Section: .. / 0008-exploits /
/// File Name: |
wcGoph.c |
Description:
|
Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0.
| Author: | WC | File Size: | 7419 | Last Modified: | Aug 14 02:04:33 2000 |
MD5 Checksum: | a3b6c54833b546a3182097e891afa9ad |
|
/// File Name: |
ssexploit502x.pl |
Description:
|
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k.
| Author: | Nemo | Homepage: | http://www.deepzone.org | File Size: | 15331 | Last Modified: | Aug 13 02:29:18 2000 |
MD5 Checksum: | 3bc933197771d5315f27ec9a7b873af5 |
|
/// File Name: |
statdx.c |
Description:
|
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2.
| Author: | Ron1n | File Size: | 19060 | Last Modified: | Aug 13 01:00:27 2000 |
MD5 Checksum: | 3c3eb475def70e5daeabfa5cdce96748 |
|
/// File Name: |
xgopher.c |
Description:
|
Gopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd.
| Author: | Vade79 | Homepage: | http://www.realhalo.org | File Size: | 7768 | Last Modified: | Aug 13 00:57:45 2000 |
MD5 Checksum: | c14ac8b3755c45bc40fc054898920107 |
|
/// File Name: |
hpux.ftpd.txt |
Description:
|
HPUX's ftpd contains a remotely exploitable format string vulnerability in the PASS command.
| Author: | Venglin | Homepage: | http://www.freebsd.lublin.pl | File Size: | 1080 | Last Modified: | Aug 11 00:59:15 2000 |
MD5 Checksum: | 52757625c75bb68c6c403710d078bc99 |
|
/// File Name: |
totalbill.c |
Description:
|
Totalbill is a complete billing and provisioning system for ISPs which contains remote root vulnerabilities.
| Author: | Brian Masney | File Size: | 2742 | Last Modified: | Aug 11 00:40:07 2000 |
MD5 Checksum: | 2b7daa973939807097e2ac0f7aa380b8 |
|
/// File Name: |
word-access.txt |
Description:
|
Georgi Guninski security advisory #17 - MS Word and MS Access 2000 (with or without Service Release 1a) allow executing arbitrary programs if a Word document is opened. This may be exploited also by visiting a web page with IE or opening/previewing HTML email message with Outlook. In order this to work, the user must be able to access a mdb file, which resides either on an UNC share or a local drive. This allows taking full control over user's computer. Demonstration exploit available here or here.
| Author: | Georgi Guninski | Homepage: | http://www.nat.bg/~joro | File Size: | 2984 | Last Modified: | Aug 10 01:23:51 2000 |
MD5 Checksum: | eb038ae038008adf38ec1a34dbcc3916 |
|
/// File Name: |
robpoll-cgi-problem.txt |
Description:
|
Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID.
| Author: | Alt3kx | Homepage: | http://www.hertmx.org | File Size: | 2266 | Last Modified: | Aug 9 23:31:28 2000 |
MD5 Checksum: | 3ccc125dc142a7db49311a108150e833 |
|
/// File Name: |
bohttpd.vulnerability.txt |
Description:
|
A vulnerability has been found in Dan Brumleve's Brown Orifice HTTPD (BOHTTPD) which is a web server and file sharing tool that runs as a Java Applet in Netscape Navigator.
| Author: | specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. ;Homepage: http://www.etl.go.jp/~takagi. | File Size: | 1344 | Last Modified: | Aug 9 05:18:35 2000 |
MD5 Checksum: | 965d8c14308ad6d17d82ad5910f37ecc |
|
/// File Name: |
xperl.sh |
Description:
|
Suidperl v5.00503 and below local root exploit which exploits an undocumented /bin/mail feature when perl wants to notify root on inode race conditions. Tested on Redhat 6.x/7.0.
| Author: | Michal Zalewski | Homepage: | http://lcamtuf.na.export.pl | File Size: | 5756 | Last Modified: | Aug 9 02:19:43 2000 |
MD5 Checksum: | 50a48f4a8f99682d1282169e08046448 |
|
/// File Name: |
BOHTTPD-0.1.tar.gz |
Description:
|
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here.
| Author: | Dan Brumleve | Homepage: | http://www.brumleve.com/BrownOrifice/BOHTTPD.cgi | File Size: | 17766 | Last Modified: | Aug 9 01:50:55 2000 |
MD5 Checksum: | 1237399111df49d4cbb52de18f034c5e |
|
/// File Name: |
xitdos.c |
Description:
|
Xitami Webserver v2.4d3 and below are vulnerable to a remote dos attack. Sending malformed data to port 81 will cause the server to stop responding. Tested agasinst Xitami on Win95/98/NT4.0.
| Author: | Mozy | File Size: | 5547 | Last Modified: | Aug 9 01:05:50 2000 |
MD5 Checksum: | fe429b58f15ba97c9b34dc2ce6ffe97e |
|
/// File Name: |
tin_bof.c |
Description:
|
Tin v1.4.3 local linux/x86 buffer overflow exploit which spawns a gid=news shell if /usr/bin/tin is setgid.
| Author: | Vade79 | Homepage: | http://www.realhalo.org | File Size: | 5033 | Last Modified: | Aug 5 03:41:05 2000 |
MD5 Checksum: | 38f634c84ebce9f02cbade96bace7ee2 |
|
/// File Name: |
servu25e.txt |
Description:
|
FTP Serv-U 2.5e for Windows will stack fault if sent a string containing a large number of null bytes. The system Serv-U is running on may become sluggish/unstable and eventually bluescreen. A valid user/pass combination is not required to take advantage of this vulnerability. Perl proof of exploit code included.
| Author: | Blue Panda | Homepage: | http://bluepanda.box.sk | File Size: | 1600 | Last Modified: | Aug 4 02:30:36 2000 |
MD5 Checksum: | d0aa2f692d58312439eab78bc2008a5c |
|
/// File Name: |
012.txt |
Description:
|
Pgxconfig is a Raptor graphics card configuration tool for Solaris which has multiple local vulnerabilities. The environment is not sanitized and root privileges are not dropped, allowing commands to be run as root. Local root exploit included.
| Author: | Suid courtesy of Bugtraq | Homepage: | http://www.suid.kg | File Size: | 4572 | Last Modified: | Aug 2 21:44:15 2000 |
MD5 Checksum: | 6e972f5716c026877853b5cc1c5cc953 |
|
/// File Name: |
rpc.statd.x86.c |
Description:
|
Linux/x86 rpc.statd remote root exploit.
| Author: | Doing courtesy of Bugtraq | File Size: | 6169 | Last Modified: | Aug 2 21:07:47 2000 |
MD5 Checksum: | 4ae08a9ce1799224f33fc2f26d18f9bd |
|
/// File Name: |
ntop.advisory.txt |
Description:
|
Ntop -w allows remote users who have permission to view traffic stats to view any file on the system as root.
| Author: | Dubhe courtesy of Bugtraq | Homepage: | http://www.hackerslab.org | File Size: | 1897 | Last Modified: | Aug 2 20:59:43 2000 |
MD5 Checksum: | afe2bd144d58dc5784dbc97357ad5406 |
|
/// File Name: |
FS-073100-10-BEA.txt |
Description:
|
Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems.
| Author: | Shreeraj Shah | Homepage: | http://www.foundstone.com/advisories.htm | File Size: | 5037 | Last Modified: | Aug 2 20:44:19 2000 |
MD5 Checksum: | 1dd991014f7279d9d772f52478be66d3 |
|
|
|
|
|