Packet Storm new exploits for October, 2004.
3d6a17b42623dc477c45511f79f812b3Remote root exploit for the STOR buffer overflow vulnerability in Code-Crafters Ability FTPd version 2.34. The EIP address only works on Windows 2000 SP4. Two shellcodes are included. One binds a shell and another streams a file and executes.
fcd37a5c404065719a1feb126f7c5db3Proof of concept exploit for Master of Orion III versions 1.2.5 and below which suffer from buffer overflow and allocation errors.
695b4909f8472b35ca8bc0a8296012b1Remote root exploit for a heap buffer overflow in wvftp-0.9.
5c268dea7907d7ee87e1afd7eacb09ddMailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.
d6dd28c628338cf2a4fd72d146a34c47Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.
3f896e0895c275d9d12a6d912519e5eaThere is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.
a9ef50ba7e6bf0c378184aaf0ff1ca30mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.
007232c9d9431f12d7c1d3dcbca3a5d6Full write up and exploitation walk-thru for the Microsoft Internet Explorer ms-its scheme/CHM remote code execution vulnerability.
5ca0c04c559068e1c0db0165b0b03be1Ability FTP server 2.34 FTP STOR buffer overflow remote exploit that spawns a shell on port 4444 upon successful exploitation.
cfbe27ffe3b1f3ea7ae63d764fa5d895Altiris Carbon Copy Version 6.0.5257 allows for a user to browse to cmd.exe and spawn a shell as SYSTEM.
1dbe8495ef844e3797ff6c95465c3dbaUBB.threads 3.4.x is susceptible to SQL injection attacks.
fc344cd4224c2f21e802441c8c6ef5a9Remote proof of concept exploit for Privateer's Bounty: Age of Sail II versions 1.04.151 and below that makes use of a buffer overflow.
86aaf022caa2185ad119f2c4e5e1d1f3Proof of concept exploit for Vypress Tonecast versions 1.3 and below that suffer from a denial of service vulnerability.
5b3502e67828572414a8281c96510c8eProof of concept exploit for Socat versions 1.4.0.2 and below that makes use of a format string vulnerability.
8bb021b27d4f31ff6c9ba00a89a73505Proof of concept exploit for the mod_include module in Apache 1.3.31 that is susceptible to a buffer overflow.
3ab93c025f8b53e9adf2dbae1daf55c4Example code of using shellcode to bypass stackguard.
c62cb43d6cb74321761f3276b6908895Local root exploit for /usr/sbin/iwconfig.
555d29db0258393ea5dec03437dadbacLocal root exploit for /sbin/ifenslave.
7e68f47a92a772438255870a518529e6IIS 5 null pointer proof of concept exploit.
23b1b5d7f0723ecce0391aef1ccf374aSaleLogix Server and Web Client suffer from bypass authentication, privilege escalation, SQL injection, information leak, arbitrary file creation, and directory traversal flaws.
c97ae65fc41ff409dd5b782d138e301eRemote proof of concept exploit for the ProFTPD 1.2.x user enumeration vulnerability.
12d2ec09d0f44184074a9c66ba03c0abCoolPHP 1.0-stable is susceptible to cross site scripting, path disclosure, and directory traversal attacks.
ac658b34e75b8705189dd21e78417e1eYak! versions 2.1.2 and below suffer from remote directory traversal and arbitrary file upload vulnerabilities.
9eb4caaf5b21af9837248f3c5bdde268MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86.
fb00af86ece2ed6422cdbc89c50c5b4c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed