Packet Storm new exploits for August, 2003.
ee3882f25921fceb2eaabd2c9c6198d0monop local exploit that achieves privilege escalation to the second player's uid.
c26759b97943d809aa935799b3c1b387Helix Universal Server aka Real Server versions 7, 8, and 9 remote root exploit for both Windows and Linux.
e17e0be9476f149f39b762dcf3a811ffLocal exploit for ViRobot 2.0 that works against the FreeBSD edition. Tested against FreeBSD 4.8.
ed19ce04e70634d80a88c32115c487eeFurther information and research in regards to the InterSystems Cache vulnerabilities discussed here. Two new vulnerabilities have been discovered and exploits are included.
d8d2308fa5893bf58ac73513ebf91311DCOM remote exploit for the Win32 platform utilizing the issue discussed here. This version has 73 offsets including all of the magical offsets.
e829bf97060988fe1b81bc6aa8362a57Scanner which utilizes the RPC DCOM vulnerability in the Windows operating system.
ac7619f3c70854b346a05ea6cd8c2af1The Best Buy Employee Toolkit software program has a URL Parsing vulnerability in the configuration screen that could allow an attacker to hijack certain network connections or read plain-text passwords.
7e4100a77219c6924638aa1f01931ec2DameWare Mini Remote Control Server version 3.71.0.0 and below remote exploit that takes advantage of a shatter style attack.
72ed2f0b3d6137c5be7a0174c2558259IBM DB2 local root from bin exploit that makes use of the fact that /usr/IBMdb2/V7.1/lib is left world writable after a default installation.
411486efa02d407d53da81397cbcc2dbrealpath(3) lukemftpd remote exploit for FreeBSD 4.8 that makes use of the off-by-one error.
9e343c9c93cd8db1abb79c17d467d652Half-Life client version 1.1.1.0 and below remote exploit that binds a cmd.exe on port 61200.
6f8a47f2b4566909eb71bbda053e52ccAtari800 Atari Emulator v1.3.0-2 local root exploit in perl which exploits the -config argument of atari800.svgalib. Tested against Debian 3.0. Exploits CVE-2003-0630. Advisory available here.
15e7d166b645b29f75fe43a6541142abwuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here.
e32262b59b2c437a042a9c44f585e779Remote denial of service exploit for the Cisco CSS 11000 Series.
fd1172b357f5184e5985b355b0690ccdWAM! FTP Server version 1.0.4.0 for Windows is susceptible to a directory traversal that allows a remote attacker to break out of the restricted root and download any file on the system.
6747fe92d894edfcff4db9bd8ee18d8dMeteor FTP server version 1.5 remote exploit that causes a denial of service when large amounts of data are fed to the USER directive.
9dd371bfa1030b121ceb044b6382cd33Cisco IOS 12.x/11.x remote exploit for the HTTP integer overflow using a malformed HTTP GET request and two gigabytes of data.
c9ac23b2148d2852017b34f6302f570bIglooFTP Pro 3.8 client side remote exploit for Windows XP Pro Build 2600.x. Included shellcode runs notepad.exe.
62c12ed443019a451a9e8c3ec4a5fce0RPC DCOM remote Windows exploit. Includes 2 universal targets, 1 for win2k, and 1 for winXP. This exploit uses ExitThread in its shellcode to prevent the RPC service from crashing upon successful exploitation. It also has several other options including definable bindshell and attack ports.
d7edc50159c79c3805c83a01e295979bwuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here. Win32 version included that requires cygwin1.dll.
d51a154c43964e9060e022535d454572Postfix 1.1.12 remote denial of service exploit.
bda3786815480328c8e0581554bf14a8Possibly one of many DCOM scanners/worms in circulation. Makes use of the 48 target exploit.
14d238481d4104716ef52c87d2b4d3b8Local exploit for the atari800 Atari emulator on Linux. Makes use of the -config overflow. By default, this binary is not normally default on most Linux installations.
2761f54dffd04f1ea1f5aeacd6520ec8Remote denial of service exploit that makes use of the Postfix vulnerability discussed here.
c135a293a187f47785ebb9c558d4db0b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed