Section:  .. / 0209-exploits  /

Page 2 of 3
<< 1 2 3 >> Files 25 - 50 of 73
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: trillian-ini-decrypt.c
Description:
Trillian, a popular utility used in conjunction with various Instant Messaging like ICQ, AIM, MSN Messenger, etc, stores a User's password utilizing a simple XOR with a key that is uniform throughout every installation. This utility decrypts all related .INI files displaying a list of usernames, "encrypted" passwords, and plain text passwords.
Author:Evan Nemerson
File Size:5538
Last Modified:Sep 10 06:53:31 2002
MD5 Checksum:8f33c678cbd7adb091aaa4b1764a89ce

 ///  File Name: idefense.smrsh.txt
Description:
DEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
Author:David Endler, Zen-Parse, and Pedram Amini
Homepage:http://www.idefense.com
File Size:5421
Last Modified:Oct 2 08:17:32 2002
MD5 Checksum:6b1f79ee66a3ac3df14ff5df61ce1de7

 ///  File Name: phpcrlf.txt
Description:
fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays.
Author:Ulf Harnhammar
File Size:4861
Last Modified:Sep 11 06:25:52 2002
MD5 Checksum:fb701d51ad9b8b40f4146b525decc01a

 ///  File Name: gm010-ie
Description:
GreyMagic Security Advisory GM#010-IE - Microsoft Internet Explorer 5.5 and above are vulnerable to an attacker who can execute scripts on any page that contains frame or iframe elements, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that an attacker can steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine. Note that any other application that uses Internet Explorer's engine is also affected.
Homepage:http://sec.greymagic.com/adv/gm010-ie/
File Size:4712
Last Modified:Sep 11 08:20:53 2002
MD5 Checksum:0a3d976bfa8b7f03c04ae3576b7fb110

 ///  File Name: trillident.c
Description:
Exploit for the PRIVMESG remote denial of service vulnerability that exists in Trillian v.73 and .74 which sends an overflow in the ident connection. Compiles on Unix based OS's.
Author:Netmask
File Size:4665
Last Modified:Sep 21 09:35:05 2002
MD5 Checksum:73cffa14787d80bf5655dc7c2ecb1125

 ///  File Name: lconfmdk.c
Description:
Linuxconf local root exploit for Mandrake 8.2.
Author:Priest.
File Size:4215
Last Modified:Sep 17 13:39:57 2002
MD5 Checksum:0d6dda171bc76298526af8422229e9cb

 ///  File Name: vbull.c
Description:
Vbulletin/calender.php remote command execution exploit.
Author:Gosper
File Size:4075
Last Modified:Sep 25 07:53:47 2002
MD5 Checksum:0569a0851a81caa5f67a940a3af6fe2d

 ///  File Name: scrollkeeper.txt
Description:
A vulnerability exists in the insecure creation of files in /tmp by Scrollkeeper versions 0.3.4 and 0.3.11. Proof of concept exploit included.
Author:Spybreak
File Size:3668
Last Modified:Sep 4 08:02:08 2002
MD5 Checksum:e06c401b1d6823296aa0197b92db901c

 ///  File Name: openbsd-select-bug.txt
Description:
Research on the recent OpenBSD select() bug and its possible exploitation. Includes a local denial of service exploit which was tested on OpenBSD v2.6 - 3.1.
Author:Sec
Homepage:http://www.drugphish.ch
File Size:3560
Last Modified:Sep 29 12:11:35 2002
MD5 Checksum:11b34ff9c52e9241262598028265afec

 ///  File Name: nslconf.c
Description:
Linuxconf v1.28r3 and below local exploit which uses the ptrace method to find the offset. Tested on Mandrake 8.0 and 8.2, and Redhat 7.2 and 7.3.
Author:Raise
Homepage:http://www.netsearch-ezine.com
File Size:3381
Last Modified:Sep 30 06:53:41 2002
MD5 Checksum:d7351358fc20587891f1f8c16b558242

 ///  File Name: idefense.libkvm.txt
Description:
iDEFENSE Security Advisory 09.16.2002 - The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These five programs are installed setgid kmem by default. Exploit information included.
Author:David Endler and Jaguar
Homepage:http://www.idefense.com
File Size:3351
Last Modified:Sep 17 14:29:59 2002
MD5 Checksum:b728af73087e744934fdfbbea052f689

 ///  File Name: guardadv.db4web.txt
Description:
Guardeonic Solutions Security Advisory #01-2002 - The DB4Web Application Server for Linux, Unix, and Windows can be accessed with malicious URLs allowing users to download any readable file on the server. Exploit URL's included.
Author:Stefan Bagdohn
Homepage:http://www.guardeonic.com
File Size:3215
Last Modified:Sep 21 10:09:06 2002
MD5 Checksum:64d4d5f90284d5f5e2d2bb4d52fe728f

 ///  File Name: pwck_exp.c
Description:
Pwck local linux buffer overflow exploit.
Author:default /usr/sbin/pwck is not setuid, if +s pwck bingo #. Tested on Mandrake 8.2.
File Size:3099
Last Modified:Sep 5 07:30:36 2002
MD5 Checksum:5bf12aa6da163e5d29f5c86199ba3290

 ///  File Name: ES-cisco-vpn.c
Description:
Cisco VPN 5000 Linux client version 5.1.5 local root exploit that uses the close_tunnel binary.
Author:ElectronicSouls
File Size:3087
Last Modified:Sep 19 14:07:14 2002
MD5 Checksum:a2c3a57714a738b22361ec246558f0da

 ///  File Name: autolinuxconf.tgz
Description:
Autolinuxconf.tgz is an improved exploit for linuxconf <= 1.28r3 which has been found to work on Mandrake 8.1 and 8.2 and Redhat 7.2 and 7.3.
Author:Syscalls
Homepage:http://www.myseq.com
File Size:2880
Last Modified:Sep 11 16:05:00 2002
MD5 Checksum:835c256e407b88f79f3720a9d406f353

 ///  File Name: TRU64_nlspath
Description:
Proof of concept local root exploit written in Perl for NLSPATH overflow on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
Author:stripey
Homepage:http://www.snosoft.com
File Size:2859
Last Modified:Sep 11 07:27:31 2002
MD5 Checksum:dee2152324a9cc4b106b58e6c131dfef

 ///  File Name: SurfinGate.txt
Description:
The Finjan SurfinGate 6.0x on Windows NT 4.0 and 2000 can be bypassed by using IP addresses instead of hostnames or by adding a dot to the end of hostnames.
Author:Marc Ruef
Homepage:http://www.computec.ch
File Size:2471
Last Modified:Sep 5 08:59:30 2002
MD5 Checksum:1458603dc6c13802ef082062b929b537

 ///  File Name: idefense.dinoweb.txt
Description:
iDEFENSE Security Advisory 09.23.2002 - A vulnerability exists in the latest version of the Dino Webserver that can allow an attacker to view and retrieve any file on the system.
Author:David Endler
Homepage:http://www.idefense.com
File Size:2429
Last Modified:Sep 24 06:27:17 2002
MD5 Checksum:c2e5dd5d49683b918059438a2f7d405a

 ///  File Name: Trillian-Privmsg.c
Description:
Exploit for the PRIVMESG DoS that exists in several Trillian versions. This code, which emulates an IRC server, should work against Trillian version 0.73 and 0.74. Compiles on Windows - Tested with Borland 5.5 Commandline Tools.
Author:Lance Fitz-Herbert
File Size:2377
Last Modified:Sep 20 16:32:58 2002
MD5 Checksum:b8200c45f1819c16c6c76345ee427d53

 ///  File Name: pwck_expl.c
Description:
Pwck local exploit for Redhat 7.2. /usr/sbin/pwck must be -rwsr-sr-x to give a root shell.
Author:Klep
File Size:2212
Last Modified:Sep 17 05:38:42 2002
MD5 Checksum:e75c0f9d4f3f94b01dfe8ec10f582fa4

 ///  File Name: afd-expl.c
Description:
AFD v1.2.14 local root heap overflow exploit. Includes offset for Redhat 7.3 and instructions for finding offsets.
Author:eSDee
Homepage:http://www.netric.org
File Size:2205
Last Modified:Sep 6 06:33:42 2002
MD5 Checksum:f273a2abf33bbe40cc716f3cc0cc09a5

 ///  File Name: TRU64_xkb
Description:
Proof of concept local root exploit for _XKB_CHARSET on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
Author:stripey
Homepage:http://www.snosoft.com
File Size:2175
Last Modified:Sep 11 07:38:22 2002
MD5 Checksum:b7d1b4f1d2f36cd4d8925080798e18fd

 ///  File Name: sws_web_killer.c
Description:
Proof of Concept Exploit for SWS Web Server v0.1.0. The SWS web server will re-spawn its process every time it receives a string without a linebreak. Tested on: Slackware 8.1 and Redhat 7.0.
Author:SaMaN
File Size:2157
Last Modified:Sep 2 18:32:39 2002
MD5 Checksum:b4f2224f7060b64ce3e013d5f258a859

 ///  File Name: upb.admin.txt
Description:
Ultimate PHP Board (UPB) prior to Public Beta v1.0b allows users to gain admin access. Exploit information included.
Author:Hipik
Homepage:http://www.hackeri.org
File Size:2155
Last Modified:Sep 6 07:47:23 2002
MD5 Checksum:b062b12a3b4fcbc8784d6ef88b87722a

 ///  File Name: alsaplayer-suid.c
Description:
AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
Author:zillion
File Size:2104
Last Modified:Sep 23 16:49:29 2002
MD5 Checksum:d3864c1d3454e61a8246fa4e1966ac8f