Packet Storm new exploits for December, 2004.
740ed12703673cd61dcf3f41c3cedf27Packet Storm new exploits for all of 2004.
1025b520ced0e64f9b8cc4a1cf11cb6fRemote Microsoft Windows 2000 WINS exploit that has connectback shellcode. Works on SP3/SP4.
bca4ce46995ede27531c85fe556c98c2Remote proof of concept exploit for the NetDDE buffer overflow vulnerability as described in MS04-031. Tested on: Windows XP Professional SP0, Windows XP Professional SP1, Windows 2000 Professional SP2, Windows 2000 Professional SP3, Windows 2000 Professional SP4, Windows 2000 Advanced Server SP4.
d8d4090c728f4295d8bb51908e941671KorWeblog suffers from a directory traversal vulnerability that enables malicious attackers to access files and include malicious php files. Versions 1.6.2-cvs and below are susceptible.
aef213cbdc2bb62aa2b5f0700792a633Proof of concept exploit for Internet Explorer version 6.0.3790.0 that demonstrates an FTP download path disclosure flaw.
c396765c5b95db527753b59b0cb4cfcbA heap overflow in Mozilla browser versions 1.7.3 and below in the NNTP code may allow for arbitrary code execution.
28f2d5a8e2e4029a4b83de4ea3ca607ePHP-Calendar suffers from a file inclusion vulnerability. All versions are affected.
f3d2a2da12855b70374d273e68526a83WHM AutoPilot version 2.4.6.5 and below suffer from information disclosure, cross site scripting, and file inclusion vulnerabilities.
90e228da786478f8e243ab912ca962f1Moodle versions 1.4.2 and below suffer from cross site scripting and file inclusion vulnerabilities.
b9eca4daf115cfb19a91e59348bc0731A buffer overflow in netcat can allow for remote compromise. Full exploit provided.
a2b6b784698e602e8fb3cea8f8d99e58Internet Explorer remote command execution exploit that is a variant of the Auto SP2 RC exploit.
5c2251efedbcbdd1b6e5732e0a09cfcfSimple html code that exploits the Microsoft Windows Kernel ANI file parsing denial of service vulnerability.
75dcb2797164dd15d32e2e311ff56097New PHP based worm that targets any vulnerable page or script with a remote file inclusion vulnerability.
7d59d83dd3eed703eff0dda98b9c9632Internet Explorer HTML Help Control Local Zone bypass exploit that can be used against Microsoft Windows XP versions SP2 and below.
5aabc81cc7ff559369ba72b039815c3ayacy version 0.31 is susceptible to a cross site scripting attack.
6f7bf1db4751a945aa301c29170cbf16New version of the phpBB worm that successfully works against a patched phpBB 2.0.11. The scripts in this tarball are the worm itself and the bot that is installed.
3e25607b656731c8902642da039f0697STG Security Advisory: An input validation flaw in ZeroBoard versions 4.1pl4 and below can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
f266dea6fadc6bcb9dcc65dd55ae1090Simple tool to automate the creation of the URL needed to exploit phpBB versions below 2.0.11 using the viewtopic.php vulnerability.
f54e59d659820db210376da4a83090c8SHOUTcast DNAS/Linux version 1.9.4 format string remote exploit. Tested on slackware 9.1 and 10.0. Bind a shell to port 7000.
10a9677625a70dc41e3a961b0e06168dWPKontakt versions 3.0.1 and below suffer from a parsing error that allows for remote script execution.
c2467df336a25f30ca56b0e86b287451Crystal FTP Pro version 2.8 proof of concept exploit that makes use of a flaw in the LIST command.
384ea878b20d258c64dacd1a2c438f5dWebmin remote bruteforce and command execution exploit.
c5fab111968a480a8eab88750e4deecfLocal root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.
3793c024d44ae4873abb9da8a046b264Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).
e6308246578fe5d9eb5dcd19eee0b260
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed