Packet Storm new exploits for May, 2004.
8aa9e90a12b27246260794ffa77220a08db91dd5faf7f698b159a94ffdb39ae5e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
4648aabab47f7963e174173f3f04af7209fa7f43cb1be7217a8b81b3f861061fJPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.
c0618cb8789156cdb22120276d0f52027e54887b23146267952c77d16f08b639Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.
4b90ebafdf1d434a218d36dfbf9b51ff8ab8e7a904b5b69a39f31b140b267ee8Orenosv HTTP/FTP server version orenosv059f is susceptible to a remote denial of service attack when supplied with an overly long GET request.
c43988c4383fe43ee1e20d45a9115e083e4a20aa16aeb0bc45277520a4eae545BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier versions are susceptible a denial of service due to a malicious crafted HTTP GET request. Sample exploit included. Tested on Windows XP SP1.
9890d7016baddf8fdcf712e31a16c8da51096b32a041e1fa58e9d203e5c84240Amusing simple one-liner that shows that 3COM 812 ADSL modems are still susceptible to 4 year old denial of service attacks.
26aae1a7af5d89cbe48405ff5017b10bf4bc1bca154fd25e8194f64e0b22955eRemote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
65c674ac77ccd4a45957f097a3fcebfc7836743e95663c5b329449a7e1d5d93eRemote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
cbba2ce54b3c6d2fab06e83029be065535aa55e80f9747949b5f4579b7f3ef21osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136Remote exploit for OmniHTTPd versions 3.0a and below.
10a187c64b2c3812f3886a960408b6c725c3e5e4e0c7b49ebb7470c071cdf861Wget versions 1.9 and 1.9.1 are susceptible to a symlink attack during a phase where it downloads the file to a temporary filename but does not actually lock the file.
3e19a9e65f1b07c2febfde7d6bffc9cc7a814a75db5421d998b8a9cb89dcc8c5Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
210a95aedb58ff218b08a68c2698d26d830137378183d72bec41e0c872f2d24dRemote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.
a52d05b85cc4f22be69b66ac3c00b8b81943177b893ff16c196ec2f810b93f70ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
3464aef370394a488838a73ebe145b21b8ec9a413fa217fe3f91b965c6cd0a8aRemote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.
9115921f367182e04c2a327689c0ea998acdbb7ffeb7313c0e4390f4bba7e4daRemote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
fe6e7139ffe5455305da5e52b63eeb8d4a419766258966ceb2ef0016e7cbe63ePaX with CONFIG_PAX_RANDMMAP for Linux 2.6 denial of service proof of concept exploit the send the kernel into an infinite loop. Originally discovered by ChrisR.
95b5b952163bbf90669cc041e19deedc691a3f09107b15798b7600eab1fcfb12Local exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.
df3a66c931856eab876e1324de9e8d0c39b833db157cad223585a48767935c92Remote denial of service exploit for Emule 0.42e.
d97b9f4a450cf14a21ea099cb309d992c537fc5102c6f64ccf04d10875f1e39bAuxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.
379b4e6b32cfd722ac33ffd4b3b82493967efcf5b1256e6d26c1f5cd867ec2a2Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.
d32c4eb64924cacbd6138fbf93daad2d980fde8fa9dea7eb17cdfb06d23df785Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.
eba44110e3caccbe7c8b9b342ad17af2aa59924dd11497e268bd6624c6881869Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.
de64cd542848869101fd0295b16efedcc16a5d8fa502380d2df58defde723411The Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.
2c563bf041f397f2368286aa9f5f303cec749c7907a27ee19b36a9362644cb89
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed