Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
02402c03254c5da91d6dc0b2216ce25a/usr/bin/traceroute local root format string exploit for LBNL traceroute, distributed with Red Hat 6.1/6.2 and Debian 2.2.
9d10b3b9c0e1049d66f48df73cca397cOpenBSD 2.6 and 2.7 xlock local root format string exploit.
32519bf64b8cf0a582df4d0797f4ab60Georgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here.
cd308ec05b7a2b26be70588e9af754acDelphis Consulting Plc Security Team Advisory DST2K0039 - WebData allows users which have an account to read any file on the webserver. Patch and exploit information included.
65cb5aa3930008e318573e03c7b28727Delphis Consulting Plc Security Team Advisory DST2K0036 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to modify the price of items because prices are set by a hidden form field.
155619749d8c95790ac47a4a26c9caa4Cached_Feed.cgi v1.0 from here.
abd24454de806bbd8004eaf17b05f6fdThttpd 2.19 and below includes a CGI program "ssi" which contains a vulnerability which allows remote users to read any file on the webserver. Exploit examples included. Fix available here.
833cf8d797bcbf27aa2816bf43b5332fWhen scp'ing files from a remote machine, the remote scp daemon can be modified to overwrite arbitrary files on the client side. Scp from ssh-1.2.30 and below is vulnerable. Proof of concept scp replacment included.
0cea65987aa56dc2ff1b121c6f448f71BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
96b9f202345b5e62a8cbdbc525678bd5OpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
413bbf906ea1ced56144bc9ae638b641Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
0c67e043fff6d5740cdf42aca2b9cdfe/usr/bin/chpass local EDITOR variable format string exploit for *BSD. Tested on OpenBSD, FreeBSD, and NetBSD.
c025c1bda4dc505ca81d54f066088915Inebriation.c is a local linux/x86 /bin/su + locale libc functions exploit which has been written in response to previous unreliable exploits for this vulnerability. It includes a perl wrapper to find the correct offset, can use GOT overwrites to evade stackguard, stackshield, and libsafe, uses clean overflow string creation, and has documentation and several other usability improvements.
a4ea18e81fddb4c040951cf4232de56aThere is a vulnerability in the Wingate engine that allows a malicious user to disable all services to the engine by sending an abnormal string to the enabled Winsock Redirecter Service. Wingate Home/Standard/Pro version 4.0.1 is vulnerable. The problem has been addressed in Wingate 4.1 Beta A.
074aa447679297d8a1bdf0f51bdc3050
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed