirt.

SHA-256 | e0d5eaeef711c7ec0bdbf227d50ccdb48fc4279a59d6e1743828a9699da2285a
IBM-DB2-db2licm.c
Posted Sep 26, 2003
Authored by Juan Manuel Pascual Escriba | Site concepcion.upv.es

Local root exploit for IBM DB2 Universal Database version 7.2 for Linux/s390 which makes use of the db2licm binary that is setuid by default.

tags | exploit, local, root
systems | linux
advisories | CVE-2003-0758, CVE-2003-0759
SHA-256 | ccb20c18f85e2c98e30d47ca465bac0c1611eb9129899f18dfd2745dcb29c56e
0x333openssh-3.7.1p2.tar.gz
Posted Sep 26, 2003
Authored by 0x333, nsn | Site 0x333.org

Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.

tags | tool, rootkit
systems | unix
SHA-256 | cba676dad9c6caff1464d156aa462f531899bd8d3dab808f4329914f0e04fe19
HexView Security Advisory 2003-09-02.01
Posted Sep 26, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2003-0746
SHA-256 | aff987ebea44700e772f00905cc18391b6bb9872ff70d9c1c6d4a9fb41d1b8d0
smc2404WBR.txt
Posted Sep 26, 2003
Authored by _6mO_HaCk

Exploit that causes a denial of service against the SMC2404WBR BarricadeT Turbo 11/22 Mbps wireless cable/dsl broadband router by sending random UDP packets to multiple ports.

tags | exploit, denial of service, udp
SHA-256 | 90a530b5dfa8a1cfd55a585196bee3b8a7fcb9d85ee26a46d30fb0ccb6f67ca1
mplayer.txt
Posted Sep 26, 2003
Authored by Gabucino

MPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.

tags | advisory, overflow, arbitrary
SHA-256 | 2af2556fcb1380006342d2625cc0b7b5db7a48e6698ee3f1c1fe8ae31e1793d5
DSR-cfengine.pl
Posted Sep 26, 2003
Authored by Knud Erik Hojgaard | Site dtors.net

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.

tags | exploit, remote, overflow, shell
systems | freebsd
SHA-256 | e3e547732748f7447108587f2723bccdb4db27e138cffb4956e21946879efff3
atphttp0x06.c
Posted Sep 25, 2003
Authored by r-code

Remote exploit for atphttpd version 0.4b and below on Linux x86 that binds a shell to port 65535. Tested against Debian 3.0 and RedHat 8.0.

tags | exploit, remote, shell, x86
systems | linux, redhat, debian
SHA-256 | 88c26342e5f68deb853d183ed815a06e8979d2f24a421572d430729ffa44b177
myserver043.txt
Posted Sep 25, 2003
Authored by Arnaud Jacques | Site securiteinfo.com

MyServer 0.4.3 is susceptible to a directory traversal attack that allows access to files and directories outside of the web root.

tags | exploit, web, root
SHA-256 | 68bb16515c9ee3c7c84f0f2841e61a967e5f41bddba16ef2109fdc524f55d956
cfengine.txt
Posted Sep 25, 2003
Authored by Nick Cleaton

The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.

tags | advisory, overflow
SHA-256 | 4f06f3f2f02b486dfdd217a7ff03223f7424d241ec1afc4a509699b4844b8187
sbox-adv.txt
Posted Sep 25, 2003
Authored by e2fsck | Site eightone.mafiadodiva.org

sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.

tags | advisory, cgi
SHA-256 | fc5c9dad742ebccdda421f6976490552abe905fc46a6e3f379b4330516de256a
Mirc-USERHOST-Poc.zip
Posted Sep 25, 2003
Authored by Sylvain Descoteaux

Remote MIRC proof of concept exploit that makes use of an overflow in the USERHOST reply to the mirc-client.

tags | exploit, remote, overflow, proof of concept
SHA-256 | 3774e02cc6ee4c5aca911c9c7b205bbe05c9bb15c2744e361b6003cd73bb6347
vomit-0.2.tar.gz
Posted Sep 25, 2003
Authored by Niels Provos | Site vomit.xtdnet.nl

Vomit, or voice over misconfigured internet telephones, is a utility that converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file.

tags | telephony
systems | cisco
SHA-256 | 39781b0d74b5139af7a5256779e01855f6e015c12dafc16f9fc6f86d7c316ceb
Page 1 of 7
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close