X_hp-ux11i_nls_ct.c is a local root format string exploit for /usr/bin/ct tested on HP-UX B11.11. Uses the NLSPATH vulnerability described here.
71dde078136563709d69fffe76fe51d144aa3f58c1a83dfd88e0d7845f48b687Find file routine for Windows, in asm.
0b7f4f98ac3878c2534bdee8d0045cfa8a21c3084b6b3c175293850771857d70DNS reflection denial of service attack, in perl.
a368a34d10ea873cc0c842888f12b59a2dffaefd52f32d4d2973d6f74182a5c9Mvdsv Quake Server v0.171 and below remote exploit. Tested against Debian GNU/Linux 3.0 and Slackware 9.0. Includes a patched Quake source which includes shellcode in cl_main.c which binds a shell to port 30464.
30a5e6805df4145c2e675df1b085f969cb03d35f69cc9143029a9300b4cc4caaBuffer Builder v1.5 is a tool which assists in building buffer overflow strings for local and remote exploits. Goes well with a disassembler and netcat and contains several useful shell codes.
39c3af509337569eee964333a3439de850f8fc3714f170e17d504bf6ee4104edWarFTPD v1.82.0.2 and below remote denial of service exploit, win32 binary. Disables WarFTPD by making multiple connections, causing the server to stop accepting new connections, and crash after two days.
8bf7426ed1dc76d02428fbb97a2a3528d8b853a4f90f55b79a8b0ec534da0fc2Thttpd v2.21 through 2.23b1 remote denial of service buffer overflow exploit.
dc4ab59e4569091147040021c6785d26637756f5863cd9d183215b3d2809884dViagra.pl is a linux hardening script which implements the /proc suggestions in the article available at http://www.securityfocus.com/infocus/1711. Disables ICMP ping replies, broadcast replies, source routed packets, packet spoofing protection, ignores ICMP redirects, packet forwarding, changes ip fragmentation buffers, allowed local sockets, rate limit ICMP replies, reject new ARP entries, change arp timeouts, enables syncookies, and more.
bd9dbf517e0f7ab18068c895eb5122a0fb0808a9ec37fccfbdbf19d0586c069aThttpd v2.21 through 2.23b1 remote denial of service buffer overflow exploit. Tested against FreeBSD, SunOS 4, Solaris 2, BSD/OS, Linux, and OSF.
38d094daad04305c09883e203114d57290f80d0373787893a50500e94e4263e9The FlexWATCH surveillance camera server (tested FlexWATCH-50 web ver 2.2 Build Nov 18 2003) is used by many banks and "secure" places and contains remotely exploitable vulnerabilities which allow remote attackers to view camera footage, add users, remove users, change the configuration, disable camera surveillance, cross site scripting, and more.
4934d0e7b56716500ef80132c3567024e4d6fe3186aa10eb1cec0cc51e6eb833Dcom RPC remote win32 exploit, ported to Windows for compilation with VC++ 6. Uses "magic keys" to find the offset. Ported by Lordy
132c24caa22412268215f455fb5e2eb14b4e96dd8f2b7f5f467245ef0395479eUW-imapd v12.261, 12.264, 2000.283, 2000.284, 2000.287 and 2001.315 remote exploit which takes advantage of a bug in the body command. Requires an IMAP username and password.
57acbd6f36f6e92260c5b0473a8510cf6873394e0cc85a088e9a5fb87f970645Remote exploit for login/telnetd tested on Solaris Sparc v6/7/8 which uses the TTYPROMPT vulnerability. Spawns a shell.
3255dac74a5fa59f23b39f6657e3aa239963942b62faec521f3928afcbece870IP Dump is a simple network traffic dump program for Linux 2.x; although it is similar to tcpdump, it does not require the libpcap library.
09c37ddf38e986cf8e349fd6aa6ae935e9d36b782f35bb44f9f9a8cad1818ba9x1bscan is a console based tcp connect() port scanner with HTTP and service banner grabbing. Written in perl and compiled into a Windows executable.
bd884f6d6a70dd8eeb9eef38b00b4d883502a0f0d34c61bb838f51dc438e0affOpera for Windows v7.x prior to v7.23 build 3227 contains a file overwrite vulnerability which allows remote downloads to overwrite any file on the filesystem.
f4080a105f0722ecfb13159fccbb24fb407efafa0251c74c77d7beb48149e744A simple tutorial on Windows Shellcoding - Shows how to write shellcode in asm that spawns a cmd shell. Includes tools to encode the asm code to avoid NULL bytes, and to generate the typical C shellcode. In Powerpoint and PDF format.
d612a88f1dba4e28d11743cd0d9579d520bc1ffcfcc355aa2d650faad3da1111/usr/sbin/grpck local buffer overflow exploit. Note that grpck is not setuid by default. Tested on Red Hat 7.3 and 8.0, Cobalt Linux 6.x and 7.x, Debian 2.1 and 2.2, and Mandrake 8.1 and 8.2.
2f0dd037d94f0621fdf5899a98d3b4876af41cefc6e9b04e0ac95bd98280d88aEbola v0.1.4 remote stack overflow exploit tested against Red Hat 8.0. Bug found by Secure Network Operations.
f87f77fdbe654f5c4799bc9de765897b0e95f1203c359f53800a5b8bf207f0aaCore Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.
44529d93a00bb88bb168c0c51d37842dbc5cf391d901a6518dd8e0c2baf882eeCisco ACNS software prior to 4.2.11 or 5.0.5 contain a remotely exploitable buffer overflow which is triggered by a long password. Affected devices include Content Routers 4400 series, Content Distribution Manager 4600 series, Content Engine 500 and 7300 series, and Content Engine Module for Cisco Routers 2600, 3600 and 3700 series. Workaround is to disable the CE GUI with the command "no gui-server enable".
e1fbc10f5a4b3db1525b14117a3a9d796203a1de05f9e836b730be2377f7e173Bindshell which has a password and defaults to tcp port 1348. Includes the ability to only allow certain IP's.
a99092c6a71a54dd9ddcfb2fa7d85132274feaf9c4e7738d40c42a4ecdc05cf2Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.
85b020d178f9754cbb630b420899e0a35ec15ff5fd3c3ba755e03d19390d2f14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed