Section: .. / 0008-exploits /
/// File Name: |
awcrash.c |
Description:
|
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
| Author: | Wildcoyote | File Size: | 2830 | Last Modified: | Sep 7 21:57:15 2000 |
MD5 Checksum: | 8150a9c13739ea0d2df266164a0f3e73 |
|
/// File Name: |
HWA-warpcrash.c |
Description:
|
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
| Author: | eth0 | Homepage: | http://www.hwa-security.net | File Size: | 2802 | Last Modified: | Aug 31 01:56:28 2000 |
MD5 Checksum: | 18b76e61c2aea73422b522534b5da8e6 |
|
/// File Name: |
PHP-Nuke.c |
Description:
|
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc
| Author: | Fabian Clone | File Size: | 2800 | Last Modified: | Aug 22 00:29:53 2000 |
MD5 Checksum: | be38d88ef4fe90bff7fa3c1c2766dfb5 |
|
/// File Name: |
totalbill.c |
Description:
|
Totalbill is a complete billing and provisioning system for ISPs which contains remote root vulnerabilities.
| Author: | Brian Masney | File Size: | 2742 | Last Modified: | Aug 11 00:40:07 2000 |
MD5 Checksum: | 2b7daa973939807097e2ac0f7aa380b8 |
|
/// File Name: |
mail.c |
Description:
|
/usr/bin/mail local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2616 | Last Modified: | Sep 8 00:22:04 2000 |
MD5 Checksum: | 7ebdbdd3a3ce3f6fb2be68925c40d8ff |
|
/// File Name: |
gtkicq.c |
Description:
|
gtkicq-0.62 local exploit. Overflows the HOME environment variable.
| Author: | Sebastien Roy | File Size: | 2547 | Last Modified: | Sep 7 22:30:51 2000 |
MD5 Checksum: | 8487d5f8f0583ab4c9c53e62f381c74d |
|
/// File Name: |
vpn-root.txt |
Description:
|
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
| Author: | Loki | File Size: | 2506 | Last Modified: | Sep 1 00:55:18 2000 |
MD5 Checksum: | e652b5019d76b70669b11034ae0542a7 |
|
/// File Name: |
netpr-x86.c |
Description:
|
/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 x86.
| Homepage: | http://lsd-pl.net | File Size: | 2480 | Last Modified: | Sep 7 22:57:54 2000 |
MD5 Checksum: | fb4362db4333dc831e65cc4dc3c4a3fe |
|
/// File Name: |
libxt2.c |
Description:
|
libxt.so HOME environment variable local buffer overflow exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2471 | Last Modified: | Sep 8 00:29:14 2000 |
MD5 Checksum: | 7f9f46d42599b7d53ae329ac72d78ee1 |
|
/// File Name: |
rapidstream.vpn.txt |
Description:
|
RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
| Author: | Loki courtesy of Bugtraq. | File Size: | 2409 | Last Modified: | Aug 16 01:41:19 2000 |
MD5 Checksum: | 6e70e4def5f1cac4ebe348a0e56c6965 |
|
/// File Name: |
htgrep.c |
Description:
|
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program.
| Author: | n30 | File Size: | 2386 | Last Modified: | Aug 21 23:04:12 2000 |
MD5 Checksum: | 44e6b83eeb52eb927c6866f44c07cd87 |
|
/// File Name: |
dmplay.c |
Description:
|
/usr/sbin/dmplay local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2352 | Last Modified: | Sep 8 00:40:01 2000 |
MD5 Checksum: | ac9e33b42c4a60714cc75052c38c0cd9 |
|
/// File Name: |
CIMcheck.pl |
Description:
|
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
| Author: | Neon | Homepage: | | File Size: | 2352 | Last Modified: | Aug 31 00:24:11 2000 |
MD5 Checksum: | 2e1c146eee2782048fd6ac93640d7272 |
|
/// File Name: |
dtprint-info.c |
Description:
|
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7.
| Homepage: | http://lsd-pl.net | File Size: | 2341 | Last Modified: | Sep 7 22:02:45 2000 |
MD5 Checksum: | 996b54dfde60d93f64f22084f3efd836 |
|
/// File Name: |
lp.c |
Description:
|
/usr/bin/lp local root exploit for solaris 2.7 x86.
| Homepage: | http://lsd-pl.net | File Size: | 2321 | Last Modified: | Sep 7 22:59:48 2000 |
MD5 Checksum: | 706bd11fe7e7a238911ed863d11ec443 |
|
/// File Name: |
pset2.c |
Description:
|
/sbin/pset local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2295 | Last Modified: | Sep 8 00:28:02 2000 |
MD5 Checksum: | 248262637213c4375240580b19979b36 |
|
/// File Name: |
libgl.c |
Description:
|
libgl.so HOME environment variable local exploit for irix 6.2.
| Homepage: | http://lsd-pl.net | File Size: | 2287 | Last Modified: | Sep 8 00:25:04 2000 |
MD5 Checksum: | 7d324da5715b5fe5187746417eff352c |
|
/// File Name: |
xslrnpull.c |
Description:
|
Slrnpull.c exploits a local buffer overflow vulnerability in slrnpull version 0.9.6.2, which is setgid news. Tested against RedHat 6.2.
| Author: | Vade79 | Homepage: | http://www.realhalo.org | File Size: | 2272 | Last Modified: | Aug 23 01:39:37 2000 |
MD5 Checksum: | 71914e4011b9a4a07c80e1c6268761eb |
|
/// File Name: |
robpoll-cgi-problem.txt |
Description:
|
Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID.
| Author: | Alt3kx | Homepage: | http://www.hertmx.org | File Size: | 2266 | Last Modified: | Aug 9 23:31:28 2000 |
MD5 Checksum: | 3ccc125dc142a7db49311a108150e833 |
|
/// File Name: |
CIMcheck2.pl |
Description:
|
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
| Author: | Neon. | Homepage: | | File Size: | 2264 | Last Modified: | Sep 1 19:08:07 2000 |
MD5 Checksum: | fa0e00c5e4c740f4df71fc63ad10c38a |
|
/// File Name: |
autofsd.c |
Description:
|
Autofsd remote buffer overflow exploit for Irix 6.4 and 6.5.
| Homepage: | http://lsd-pl.net | File Size: | 2254 | Last Modified: | Sep 8 00:17:52 2000 |
MD5 Checksum: | 01378a7a7c5f88bb5c1927e293890131 |
|
/// File Name: |
libxt.c |
Description:
|
libxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2244 | Last Modified: | Sep 7 22:06:34 2000 |
MD5 Checksum: | 10711b16f233917851d0bf78daaaf957 |
|
/// File Name: |
kcms_configure.c |
Description:
|
/usr/openwin/bin/kcms_configure local root exploit for solaris 2.7 sparc.
| Homepage: | http://lsd-pl.net | File Size: | 2237 | Last Modified: | Sep 7 22:18:46 2000 |
MD5 Checksum: | 1dc3962c071af0f2d89f4f8957149827 |
|
/// File Name: |
vqserver.dos.txt |
Description:
|
vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected.
| Author: | nemesystm | Homepage: | http://dhcorp.cjb.net | File Size: | 2228 | Last Modified: | Aug 29 05:25:00 2000 |
MD5 Checksum: | 303c9106b865941caabe75045152da02 |
|
/// File Name: |
fdformat-x86.c |
Description:
|
/bin/fdformat for solaris 2.5 2.5.1 x86.
| Homepage: | http://lsd-pl.net | File Size: | 2222 | Last Modified: | Sep 7 22:54:56 2000 |
MD5 Checksum: | 2bb1d59e021606127ba8760761553b28 |
|
|
|
|
|