Section: .. / 0406-exploits /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 35

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	2004-06-11_kernel_crash.t2t.tar.bz2
Description:	A very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.
Author:	stian
Homepage:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
File Size:	24523
Last Modified:	Jun 14 22:01:50 2004
MD5 Checksum:	2ab47694f55382d6c53256a0fabfb2ef

/// File Name:	analysis.tgz
Description:	Complete analysis of the 180 Solutions trojan along with exploitation tools that demonstrate at least two new unpublished vulnerabilities in Microsoft Internet Explorer 6 that allow for arbitrary code execution.
Author:	Jelmer
File Size:	9434
Last Modified:	Jun 8 02:29:39 2004
MD5 Checksum:	3673f2d74f6184a4a126bf6b2228c59f

/// File Name:	argoxp.c
Description:	New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.
Author:	JoCaNoR
File Size:	4242
Last Modified:	Jun 25 13:14:00 2004
MD5 Checksum:	4e4dbfcd6f6f4bdaeb0f815289d6dc24

/// File Name:	blackboardLS.txt
Description:	A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
Author:	killer
Homepage:	http://www.mostly-harmless.nl/
File Size:	6326
Last Modified:	Jun 14 09:07:12 2004
MD5 Checksum:	24664bee21865c591e5ebeacf907e0f8

/// File Name:	cmr4cdos.zip
Description:	Colin McRae Rally 04 remote denial of service exploit that makes use of a flaw where a client can passively block an entire gaming network by setting a value too high.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org/
Related File:	colinmcraerally04.txt
File Size:	7161
Last Modified:	Jun 8 02:11:20 2004
MD5 Checksum:	e6ba105eeddb87a5b00ecfe1dd699366

/// File Name:	code.zip
Description:	Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
Author:	Jelmer
Homepage:	http://jelmer.homedns.org/code.zip
File Size:	1073
Last Modified:	Jun 22 09:44:18 2004
MD5 Checksum:	5b1945a52edc14026d5441544d608175

/// File Name:	cpanelInject.txt
Description:	Reseller accounts used with Cpanel are able to change all passwords without verification.
Author:	verb0s
File Size:	569
Last Modified:	Jun 10 09:08:06 2004
MD5 Checksum:	f1426a10b54aadf67391f001ffad1b4b

/// File Name:	CYSA-0329.txt
Description:	Cyrillium Security Advisory CYSA-0329 - FoolProof Security 3.9.x for Windows 98/98SE/Me has a vulnerability in the password recovery functionality that allows an attacker to recover the Administrator password using the Control password and password recovery key. Exploit included.
Author:	Cyrillium Security Solutions and Services
Homepage:	http://www.cyrillium.com/
File Size:	7613
Last Modified:	Jun 9 07:12:48 2004
MD5 Checksum:	a0822a9623e9b07dbce09d0268360f44

/// File Name:	dlink614.txt
Description:	The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
Author:	Gregory Duchemin
File Size:	4505
Last Modified:	Jun 23 00:52:26 2004
MD5 Checksum:	bb1d151b3ef002c744a87226efe46e37

/// File Name:	dnsPoison.cpp.txt
Description:	Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.
Author:	fryxar
File Size:	5814
Last Modified:	Jun 18 02:32:34 2004
MD5 Checksum:	ff4e422f5bdf7ce95c8bbba21561cd14

/// File Name:	edimaxBackdoor.txt
Description:	Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
Author:	msl
File Size:	899
Last Modified:	Jun 14 08:57:47 2004
MD5 Checksum:	920cbf76ffc52c5242a7de9605b4317b

/// File Name:	freebsd.local.txt
Description:	It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
Author:	Marceta Milos
File Size:	2583
Last Modified:	Jun 25 11:59:00 2004
MD5 Checksum:	3c696b8a9038e16be09743c489490177

/// File Name:	imperva.crystal2.txt
Description:	Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
Author:	Moran Surf, Amichai Shulman
Homepage:	http://www.imperva.com/adc/
File Size:	5379
Last Modified:	Jun 9 08:08:58 2004
MD5 Checksum:	f8951acf73da7282b9b8a4924fe4e0a8

/// File Name:	ircd-hybrid.txt
Description:	Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
Author:	Erik Sperling Johansen
File Size:	6972
Last Modified:	Jun 22 09:38:53 2004
MD5 Checksum:	6a0710b14b0f121eb374ed868255d400

/// File Name:	linksysDoS2.txt
Description:	Multiple denial of service attacks exist against various Linksys routers, causing them to need a factory reset in order to function again. Version affected: Linksys BEFSR41, BEFSR41 v3, BEFSRU31, BEFSR11, BEFSX41, BEFSR81 v2/v3, BEFW11S4 v3, BEFW11S4 v4.
Author:	b0f aka Alan McCaig
Homepage:	http://www.b0f.net
File Size:	6376
Last Modified:	Jun 3 19:17:24 2004
MD5 Checksum:	0be46427267a6b41f9e15a64458137df

/// File Name:	memplayer.c
Description:	All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
Author:	c0ntex
File Size:	15554
Last Modified:	Jun 27 22:58:00 2004
MD5 Checksum:	cbe5d9e292378ea65f396eb994717fdb

/// File Name:	mollensoftLightweight.txt
Description:	A security vulnerability have been discovered in the Mollensoft Lightweight FTP Server version 3.6. A buffer overflow can be committed via the CWD command allowing for a denial of service attack. Full exploitation included.
Author:	Storm
Homepage:	http://www.SecuriTeam.com
File Size:	3661
Last Modified:	Jun 2 09:54:36 2004
MD5 Checksum:	ee8c7bb9f62f9592fe6be4e8f094cc9a

/// File Name:	p_atari800.c
Description:	Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
Homepage:	http://www.pi3.int.pl
File Size:	3008
Related CVE(s):	CAN-2003-0630
Last Modified:	Jun 29 13:50:00 2004
MD5 Checksum:	c80b76a6307ff17e08717de2e6550916

/// File Name:	pdp11mkdir.c
Description:	A vulnerability in the mkdir system utility can allow an unprivileged user to gain root privileges in UNIX 7th Edition systems. Exploit for /bin/mkdir Unix V7 PDP-11 included.
Author:	Tim Newsham
File Size:	3748
Last Modified:	Jun 3 19:10:22 2004
MD5 Checksum:	aa7a376a389ca2ae20714b4961d0ce46

/// File Name:	phpEscape.txt
Description:	PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.
Author:	Daniel Fabian
Homepage:	http://www.sec-consult.com
File Size:	1634
Last Modified:	Jun 8 01:16:45 2004
MD5 Checksum:	4c2259467e77e624482ad84e2fe1c526

/// File Name:	phpmy-expt.c
Description:	Exploit for phpMyAdmin configuration manipulation and code injection vulnerability. Discovered / written by Nasir Simbolon.
Homepage:	http://eagle.kecapi.com/sec/fd/phpMyAdmin.html
Related File:	phpMyAdmin.txt
File Size:	6810
Last Modified:	Jun 30 12:31:00 2004
MD5 Checksum:	b7fbd0ad6cd04c74caa3e65ddd37b2a3

/// File Name:	phpMyAdmin257.txt
Description:	phpMyAdmin version 2.5.7 is susceptible to allowing remote malicious users the ability to inject PHP code. Full exploit provided.
Author:	Nasir Simbolon
Homepage:	http://eagle.kecapi.com
File Size:	11896
Last Modified:	Jun 28 02:46:00 2004
MD5 Checksum:	efa2bc2daeaaf7a11623f78fae49fd53

/// File Name:	pivot1.1.0SoundwaveAdv.txt
Description:	Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
Author:	Alex Buck aka loofus
Homepage:	http://www.0x90.org/
File Size:	2175
Last Modified:	Jun 18 09:11:48 2004
MD5 Checksum:	1f673326a66b16d650c42b4c15f179a3

/// File Name:	priv8ibserver.pl
Description:	Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.
Author:	Priv8 Security Research
Homepage:	http://Priv8security.com
Related File:	firebirdDB.txt
File Size:	4823
Last Modified:	Jun 9 07:52:29 2004
MD5 Checksum:	64cc7abc7e92b0bb8f0e92b931e73d99

/// File Name:	rdboom.zip
Description:	Remote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.
Author:	Luigi Auriemma
Homepage:	http://aluigi.altervista.org
Related File:	tocaracedriver120.txt
File Size:	18049
Last Modified:	Jun 9 08:14:14 2004
MD5 Checksum:	d5fd2a22cd6cf8be1a8f6bf9e9461613