Veritas Volume Manager 3.0.x for Solaris contains a security hole which can, under specific circumstances, allow local users to gain root access. Exploit description included.
11dc5c3932ca0eb6191ac53ab46ce704Bobek.c is a Wu-Ftpd 2.6.0 remote root exploit (updated 05/08/2000). Bug is in the SITE EXEC command, an account is not required as anonymous access is enough. Tested against Redhat 6.2, FreeBSD 3.4-STABLE, and FreeBSD 5.0-CURRENT.
72aa028cb868dcaf240a98d147e3f193Shadow Penguin Security Advsory #37 - WinProxy 2.0.0/2.0.1 (now known as Black Jumbo dog) contains many remotely exploitable buffer overflows. Exploit for the POP3 service included, tested on Japanese Windows98.
198c837d86b4acc67f7042d7d8ed65f9Many HTTP proxies are vulnerable to a denial of service attack because they do not timeout connections to a remote host, causing the proxy to run out of available sockets and start refusing connections. Tested against Delegate 6.1.13. Exploit code included.
18a3948acd3bf10e08a21b28714394dbPacket Storm new exploits for June, 2000.
cc442e6f3c03a4562c68541e76a8095aWu-Ftpd 2.4.2, 2.5, and 2.6 are commonly misconfigured on linux to allow users which only have a valid FTP account to execute code. This code takes advantage of this configuration, mentioned in SUID Advisory #1 to execute a backdoor on the remote host.
d42dbe704ceb3b2ece51cbe5bab0635dSmall HTTP Server v. 1.212 remote dos attack written in python. See USSR Advisory #47
0a9c5ea0471b5c93cbaf5b6ade16b77cDragon Server(ftp) v1.00 and 2.00 remote dos exploit written in python.
1117ef96d1d535f1c2118a4b63201594Microsoft Internet Explorer 5 and accompanying mail and news clients on win95, win98 and win2000 enjoy a unique status in that they choose to ignore user input. This document will show you how to manually force a file onto the target computer despite all prompts and warnings. Demonstration available here.
0e5a8cec453f8222f6e3e629bc30081cWingate.py is a dos exploit for Qbik wingate 3.0. Connects to tcp port 2080 and sends 2000 characters, causing all wingate services to crash. Origional bug found by eEye.
e3c12ffd16dbf026757bbf6ce8f87904Georgi Guninski security advisory #14 - Internet Explorer 5.01 and Access 2000 allow executing programs when viewing a web page or HTML email message. This allows taking full control over user's computer. Access 2000 allows executing VBA code which has access to system resources and in particular executing files. Includes exploit code which silently opens and executes VBA code from Access 2000. Demonstration available here.
30b9808ed4a00215c9d3ef253e27bd55Georgi Guninski security advisory #13 - Internet Explorer 5.01, Excel 2000 and PowerPoint allow executing programs when viewing a web page or HTML email message via insecure ActiveX controls. This allows taking full control over user's computer. Demonstration available here.
a645ac971b6499c52ca87fc991933cebiMesh 1.02 builds 116 and 177 for Windows are vulnerable to a buffer overflow that can be exploited to execute arbitrary code. Once iMesh connects to a server, it begins listening on a TCP port (varies). An attacker can connect to this port and cause an overflow which will overwrite EIP, effectively redirecting the flow of execution.
8b2233b642e513c4b6df6f1923af5f68Sawmill 5.0.21 is a site log statistics package for UNIX, Windows and MacOS which has remote vulnerabilities. Any file on the system can be read, and password is stored with a weak hash algorithm and can be decrypted using the included C program. This is dangerous because the previous security hole will allow you to read the hash and decrypt the admin password.
95f24e0b8468ed474dad73b0c43d53cfThe ISC dhcp client contains a remote root hole. If the DHCP server gives out addresses containing backticks, shell commands can be run on the clients.
04ea4ddd432cd62674c27a4d7a9c2edcJava source to remotely crash LeafChat clients.
29d54358d161fb637d458d71c94198f0Glftpd 1.18 through 1.21b8 has a serious problem with the privpath directives. Users with accounts can access directories on the site which they should not have access to.
90b5dfbc29d7b975b7c9aaf7ab7184f8Netscape Enterprise Server for Netware 5.0 and Netware 5.1 contain remote vulnerbailities. By issuing a malformed URL it is possible to cause a denial of service situation and/or execute arbitrary code on the server with the privileges of the web server.
526d3c03dcf0eb07a22bb3698c2e131cxfwm buffer overflow exploit for Linux / x86. This will give you a euid=0 shell if /usr/X11R6/bin/xfwm is SUID(=4755), which isn't anywhere by default.
61aad401e016e20cf265fd5a1a0a924fxwhois buffer overflow, for Linux x86. This will give you a euid=0 shell if /usr/X11R6/bin/xwhois is SUID(=4755), which isn't anywhere by default.
cc2e5ac99e25a22bdccd85dc5fdd9fc3exim local buffer overflow exploit.
2243ccd688884ace831702555d777f26iisdos.c is a dos attack against Microsoft Windows 2000.0 running IIS.
08933919ba6880204540127fbf899827Sendmail & procmail & kernel less than 2.2.15 local root exploit.
c841acecbf5d353a86c31e89f6abfefbLinux kernel 2.2.X (X<=15) & sendmail less than or equal to 8.10.1 local root exploit shell script.
2f09abe77167417bdc7ca9804fe3673eDopewars 1.47-current has two local security holes. Dopewars is SGID games. Remote buffer overflows also exist.
274474aad175eb9d525a249b77c46e9b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed