Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 22:35:45 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1422603900&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0102-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1422603900.1338158145.1338158145.1338158145.1%3B%2B__utmz%3D32867617.1338158145.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/24253/tsl_bind.c http://packetstormsecurity.org/files/24253/tsl_bind.c http://packetstormsecurity.org/files/24253/tsl_bind.c.html Mon, 05 Apr 2010 17:14:53 GMT Bind prior to 8.2.3-REL remote root exploit - Includes instructions for finding the offset on linux. Tested against Redhat 6.1 8.2.2-P5 and Slackware. NOTE: This exploit is backdoored to also connect to 151.196.71.160 and dump information regarding the user running the exploit. User beware. http://packetstormsecurity.org/files/24617/0102-exploits.tgz http://packetstormsecurity.org/files/24617/0102-exploits.tgz http://packetstormsecurity.org/files/24617/0102-exploits.tgz.html Tue, 10 Apr 2001 20:51:02 GMT Packet Storm new exploits for February, 2001. http://packetstormsecurity.org/files/24243/SQLExec.zip http://packetstormsecurity.org/files/24243/SQLExec.zip http://packetstormsecurity.org/files/24243/SQLExec.zip.html Wed, 07 Mar 2001 02:14:14 GMT SQLExec v1.1 is a remote exploit for Microsoft SQL server which executes remote commands as Administrator over tcp port 1433. Requires a database sa login / password. Includes binary and source written in Visual C++ 6.0 for Windows NT/2K/9X. Note: Many AV software erroriously reports this as a trojan. http://packetstormsecurity.org/files/24419/hhp-gdc_smash.c http://packetstormsecurity.org/files/24419/hhp-gdc_smash.c http://packetstormsecurity.org/files/24419/hhp-gdc_smash.c.html Tue, 06 Mar 2001 00:28:05 GMT Hhp-gdc_smash.c is a local root exploit for gdc. Requires group wheel access. Tested on BSDI 4.1 x86 default install. http://packetstormsecurity.org/files/24418/hhp-ospf_smash.c http://packetstormsecurity.org/files/24418/hhp-ospf_smash.c http://packetstormsecurity.org/files/24418/hhp-ospf_smash.c.html Tue, 06 Mar 2001 00:22:58 GMT Hhp-ospf_smash.c is a local root exploit for ospf_monitor. Tested on BSDI 4.1 x86 default install. http://packetstormsecurity.org/files/24368/man-cgi.txt http://packetstormsecurity.org/files/24368/man-cgi.txt http://packetstormsecurity.org/files/24368/man-cgi.txt.html Mon, 26 Feb 2001 23:30:21 GMT Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included. http://packetstormsecurity.org/files/24357/imapd_exploit.c http://packetstormsecurity.org/files/24357/imapd_exploit.c http://packetstormsecurity.org/files/24357/imapd_exploit.c.html Sat, 24 Feb 2001 01:26:19 GMT A remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here. http://packetstormsecurity.org/files/24348/sshdexpl.diff.gz http://packetstormsecurity.org/files/24348/sshdexpl.diff.gz http://packetstormsecurity.org/files/24348/sshdexpl.diff.gz.html Thu, 22 Feb 2001 02:03:32 GMT Patches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability. http://packetstormsecurity.org/files/24347/ssh1.crc32.txt http://packetstormsecurity.org/files/24347/ssh1.crc32.txt http://packetstormsecurity.org/files/24347/ssh1.crc32.txt.html Thu, 22 Feb 2001 02:02:18 GMT This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1. http://packetstormsecurity.org/files/24341/cobull.c http://packetstormsecurity.org/files/24341/cobull.c http://packetstormsecurity.org/files/24341/cobull.c.html Wed, 21 Feb 2001 20:46:28 GMT Merant Micro Focus Cobol 4.1 local root exploit - Writes to /var/mfaslmf/nolicense. http://packetstormsecurity.org/files/24340/exklock.c http://packetstormsecurity.org/files/24340/exklock.c http://packetstormsecurity.org/files/24340/exklock.c.html Wed, 21 Feb 2001 20:43:21 GMT FreeBSD X key lock (xklock) v2.7.1 and below local root exploit - Tested on FreeBSD ports collection v3.5.1 and v4.2. http://packetstormsecurity.org/files/24316/ultimate-bb.txt http://packetstormsecurity.org/files/24316/ultimate-bb.txt http://packetstormsecurity.org/files/24316/ultimate-bb.txt.html Fri, 16 Feb 2001 22:45:49 GMT The Ultimate Bulletin Board System allows remote users to get the username and pass of anyone that is a registered user of a ubb forum that has html enabled and uses cookies to store the username and passwords of the users. http://packetstormsecurity.org/files/24302/RFP2101.txt http://packetstormsecurity.org/files/24302/RFP2101.txt http://packetstormsecurity.org/files/24302/RFP2101.txt.html Wed, 14 Feb 2001 07:41:49 GMT RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes. http://packetstormsecurity.org/files/24297/sc.txt http://packetstormsecurity.org/files/24297/sc.txt http://packetstormsecurity.org/files/24297/sc.txt.html Wed, 14 Feb 2001 07:21:13 GMT Vulnerabilities in Sun Clustering v2.x - Leaks sensitive information to local and remote users and has tempfile bugs. Includes proof of concept exploits. http://packetstormsecurity.org/files/24293/scx-sa-14.txt http://packetstormsecurity.org/files/24293/scx-sa-14.txt http://packetstormsecurity.org/files/24293/scx-sa-14.txt.html Wed, 14 Feb 2001 07:03:10 GMT Securax Security Advisory #14 - Symantec pcAnywhere 9.0 contains a remote denial of service vulnerability. Includes perl exploit. http://packetstormsecurity.org/files/24289/urdls.c http://packetstormsecurity.org/files/24289/urdls.c http://packetstormsecurity.org/files/24289/urdls.c.html Wed, 14 Feb 2001 06:05:47 GMT Urdls.c is an unreadable directory lister for listing files in directories on the local machine without having permission to do so. Guesses all possible alphanumeric filenames and uses stat() to check for existence. http://packetstormsecurity.org/files/24288/dc20exp.c http://packetstormsecurity.org/files/24288/dc20exp.c http://packetstormsecurity.org/files/24288/dc20exp.c.html Wed, 14 Feb 2001 05:57:47 GMT Dc20ctrl local exploit for FreeBSD - exploits a call to getenv() in session.c giving a gid=dialer shell. http://packetstormsecurity.org/files/24276/Netscape.Publisher.ACL.txt http://packetstormsecurity.org/files/24276/Netscape.Publisher.ACL.txt http://packetstormsecurity.org/files/24276/Netscape.Publisher.ACL.txt.html Mon, 12 Feb 2001 03:52:37 GMT Netscape Enterprise Server 3.5.1 (Publisher) has a problem with the default ACL settings that could allow an intruder to view/download "non-public" files in the web root. http://packetstormsecurity.org/files/24275/Infobot-0.44.5.3.txt http://packetstormsecurity.org/files/24275/Infobot-0.44.5.3.txt http://packetstormsecurity.org/files/24275/Infobot-0.44.5.3.txt.html Mon, 12 Feb 2001 03:46:49 GMT Infobot v0.44.5.3 and below contains vulnerabilities which allow remote users to execute commands due to an insecure open call. http://packetstormsecurity.org/files/24272/p-smash.c http://packetstormsecurity.org/files/24272/p-smash.c http://packetstormsecurity.org/files/24272/p-smash.c.html Mon, 12 Feb 2001 03:22:09 GMT P-smash.c is an exploit that uses 50 percent of the CPU on windows 98 machines and causes windows 95 machines to slow down by sending ICMP type 9 code 0 packets. http://packetstormsecurity.org/files/24252/bind8x.c http://packetstormsecurity.org/files/24252/bind8x.c http://packetstormsecurity.org/files/24252/bind8x.c.html Sat, 10 Feb 2001 00:30:46 GMT Bind prior to 8.2.3-REL remote root exploit - exploits the named INFOLEAK and TSIG bug. Includes shellcode for Linux. Slightly broken. http://packetstormsecurity.org/files/24237/bugtraq.c http://packetstormsecurity.org/files/24237/bugtraq.c http://packetstormsecurity.org/files/24237/bugtraq.c.html Tue, 06 Feb 2001 01:19:36 GMT Bugtraq.c is an exploit for the Bind tsig bug which has been crippled somewhat. Tested against Slackware 7.0. http://packetstormsecurity.org/files/24224/defcom.easycom.txt http://packetstormsecurity.org/files/24224/defcom.easycom.txt http://packetstormsecurity.org/files/24224/defcom.easycom.txt.html Fri, 02 Feb 2001 23:14:42 GMT Defcom Labs Advisory def-2001-06 - The Easycom/Safecom print server from I-Data International contains multiple vulnerabilities that allow a malicious user to bring down the print server. Execution of arbitrary code is also possible. Tested against Easycom/Safecom, firmware v404.590. http://packetstormsecurity.org/files/24223/frel-1.0.beta.tgz http://packetstormsecurity.org/files/24223/frel-1.0.beta.tgz http://packetstormsecurity.org/files/24223/frel-1.0.beta.tgz.html Fri, 02 Feb 2001 23:12:49 GMT Frel-1.0 is a modified version of fragrouter, used to evade NIDS. The frag proxy can run on the same machine as the attacker. It can also run in partial takeover mode, so that the fragmented attack stream seems to be coming from another active machine on the same physical subnet. The neighbor machine runs normally except for the ports being used by attacker. Mods by Lorgor http://packetstormsecurity.org/files/24222/defcom.netscape-fasttrack.txt http://packetstormsecurity.org/files/24222/defcom.netscape-fasttrack.txt http://packetstormsecurity.org/files/24222/defcom.netscape-fasttrack.txt.html Fri, 02 Feb 2001 23:07:51 GMT Defcom Labs Advisory def-2001-05 - Netscape Fasttrack Server 4.1 for Windows NT 4.0 has problems with its caching module. The problem can result in remote users consuming all the server memory and causing the server to perform very sluggishly.