Packet Storm new exploits for March, 2004.
cfaceed6fb98501b73a6b3f8ffef33d4ba76ca8a5e534ed5c8ac151d426863f7
Full detailed analysis and explanation of a systrace vulnerability that exists in various kernels. This problem was silently fixed in the Linux 2.4.24 kernel release without any real acknowledgment to the security community. Full exploit included.
d775badadce007939d2e0dba2995c99fc100ea67e86a786f9873d0a75de4ecca
A testing tool for RogerWilco versions 1.4.1.6 and below and RogerWilco Base Station versions 0.30a that suffer from multiple bugs.
14c6e5ed23cc0c634f1bc2f64b1c2e52542ccfb2535f2b0a11d8230fe7a7b9f7
Good write up discussing how Microsoft has yet again dropped the ball on patching another Internet Explorer vulnerability, where using forms can allow an attacker to spoof a fake destination to the user.
518c6b718d88df9d2c880d83b2441bc75030395324543fe528bc4edcbeffb0c0
S-Quadra Advisory #2004-03-31 - CactuShop shopping cart versions 5.x suffer from a SQL injection attack that allows for remote code execution via the MS SQL xp_cmdshell function. They also have a cross site scripting vulnerability.
d6c5fc742f5d4a4adf31b6ea32e79a6ba6bdfbf8a51f4d9d2fa1268682a60811
A-CART Pro and A-CART 2.0 suffer from input validation holes that allow for SQL injection and cross site scripting attacks. Full exploitation demonstrated.
8f3fb7e46432c3d39ecb946dbebf7c30a6f165544414b8ef971ac87628e8bb6b
Cloisterblog version 1.2.2 does not perform proper parameter auditing derived from user inputs allowing for multiple cross site scripting issues and also directory traversal attacks.
ad7a65199d44ffe90b5967f13b1fb489c3ed72e4ea746029182cab805dea4ea6
Invision Gallery version 1.0.1 suffers from multiple remote SQL injection vulnerabilities.
d98347f9af4bab53d06e75dd9b5f371ddf4650a1a25b680feefcfc90104fc437
RealSecure / BlackICE iss_pam1.dll remote overflow exploit.
e2fc858b9f9cc7a467f97fb6df2ab7fd3ca8487e650f1c461da6ed12d27856a1
Ethereal IGAP Dissector Message overflow remote root exploit that spawns a shell on port 31337. Makes use of the vulnerability that exists between versions 0.10.0 to 0.10.2. Tested under Gentoo and RedHat 8.
e66736e8f6c88b3f65c10debc6650dc308d86154626ac036dbc5e4f7693e4f95
A SQL injection vulnerability in PHPBB versions 2.0.8 and below allows an attacker the ability to extract the administrator password hash.
79435b6428a517c7a224d8c38bddd4759ed0c9fd6cec34a473af09fcbbf5d078
Multiple SQL injection and cross site scripting vulnerabilities lie in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta. Full exploitation syntax given.
bd4cabcfa43f68af65bfece48818f4435386a8180e4f61c0fdeb6b20508d212d
Invision NetSupport School Pro stores passwords in a manner that allows their encryption to be easily reversed. Exploit written in Pascal is included.
eebc0c7480c35293df0babcb826181b8e49fd1c0911c945d3fcdd53716fc2014
Information on how to bypass Password protection on Microsoft Word documents with step by step instructions given.
bb774d9093b8a8ba89b18c15d9bf70cbb6976db2c192ab68cb19c19761a46a6a
Remote proof of concept exploit for Etherlords I versions 1.07 and below and Etherlords II versions 1.03 and below that causes a crash.
2842c60e89c6f95ad1c30077452b1d49bc3be2b59425bce7ad28b436ed1f7bfb
Remote exploit for eSignal versions 7.6 and 7.5 that downloads and executes a file.
4de8ee1d043050fc6b60d8d9e1cf57973ba65d5c71d9339504b1035fc27cfc36
HP Web JetAdmin Version 7.5.2546 has multiple vulnerables. They include denial of service, the ability to upload any file to the server, the ability to write to any file on the filesystem, and the ability to read any file via a directory traversal attack.
780900bad23973701e54c68a4f7f56ef66254bb168b915fea16bf8201c311dc8
Proof of concept exploit for PicoPhone versions 1.63 and below that makes use of a buffer overflow in the logging functionality.
e0631cf6bec415c1808b84f96b56815afd7052f75d64d713abeba40da34a113c
TrendMicro Interscan Viruswall versions 3.5 and below suffer from a directory traversal vulnerability that allow a remote attacker to access any files outside of the web root.
f25f638f906ad129cdbb8d328799330facc7b5d94a900c921325721bd2ecf3f8
Remote proof of concept denial of service exploit for Terminator 3 that makes use of a broadcast client buffer overflow.
0d641c022483a59a51b40970eba53e0b52c0c58762425942c400509db3dae76f
Remote denial of service exploit for The Rage game versions 1.01 and below.
4cce12588b3ef0ace39cff4594e1a48cf42cba02f088ee85aa601d736d465c5a
Ipswitch WS_FTP server version 4.0.2.EVAL allows for a local attacker with program execution privileges to run anything with SYSTEM privileges. Full step-by-step exploitation given.
09db33767583c0197cf2fc533a27f68d312a5b5a994ac463fa779980c06c0d47
Remote exploit for Ipswitch WS_FTP server version 4.0.2.EVAL that makes use of a buffer overflow in the STAT command.
e993fa25947b8629ad5a12de268189a00ea40196ac545b8061e970e085a73b11
News Manager Lite 2.5 and News Manager Lite administration suffer from cross site scripting, SQL injection, and cookie hijacking vulnerabilities.
c6b957877bb54eb34a118dda9d6a1ea76f8fd56c3ed84f5494f8e2553fe802e9
Input validation holes in Member Management System version 2.1 allow for SQL injection and cross site scripting attacks.
8843ba631656a0d022b943d1f9ed88a01141aac6cffc9a70563c08e061916c03