Section: .. / 0008-exploits /
| /// File Name: |
eject-x86.c |
Description:
|
/usr/bin/eject local root exploit for solaris 2.5 2.5.1 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 2120 | | Last Modified: | Sep 7 22:37:23 2000 |
| MD5 Checksum: | 7308219daf7c83c637920c0cd85f37b8 |
|
| /// File Name: |
eject.c |
Description:
|
/bin/eject local root exploit for solaris 2.5 2.5.1 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 1650 | | Last Modified: | Sep 7 22:21:45 2000 |
| MD5 Checksum: | 12d8a70763042b720188a420ee7c86a6 |
|
| /// File Name: |
eject3.c |
Description:
|
/usr/sbin/eject local exploit for Irix 6.2.
| | Homepage: | http://lsd-pl.net | | File Size: | 1692 | | Last Modified: | Sep 8 00:30:10 2000 |
| MD5 Checksum: | b4d3a80494b3fd6e91498e0cc48548be |
|
| /// File Name: |
everythingform.txt |
Description:
|
The Everything Form (everythingform.cgi) contains remote vulnerabilities which allow any file on the sytem to be read.
| | Author: | Signal 9 | | File Size: | 1850 | | Last Modified: | Aug 14 22:25:42 2000 |
| MD5 Checksum: | 886d2b5c72aae75767b040e22b3bbd9f |
|
| /// File Name: |
fdformat-x86.c |
Description:
|
/bin/fdformat for solaris 2.5 2.5.1 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 2222 | | Last Modified: | Sep 7 22:54:56 2000 |
| MD5 Checksum: | 2bb1d59e021606127ba8760761553b28 |
|
| /// File Name: |
fdformat.c |
Description:
|
/bin/fdformat local root exploit for solaris 2.5 2.5.1 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 1782 | | Last Modified: | Sep 7 22:20:54 2000 |
| MD5 Checksum: | c933d007471a0ff5ab4708209cf5ae26 |
|
| /// File Name: |
ffbconfig.c |
Description:
|
/usr/sbin/ffbconfig local root exploit for solaris 2.5 2.5.1 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 1801 | | Last Modified: | Sep 7 22:19:33 2000 |
| MD5 Checksum: | 2c5e7ff50700fd9684999fb461a4d779 |
|
| /// File Name: |
form-totaller.txt |
Description:
|
Form-Totaller version 1.0 (form-totaller.cgi) trusts user input for filenames, allowing a remote user to read any file on the webserver.
| | Author: | Signal 9 | | File Size: | 1879 | | Last Modified: | Aug 14 22:29:59 2000 |
| MD5 Checksum: | c176fa3885dae24832840fa6cf24539d |
|
| /// File Name: |
fpage-DoS.pl |
Description:
|
Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl.
| | Author: | alt3kx | | Homepage: | http://www.raza-mexicana.org | | File Size: | 4865 | | Last Modified: | Aug 30 23:24:30 2000 |
| MD5 Checksum: | 4ef33313379701100a8e4dac1ecbb646 |
|
| /// File Name: |
FS-073100-10-BEA.txt |
Description:
|
Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems.
| | Author: | Shreeraj Shah | | Homepage: | http://www.foundstone.com/advisories.htm | | File Size: | 5037 | | Last Modified: | Aug 2 20:44:19 2000 |
| MD5 Checksum: | 1dd991014f7279d9d772f52478be66d3 |
|
| /// File Name: |
FtpdXploit2000.tar |
Description:
|
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
| | Homepage: | http://www.geocities.com/cultbh | | File Size: | 20480 | | Last Modified: | Aug 30 10:41:33 2000 |
| MD5 Checksum: | e30e8c879f8071f9cc3b34371990388f |
|
| /// File Name: |
gr_osview.c |
Description:
|
/usr/sbin/gr_osview local exploit for Irix 6.2 and 6.3.
| | Homepage: | http://lsd-pl.net | | File Size: | 1758 | | Last Modified: | Sep 8 00:27:15 2000 |
| MD5 Checksum: | 5e2840ed7076d1cb5b71eb61c4225231 |
|
| /// File Name: |
gtkicq.c |
Description:
|
gtkicq-0.62 local exploit. Overflows the HOME environment variable.
| | Author: | Sebastien Roy | | File Size: | 2547 | | Last Modified: | Sep 7 22:30:51 2000 |
| MD5 Checksum: | 8487d5f8f0583ab4c9c53e62f381c74d |
|
| /// File Name: |
horde.txt |
Description:
|
The $from-bug is in the horde library file 'horde.lib', (on debian systems installed in /usr/share/horde/lib/horde.lib) in line 1108 belonging to function "mailfrom". In this file there is a call to "popen" with an unchecked "from:"-line as argument. Bug found and exploited by Jens "atomi" Steube, Fixed and documentated by Christian "thepoet" Winter
| | File Size: | 3312 | | Last Modified: | Sep 11 19:09:56 2000 |
| MD5 Checksum: | 7ee65a0d5d1fa264e6a56df32877bea2 |
|
| /// File Name: |
hpux.ftpd.txt |
Description:
|
HPUX's ftpd contains a remotely exploitable format string vulnerability in the PASS command.
| | Author: | Venglin | | Homepage: | http://www.freebsd.lublin.pl | | File Size: | 1080 | | Last Modified: | Aug 11 00:59:15 2000 |
| MD5 Checksum: | 52757625c75bb68c6c403710d078bc99 |
|
| /// File Name: |
htgrep.c |
Description:
|
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program.
| | Author: | n30 | | File Size: | 2386 | | Last Modified: | Aug 21 23:04:12 2000 |
| MD5 Checksum: | 44e6b83eeb52eb927c6866f44c07cd87 |
|
| /// File Name: |
HWA-warpcrash.c |
Description:
|
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
| | Author: | eth0 | | Homepage: | http://www.hwa-security.net | | File Size: | 2802 | | Last Modified: | Aug 31 01:56:28 2000 |
| MD5 Checksum: | 18b76e61c2aea73422b522534b5da8e6 |
|
| /// File Name: |
ie5-msn.exec.txt |
Description:
|
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here.
| | Author: | Georgi Guninski | | Homepage: | http://www.nat.bg/~joro | | File Size: | 8941 | | Last Modified: | Aug 16 02:12:00 2000 |
| MD5 Checksum: | 1f4cc1e9ab9d13efedb1c42dbabdbc96 |
|
| /// File Name: |
inpview.c |
Description:
|
/usr/lib/InPerson/inpview local exploit for irix 6.5 and 6.5.8.
| | Homepage: | http://lsd-pl.net | | File Size: | 1265 | | Last Modified: | Sep 8 00:30:59 2000 |
| MD5 Checksum: | e451bb3c91d58f58a0be7cf74296cba9 |
|
| /// File Name: |
irix-libc.c |
Description:
|
libc.so NLSPATH local exploit for Irix 6.2.
| | Homepage: | http://lsd-pl.net | | File Size: | 3111 | | Last Modified: | Sep 8 00:26:12 2000 |
| MD5 Checksum: | 2b1f37157932fbf6eba526123da8636f |
|
| /// File Name: |
irix-xlock.c |
Description:
|
Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit.
| | Homepage: | http://lsd-pl.net | | File Size: | 1744 | | Last Modified: | Sep 8 00:21:02 2000 |
| MD5 Checksum: | 19d26832ec333919d795f33bfc09de1f |
|
| /// File Name: |
irix.telnetd.txt |
Description:
|
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here.
| | Author: | LSD | | Homepage: | http://lsd-pl.net | | File Size: | 21301 | | Last Modified: | Sep 13 21:11:15 2000 |
| MD5 Checksum: | 22385913d3970f9f00addf76aa299fee |
|
| /// File Name: |
irix_rpc_ttdbserverd.c |
Description:
|
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2.
| | Homepage: | http://lsd-pl.net | | File Size: | 7902 | | Last Modified: | Sep 7 23:00:57 2000 |
| MD5 Checksum: | 983cc713413d355851a1143d56d1b1e5 |
|
| /// File Name: |
kcms_configure-x86.c |
Description:
|
/usr/openwin/bin/kcms_configure for solaris 2.5.1 2.7 x86.
| | Homepage: | http://lsd-pl.net | | File Size: | 2217 | | Last Modified: | Sep 7 22:54:13 2000 |
| MD5 Checksum: | d7fb8e71c2df1089a59cf1071a511f15 |
|
| /// File Name: |
kcms_configure.c |
Description:
|
/usr/openwin/bin/kcms_configure local root exploit for solaris 2.7 sparc.
| | Homepage: | http://lsd-pl.net | | File Size: | 2237 | | Last Modified: | Sep 7 22:18:46 2000 |
| MD5 Checksum: | 1dc3962c071af0f2d89f4f8957149827 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
