Packet Storm new exploits for July, 2004.
b5572cacdd04c8411a4a0aa61741425cSQL Injection and cross site scripting vulnerabilities exist in AntiBoard versions 0.7.2 and below due to a lack of input validation of various variables.
7b3e3b69deaf2508cd5bddf064acc884Citadel/UX versions 6.23 and below are vulnerable to a buffer overflow that occurs when more than 97 bytes are sent with the USER directive to port 504.
19ca7f050f3b6e57f8fb51c2e642600dIRM Security Advisory 009 - RiSearch version 1.0.01 and RiSearch Pro 3.2.06 are susceptible to open FTP/HTTP proxying, directory listings, and file disclosure vulnerabilities.
1b9d106a4cfb851b8104f1d39a7e039cA vulnerability in the Opera 7.x series allows phishing attacks due to not updating the address bar if a web page is opened using the window.open function and then replaced using the location.replace function.
c14ba26335be0774fdde44f2ac60d3c4Microsoft Windows 2K/XP Task Scheduler local exploit that will spawn notepad.exe.
f49cbd2402c17cf6f8afe5bde0383382Nucleus CMS version 3.01 addcoment/itemid SQL Injection Proof of Concept PHP exploit that dumps the username and md5 hash of the password for the administrator user.
5f33156ab09bacdd615e77aecfc99674eSeSIX Thintune with a firmware equal to or below 2.4.38 is susceptible to multiple vulnerabilities. These include having a backdoored service on a high port with an embedded password giving a remote root shell, various other passwords being stored locally in clear text, and a local root shell vulnerability.
ed8d2018e1ac3d1f4a1ffa5deebcf6f7The EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Versions affected: EasyWeb FileManager 1.0 RC-1.
83e6e7c52df462a9020b12bacecc7803Mozilla FireFox versions 0.9.1 and 0.9.2 has a flaw where it is possible to make a browser load a valid certificate from a trusted website by using a specially crafted onunload event
a68818ff1367d00efcd7648a26f062cdApple OSX Panther 10.3.4 with Internet Connect version 1.3 by default appends to ppp.log in /tmp if the file already exists. If a symbolic link is made to any file on the system, it automatically writes to it as root allowing for an easy local compromise. Detailed exploitation given.
ce17ecd81b9eb0c5d05363684b7fb20cFloodWorld, the IRC tool, is susceptible to a denial of service attack due to a mishandling of special characters.
6965bfc35580f8100f3f1777952fc2b1Internet Software Sciences's Web+Center version 4.0.1 suffers from a lack of sanity checking when parsing Cookie data and due to this is susceptible to a SQL injection attack. Full exploit provided.
4b63eac7ef59184eae48010a67fc6aa5Polar HelpDesk version 3.0 does not adequately verify whether the user logged onto the system has proper administrative access when performing administrative duties.
bd7719f2d67ec7995c2955a53167f60bDenial of service test exploit for the flaw in Apache httpd 2.0.49.
892497144c85040b5f7f29714ac7ac6bSerena Software's TeamTrack version 6.1.1 is susceptible to a sensitive content disclosure vulnerability that can be exploited without having valid login credentials. Full exploit provided.
509e350a19a827535b2c3649d03ac249NetSupport DNA Helpdesk 1.x is susceptible to a SQL injection vulnerability. Full exploit provided.
874f8cd71853aef7d01e6755da0430f5Leigh Business Enterprises's (LBE) Web HelpDesk versions 4.0.80 and below suffer from a SQL injection attack vulnerability. Full exploit included.
3eb0d573f0b7fc9ee79cad8841b5498aProof of concept exploit code for the Samba 3.x swat preauthentication buffer overflow vulnerability.
eed17fdc529119040e1e6c6a7c44a8a6Exploit that makes use of the mod_userdir vulnerability in various Apache 1.3 and 2.x servers. Ported to Windows by John Bissell.
f31b7dbf6a8e67ce8d301fa3f4d4e38bThis document details the procedure for performing microcode updates on the AMD K8 processors. It also gives background information on the K8 microcode design and provides information on altering the microcode and loading the altered update for those who are interested in microcode hacking. Source code is included for a simple Linux microcode update driver for those who want to update their K8's microcode without waiting for the motherboard vendor to add it to the BIOS. The latest microcode update blocks are included in the driver.
925bf1b56a160a7d79d11e38398da7d2Flash FTP Server version 1.0 (and possibly 2.1) for Windows is susceptible to a directory traversal attack.
d888fba71a170149b81755762462a516Exploit that makes use of the mod_userdir vulnerability in various Apache 1.3 and 2.x servers.
8662511387d1c9dfabc4db3091ec50b0Unreal Decloak Toolkit version 0.1 illustrates the weak hashing system vulnerability in Unreal ircd 3.2 and previous versions.
5512163169f37e6ffb23144310121895The third advisory in a three part series discussing more flaws in PHP Nuke ranging from full patch disclosure and cross site scripting to SQL injection attacks.
d6045cd8d9461ee83afbb029ddfb0afd
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed