Microsoft LSASS vulnerability auto rooter. Downloads and executes code from a FTP server.
54785e01d3034f714dbe01506d1c699fMaelstrom local exploit that gives gid for user games making use of the overflow found in the -server switch. Tested against /usr/bin/Maelstrom on Red Hat 9.0
a935d6a8cc4501c955311239727e64afPacket Storm new exploits for May, 2003.
723abc458b5ea3d570004d5677c44135Maelstrom local exploit that gives gid of games and makes use of the overflows found in the -player and -server switch.
8b3420c452404597f9baf138d0ce82c3Kerio Mail Server 5.6.3 remote buffer overflow exploit. Adds wide open root account to /etc/passwd. Written based upon the vulnerability discussed here.
842c5e7826baf9519f128b2ea7d11c1bMicrosoft IIS versions 5.0 and 5.1 remote denial of service exploit that makes use of the vulnerability recently published by SPI dynamics. Full advisory located here.
d78db11ab87227da9b8cfab3f0c3f213b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.
ea5c0bc0de678c217be1cbe85a7d9052Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.
3dd132c2b949914f5bf8010768bf739eBaby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.
6a83ff2f09457fbac90e7f8623734ceeWebfroot Shoutbox v2.32 and below suffers from a directory traversal and code injection vulnerability that allows a remote attacker to view any file on the system and the ability to commit remote command execution.
c7ef81a32642aa53a38a48220ff5a153Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.
466be4f57551e6a920e9059e50eaddf3The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.
5695d1e0f86bf5009e22b5b2c09ac452Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.
a5e3469f753ba4068c41d8a4e0396b5bRemote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.
d975b9a72eb72639c21c11ad67d727b2bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.
19b82bf820cb2ac8cc6dc2cea49ef122P-News versions 1.6 is vulnerable to a privilege escalation attack by allowing a remote attacker to populate strings with the | used for delimiting data stored about the account.
369a8bfaa9af899f10559745c738d09bMaelstrom local exploit that gives gid of user games which makes use of an overflow in the -player switch.
4f7903d9b1f6bc6aca7417e2c825c448BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.
54488984601b3f7a45a3c8af421f9df2Local root exploit for the game Maelstrom with is sometimes setuid to root for the purpose of faster frame rates.
bfd34d743e37c8ee7b7f8490438cadb2INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.
fee1e5ee6009d22f0754405163419c14INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.
1ff2d86a592f92c1751dc263dab6ada1iDEFENSE Security Advisory 05.22.03 - iisPROTECT is a utility designed to provide password protection to web directories similar to the htaccess method utilized by Apache. When protected files are referenced through different URL-encoded representations, this authentication can be completely bypassed.
3b4927deb5e89ac467996a11b1770203A simple denial of service exists in the Pi3 webserver that allows a remote attacker to crash the daemon by feeding it a GET request with 354+ forward slashes after it.
e627c9f9fd6b442a7aeffec686744f3aHappymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.
747291e08548a2e6cf2f161a68843c34Owl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.
77ea64312fa5085245a0e207ac560633
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed