Packet Storm new exploits for May, 2004.
8091badf8b1f17341e46f8155a23e2d5e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
97ae0e46335f1d8621318b47bb8ed913JPortal is susceptible to SQL injection attacks and also stores the administrator password in the clear.
5d99778db6af0ad83abc1d85e30297a1Metamail remote exploit that makes use of a buffer overflow and upon successful exploitation, binds a listening socket to UDP/13330 awaiting shellcode. Affected versions: 2.2 through 2.7.
c25cca5f2ea199cb78714642d720a041Orenosv HTTP/FTP server version orenosv059f is susceptible to a remote denial of service attack when supplied with an overly long GET request.
b808aeba5f9878b8e97a72d00f4c1090BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier versions are susceptible a denial of service due to a malicious crafted HTTP GET request. Sample exploit included. Tested on Windows XP SP1.
d70ca4fb4aa9ee3fd6e78f911a191794Amusing simple one-liner that shows that 3COM 812 ADSL modems are still susceptible to 4 year old denial of service attacks.
1125ca25c5750a65274d642901167a37Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
2172d2e08430a16cd515d19de297d1deRemote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
9cfad9f85d417e6bc59595d2781f88e6osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
9f27e4abcf8a58882000fc1a740db958Remote exploit for OmniHTTPd versions 3.0a and below.
38dc667070590ecbe6ef30723398ab92Wget versions 1.9 and 1.9.1 are susceptible to a symlink attack during a phase where it downloads the file to a temporary filename but does not actually lock the file.
7883f0415aa5768d71876d6b6214fc75Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
af83f044e54bf09bbd062d507cf42714Remote proof of concept exploit for various Linksys routers that have flaws in the way they return BOOTP packets. In each legitimate response, BOOTP fields are filled in with portions of memory from the device, allowing a remote attacker to sniff traffic and crash the device.
24f9533fa0e628134039465bd5cf8dc0ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
5aa0a9f328551d2162919d3f19134247Remote exploit for Monit 4.1 that uses connect back shellcode. This exploit makes use of a buffer overrun when an overly long username is passed to the server.
25f80041bd01686cdfe6e4a1c1287a64Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
be9399c6c8b87c60bab1a07bd359570aPaX with CONFIG_PAX_RANDMMAP for Linux 2.6 denial of service proof of concept exploit the send the kernel into an infinite loop. Originally discovered by ChrisR.
001c4ea7efedf19d582a2e5969a9939bLocal exploit for IBM AIX versions 4.3.3, 5.1 and 5.2 which are vulnerable to a buffer overflow. The overflow is caused by improper bounds checking via the getlvcb and putlvcb utilities. By supplying a long command line option, a local attacker, with root group privileges, could overflow a buffer and gain root privileges on the system.
18e3a10abcb8da2def7f727f56655658Remote denial of service exploit for Emule 0.42e.
22b00d28a310b84818beaccb735f864fAuxploiter is a remote exploitation tool for the c:\aux vulnerability and is able to completely lock a user mail client. Outlook and other mail clients read this message using Internet Explorer, which is touchy to this vulnerability.
2fead7d1eee1fdd581feab5491a730b3Pound versions 1.5 and below local and remote format string exploit. Only works locally if pound is setuid.
b83dfe24c5d7c4676f6fcaf697c34950Write up detailing how to defeat file browsing restrictions on Windows 98 running Novell 3.2.0.0.
fbffc04301a182cd73ebc11c1d9aa44fRemote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server. Ported to compile properly on Linux.
e0f5a330f2b3069d91d6a22b3f60bedeThe Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.
d66d60d7836ef40f78ee42673d0e47b9
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed