Packet Storm new exploits for June, 2003.
ac9f4f68ae6eef059db7338a6c6fcb34Local root exploit for kon version 0.3.9b-16 that makes use of a buffer overflow discovered in the -Coding switch.
29737b73e64d572edabe7d3929c0b632Denial of service exploit for the Pi3 web server version 2.0.2 that makes use of a malformed GET request.
090c3dacc1722382b8016be5acff2d16Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
28883908e092c49535e0ffceaa364f9eThe Compaq Web Based Management Agent is vulnerable to server side injection, stack overflows, access violations, and creation of script objects.
b9ea91fe17deda91d69ffffe7d5c6eccSecunia Security Advisory - The FTPServer/X FTP Server Control and COM Object v1.00.045 and v1.00.046 are vulnerable to buffer overflow that results in a denial of service and potentially can enable a remote attacker to gain access to the machine.
941f08cf9a416bbeab1599ebbeadaa93Gkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
4ccf4b85bdadaaaeea4abd31891779f4gkrellmd < 2.1.12 remote exploit for Linux. Tested against Debian 3.0 with version 2.1.4.
2eb2a5c1a727b39eab68acb29858ea39Local root exploit that makes use of a race condition vulnerability found in the Linux execve() system call that affects the 2.4 kernel tree.
4f95beb18386eb443765c00154f4bc3fGkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
19d0e595e3075a1352589025fa029087Kereval Security Advisory KSA-001 - Cross Site Scripting vulnerabilities exist in Tutos 1.1 allow for hostile code execution.
dfed6e294cfba88c4ce010d032e6dcdfExploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
0d17996f879f53f34e331038462c23b4Gkrellmd 2.1.10 has a daemon that suffers from a buffer overflow where it does not validate the 128 byte buffer input which allows an attack to crash the daemon resulting in a denial of service.
addc11f4375377dbd86df7c0e6ad570aMyServer 0.4.1 is vulnerable to a denial of service when a GET request with 20 forward slashes gets sent to the server.
f3ff412cbcda773136f7d61cd680630dLocal root exploit against GNATS v3.113.x that makes use of a heap based environment variable overflow vulnerability. Related advisory found here. Tested against RedHat Linux versions 6-9.
c433613d79f8fd6493b48c10d8b30e3fLocal root exploit against GNATS v3.2 that makes use of the heap overflow found in the -d switch. Related advisory found here. Tested against RedHat Linux versions 6-9.
39b4e56f07ade73a703b6eada24cb533jnethack 1.1.5 and below exploit that yields gid of games. Tested against Debian Woody 3.0.
76f578f076dc4e0b37dbf2d7cdc12fb6Remote exploit that makes use of a SQL injection vulnerability that exists in the /viewtopic.php file in phpBB.
c235a27445cb8f4acf96b74bf8858576STG Security Advisory - Java Enterprise User Solution, or JEUS, has a cross site scripting vulnerability issue when invoking non-existent URLs.
34f259109c7e976a423209c1b4b69594Microsoft Internet Explorer 5.01, 5.5 and 6.0 has a parsing procedure with a flaw in it that may cause arbitrary script commands to be executed in the Local Zone. This can lead to potential arbitrary command execution, local file reading and other severe consequences.
94c172dcec3f389d6d6c31e555a923cdThis script is used to automate escalation of normal user privileges to root making use of FORTH hacking on Sparc hardware.
984f4ec5229ee63a42019081e311d2ddXmame local root exploit for Redhat 7.0 and 7.2 which overflows the --lang switch in /usr/local/bin/xmame.x11.
a03ebd641b686886d66250196364a7f8Enceladus Server Suite v3.9.11 contains buffer overflows in its ftp server that allow a remote attacker to crash the server with the possibility of remote command execution.
43dd957e5b408e37a72bec408734a911LedNews v0.7 lacks any filtering allowing a remote attacker to embed javascript or various HTML tags. It may also be possible to add server side include tags into news posts as well.
19026b25c3d9e9ce12f765352372b6a4Pmachine version 2.2.1 has a fault Include() routine that allows a remote attacker to supply a malicious URL that in turn can be a script that the webserver will then execute.
2bb7d7139009e054217b2ecd4df0a457
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed