Packet Storm new exploits for January, 2004.
dc3485ad8b2762b423d11d688c681c3eIn the Apache httpd server version 2.0.47, a user can bypass a Deny directive by setting the ErrorDocument directive in their .htaccess file to access a php script which can then access the data they should be denied.
62ade51afc01bff5975f1fa1fdd1605dRemote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below that binds a shell to port 28876.
df97fa08733ac9a559651c1560ae605bPHP Portal is vulnerable to a directory traversal attack.
3f26598e6b2051b1aea5bf2fc745b574thePHOTOtool is susceptible to SQL injection attacks.
6e55a492fd6335dab5c9c314475707ecRemote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
196d47c57e8dd07092d004eaac160800Windows XP/2003 Samba file sharing resource exhaustion exploit that commits a denial of service.
1f187919aeadfc08e3f6a4eb4ebd472dBrute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below.
c1c971d5bc02630efc56c819b2b2d5b1Remote exploit that makes use of the try_netscape_proxy() overflow in versions 2.3 to 2.6.9 of lftp.
aa27e2f0a9caa7e80db62d9cd472b247phpGedView versions 2.65.1 and below suffer from multiple PHP Code Injection vulnerabilities that enable a malicious user to access arbitrary files or execute commands on the server.
e9584f2836462dad732d60e5cccaec8dWeb Blog 1.1 allows for remote command execution due to an unsanitized file variable.
27881ec769823c8bfb94bc4deef2d730PJ CGI Neo review is vulnerable to a directory traversal attack that allows a remote attacker to access any file outside of the webroot.
f8400a39bd6c8be8aa4b3e6d64609c32Any user with AAO privileges over the onshowaudit binary in IBM's Informix IDSv9.40 can read any system file.
7b448d8860aaafd3ade38a2b65910bbbA local vulnerability exists in the IBM Informix IDSv9.40 onedcu binary that allows local users to overwrite any root owned file.
12bb227bc4ae476a696d8ce008eb5441BRE WebWeaver version 1.07 is vulnerable a cross site scripting attack.
a51162aec7d678367d96d90ca56ecd80Web Blog 1.1 allows for remote file retrieval outside of the web root via a directory traversal attack.
e365b5f00e124d7ee17a4838cd679cc3Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
471231a0f4338ed849231470c392dea8Trivial way to do file spoofing in Internet Explorer versions 6.0.2800.1106 and below.
494805d0fdbf547e8ba0186e823e4ff2ProxyNow! versions 2.75 and below are susceptible to both heap memory corruption and stack-based buffer overflows. Exploitation of these vulnerabilities can lead to a denial of service and/or code execution with SYSTEM privileges. Detailed analysis and exploit included.
56a50454322d1252538d57d7ca7db26eOracle HTTP Server powered by Apache is susceptible to a cross site scripting attack in its isqlplus script.
908544f617dbc1828099f53c7133c330BremsServer version 1.2.4 is vulnerable to directory traversal and cross site scripting attacks.
973777ad7fa56b40037a75a4241400b2Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below.
480b668830de70170b51ba045aa17e00NextPlace.com E-Commerce ASP engine is susceptible to a cross site scripting vulnerability.
7537a2a81e8d2aeca8c75ab5ce02048dInrtra Forum is susceptible to a cross site scripting vulnerability.
41c1438eb8ab726423c3308d1345e047BWS or Borland Web Server, which is used as the Corel Paradox relational database interface, lacks input validation and is subject to directory traversal attacks. Versions 1.0b3 and below are affected.
8455d25f930d008b12b6b26bb08311d8
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed