Section: .. / 0008-exploits /
/// File Name: |
objectserver2.c |
Description:
|
SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list.
| Homepage: | http://lsd-pl.net | File Size: | 6357 | Last Modified: | Sep 7 23:04:56 2000 |
MD5 Checksum: | 7819f36ebeb0df0e7d844ea40bc548a4 |
|
/// File Name: |
outlookmailxploit.zip |
Description:
|
Microsoft Outlook remote exploit coded in delphi. Includes source code.
| Author: | Fbyte | File Size: | 190823 | Last Modified: | Sep 8 00:32:37 2000 |
MD5 Checksum: | 609d7f1261dc06565e9076ce17f1b7c7 |
|
/// File Name: |
passwd.c |
Description:
|
/bin/passwd local root exploit for Solaris 2.5 / 2.5.1.
| Homepage: | http://lsd-pl.net | File Size: | 1642 | Last Modified: | Sep 7 22:05:25 2000 |
MD5 Checksum: | 11c04649d2a1778c8af9806c351cb269 |
|
/// File Name: |
pgxconfig.sh |
Description:
|
TechSource Raptor GFX configurator (pgxconfig) local root exploit.
| Author: | Suid | File Size: | 1093 | Last Modified: | Sep 7 22:45:13 2000 |
MD5 Checksum: | b0f8b95c36241643788291ade89bb457 |
|
/// File Name: |
PHP-Nuke.c |
Description:
|
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc
| Author: | Fabian Clone | File Size: | 2800 | Last Modified: | Aug 22 00:29:53 2000 |
MD5 Checksum: | be38d88ef4fe90bff7fa3c1c2766dfb5 |
|
/// File Name: |
php-nuke.txt |
Description:
|
A short advisory on how to manipulate a bug in the PHP-nuke Web Portal System to allow you to gain administrative access.
| Author: | Starman_Jones | File Size: | 1799 | Last Modified: | Aug 24 19:09:49 2000 |
MD5 Checksum: | f63871452fe6ee993b8f7a7961c8f7e0 |
|
/// File Name: |
pset2.c |
Description:
|
/sbin/pset local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2295 | Last Modified: | Sep 8 00:28:02 2000 |
MD5 Checksum: | 248262637213c4375240580b19979b36 |
|
/// File Name: |
rapidstream.vpn.txt |
Description:
|
RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
| Author: | Loki courtesy of Bugtraq. | File Size: | 2409 | Last Modified: | Aug 16 01:41:19 2000 |
MD5 Checksum: | 6e70e4def5f1cac4ebe348a0e56c6965 |
|
/// File Name: |
rdist.c |
Description:
|
/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2124 | Last Modified: | Sep 7 22:11:52 2000 |
MD5 Checksum: | 40a867deaba689aa34e97cf710b084f9 |
|
/// File Name: |
robpoll-cgi-problem.txt |
Description:
|
Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID.
| Author: | Alt3kx | Homepage: | http://www.hertmx.org | File Size: | 2266 | Last Modified: | Aug 9 23:31:28 2000 |
MD5 Checksum: | 3ccc125dc142a7db49311a108150e833 |
|
/// File Name: |
rpc.statd.x86.c |
Description:
|
Linux/x86 rpc.statd remote root exploit.
| Author: | Doing courtesy of Bugtraq | File Size: | 6169 | Last Modified: | Aug 2 21:07:47 2000 |
MD5 Checksum: | 4ae08a9ce1799224f33fc2f26d18f9bd |
|
/// File Name: |
rpc_cmsd.c |
Description:
|
rpc.cmsd remote root exploit for solaris 2.5 2.5.1 2.6 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 12135 | Last Modified: | Sep 7 22:24:36 2000 |
MD5 Checksum: | a68bd364a5bd58109cc0e4c852295562 |
|
/// File Name: |
rpc_ttdbserverd.c |
Description:
|
rpc.ttdbserverd remote root exploit for solaris 2.3 2.4 2.5 2.5.1 2.6 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 8792 | Last Modified: | Sep 7 22:23:37 2000 |
MD5 Checksum: | de488f5d152139ee527eb5b73f54902a |
|
/// File Name: |
servu25e.txt |
Description:
|
FTP Serv-U 2.5e for Windows will stack fault if sent a string containing a large number of null bytes. The system Serv-U is running on may become sluggish/unstable and eventually bluescreen. A valid user/pass combination is not required to take advantage of this vulnerability. Perl proof of exploit code included.
| Author: | Blue Panda | Homepage: | http://bluepanda.box.sk | File Size: | 1600 | Last Modified: | Aug 4 02:30:36 2000 |
MD5 Checksum: | d0aa2f692d58312439eab78bc2008a5c |
|
/// File Name: |
spad02.txt |
Description:
|
Unavailable.
| File Size: | 8894 | Last Modified: | Aug 24 19:57:43 2000 |
MD5 Checksum: | 78978df1ffd3d83d01195c113927bb9a |
|
/// File Name: |
srcgrab.pl.txt |
Description:
|
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages.
| Author: | Smiler | File Size: | 7692 | Last Modified: | Aug 17 19:28:32 2000 |
MD5 Checksum: | 821dc542307911b4bfd039e2463a515e |
|
/// File Name: |
ssexploit502x.pl |
Description:
|
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k.
| Author: | Nemo | Homepage: | http://www.deepzone.org | File Size: | 15331 | Last Modified: | Aug 13 02:29:18 2000 |
MD5 Checksum: | 3bc933197771d5315f27ec9a7b873af5 |
|
/// File Name: |
statdx.c |
Description:
|
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2.
| Author: | Ron1n | File Size: | 19060 | Last Modified: | Aug 13 01:00:27 2000 |
MD5 Checksum: | 3c3eb475def70e5daeabfa5cdce96748 |
|
/// File Name: |
subscribeme.txt |
Description:
|
Unavailable.
| File Size: | 2010 | Last Modified: | Aug 24 22:29:08 2000 |
MD5 Checksum: | b32fff4d493f1bd7bb88989d494fd742 |
|
/// File Name: |
tin_bof.c |
Description:
|
Tin v1.4.3 local linux/x86 buffer overflow exploit which spawns a gid=news shell if /usr/bin/tin is setgid.
| Author: | Vade79 | Homepage: | http://www.realhalo.org | File Size: | 5033 | Last Modified: | Aug 5 03:41:05 2000 |
MD5 Checksum: | 38f634c84ebce9f02cbade96bace7ee2 |
|
/// File Name: |
tip.c |
Description:
|
/usr/bin/tip local root exploit for solaris 2.6 2.7 x86.
| Homepage: | http://lsd-pl.net | File Size: | 2961 | Last Modified: | Sep 7 22:50:32 2000 |
MD5 Checksum: | 84b3ef4a3056f76c2d99ad9fb7040998 |
|
/// File Name: |
totalbill.c |
Description:
|
Totalbill is a complete billing and provisioning system for ISPs which contains remote root vulnerabilities.
| Author: | Brian Masney | File Size: | 2742 | Last Modified: | Aug 11 00:40:07 2000 |
MD5 Checksum: | 2b7daa973939807097e2ac0f7aa380b8 |
|
/// File Name: |
trans.pl |
Description:
|
Win2k IIS remote exploit - Retrieves files using the Translate: f bug.
| Author: | Roelof Temmingh | File Size: | 1154 | Last Modified: | Sep 8 00:34:23 2000 |
MD5 Checksum: | ca39fae3ccf6cef0b09f5c8b1e171366 |
|
/// File Name: |
ufs-restore.c |
Description:
|
/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2081 | Last Modified: | Sep 7 22:10:28 2000 |
MD5 Checksum: | 22672f0a24f858d6b9de77583a41ee05 |
|
|
|
|
|