Packet Storm new exploits for June, 2004.
29c7c2674eab4520cd20b7302b9e9301Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
c80b76a6307ff17e08717de2e6550916All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
cbe5d9e292378ea65f396eb994717fdbRemote exploit that makes use of a format string vulnerability in rlpr version 2.x.
b99e7c2ea67fa9b371ccb64ad4add409New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.
4e4dbfcd6f6f4bdaeb0f815289d6dc24It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
3c696b8a9038e16be09743c489490177Linksys Web Camera versions 2.12 and below are vulnerable to a file inclusion vulnerability.
8644bec47b491078fb0b317d247134a8Remote proof of concept denial of service exploit that makes use of a flaw in the Unreal game engine where a simple UDP packet with a long value can overwrite important memory zones. Vulnerable games include: DeusEx versions below and equal to 1.112fm, Devastation versions below and equal to 390, Mobile Forces versions below and equal to 20000, Nerf Arena Blast versions below and equal to 1.2, Postal 2 versions below and equal to 1337, Rune versions below and equal to 107, Tactical Ops versions below and equal to 3.4.0, TNN Pro Hunter, Unreal 1 versions below and equal to 226f, Unreal II XMP versions below and equal to 7710, Unreal Tournament versions below and equal to 451b, Unreal Tournament 2003 versions below and equal to 2225, Unreal Tournament 2004 versions below 3236, Wheel of Time versions below and equal to 333b, X-com Enforcer.
361204957ff8fe968183581a523bd891The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
bb1d151b3ef002c744a87226efe46e37Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
5b1945a52edc14026d5441544d608175Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
6a0710b14b0f121eb374ed868255d400Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
1f673326a66b16d650c42b4c15f179a3Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.
ff4e422f5bdf7ce95c8bbba21561cd14VP-ASP Shopping Cart version 5.x is remote susceptible to cross site scripting and SQL injection attacks.
83b28a51651383ae29607899b22eac1cA very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.
2ab47694f55382d6c53256a0fabfb2efWhen an overly long filename is requested via the WinAgents TFTP server, a denial of service occurs due to an error in the handling of the request. Tested against version 3.0, other versions may be susceptible. Exploitation included.
e9030ba21e5ba0c96dbfd3e2f3056239PHP-Nuke versions 6.x - 7.3 suffer from multiple cross site scripting flaws and one SQL injection attack.
29a12d03061abc3f21207ac954c01902A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
24664bee21865c591e5ebeacf907e0f8Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
920cbf76ffc52c5242a7de9605b4317bRoundup is susceptible to a directory traversal attack that will permit an attacker to view files outside of the web root.
751d0c8016c146f80cc191a6fe075334Reseller accounts used with Cpanel are able to change all passwords without verification.
f1426a10b54aadf67391f001ffad1b4bRemote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.
d5fd2a22cd6cf8be1a8f6bf9e9461613Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
f8951acf73da7282b9b8a4924fe4e0a8USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.
c4938d18d1cff57950f3c87e7661cd54Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.
64cc7abc7e92b0bb8f0e92b931e73d99
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed