Microsoft LSASS vulnerability auto rooter. Downloads and executes code from a FTP server.
f71ef7270796d05800fff06da2bb58e37b947b69d61fbedbb27101d5571716baMaelstrom local exploit that gives gid for user games making use of the overflow found in the -server switch. Tested against /usr/bin/Maelstrom on Red Hat 9.0
d35fbfa93b97946227f3f1032375023f8f6aba52ebed8a946e94bfbe4648d811Packet Storm new exploits for May, 2003.
3266d5d2ec89be98ae96388144950426ff1b73fbfc6af81a7f8f55b77fcfbbb5Maelstrom local exploit that gives gid of games and makes use of the overflows found in the -player and -server switch.
14887f12b07716692074ef4aaf28e25d942c4291ca0d8463e0ee978fed22bf34Kerio Mail Server 5.6.3 remote buffer overflow exploit. Adds wide open root account to /etc/passwd. Written based upon the vulnerability discussed here.
9b6caaf215dc0b765ded6013c36c55a7897e80b242d716bc226a4ac4ccb0eef0Microsoft IIS versions 5.0 and 5.1 remote denial of service exploit that makes use of the vulnerability recently published by SPI dynamics. Full advisory located here.
0a6e5ac42e64c1fced6fe1563d8830a3225d3aa638b65db1f8bb43dce8edea88b2 cafelog is a blogger system that comes with the b2-tools directory. The PHP scripts contained within this directory allow a remote user to specify input for a variable that in turn allows for remote command execution.
303e14dc96189722767c93e3ea40afeaf693f6f8d289af86f1945f615d437766Geeklog version 1.3.7ar1 and below is susceptible to multiple vulnerabilities. There is a SQL integer manipulation flaw in the authentication script that will allow a remote attacker to get administrative access and there is also a lack of error checking when images are uploaded that allow an attacker to upload files with php code that can be used to execute any command as apache user on remote server.
b929f64a82369714c4e73c1aa6713942f4e3fa31bd56ba1f5265811388f21c2bBaby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.
f2693ad95d364c41a545acb6d6743c838069082815811187534c4de54b7b073dWebfroot Shoutbox v2.32 and below suffers from a directory traversal and code injection vulnerability that allows a remote attacker to view any file on the system and the ability to commit remote command execution.
96dae25093b042b892ea5293b33240d84967d48cd1aef6c7743870e4dd15cf1eMicrosoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.
67114ae0520ebab576e477197853235affe77007a602ac27dc47708e61cc7c11The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.
8e810afd7ea6e1de914b7fc988eb5076641d865e4b488deebe6df42e66995334Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.
4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07feRemote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.
cde6233cf7588be614a0ea2f37489285004f595d61eea69313054f376fa2ca78bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.
df9ba77e9a022c665d0476f11eddc0d54a32d3a4c2c210cd53987e9a5bed8326P-News versions 1.6 is vulnerable to a privilege escalation attack by allowing a remote attacker to populate strings with the | used for delimiting data stored about the account.
03e639c42ea8d778ec18f23eea9b43452efd029c4da46aeeeead26e57884221bMaelstrom local exploit that gives gid of user games which makes use of an overflow in the -player switch.
67470dae44d553ff5bdfdb06c34df89c6957f89e17b1a050a444bc48dbc1bcf4BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.
f852c3fef86aa05736d86e2685e0f3081337c1845300cb0286f034f7f66f44f0Local root exploit for the game Maelstrom with is sometimes setuid to root for the purpose of faster frame rates.
e07645aeabbaf038cafeecdfb6fbf60ab0e0be505d4f223387bcc0c96bfa3486INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.
bea05768421c2354342197437d34277cb5984897a68518e4181beeb625f26463INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.
bc72d07b2004ab7e987341e534050ec07ea4699fd37effc980c5656ccf6a0bd6iDEFENSE Security Advisory 05.22.03 - iisPROTECT is a utility designed to provide password protection to web directories similar to the htaccess method utilized by Apache. When protected files are referenced through different URL-encoded representations, this authentication can be completely bypassed.
f460e1b02669bdb9fe3b25b9e246fb9c7a395b68df3500dac06e8767db51041bA simple denial of service exists in the Pi3 webserver that allows a remote attacker to crash the daemon by feeding it a GET request with 354+ forward slashes after it.
d0d216a28eaf4658a4d2b9ad6dbe5182010977d617055973a17d6620ae03dea4Happymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.
2160d0ca9967b7f3be732542f6b644d9b3909f0a8887c019ce26db04d69ab92dOwl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.
03f9bd851bb279e45b8bb81e862206499d29b6ff1c7a2b6bf67e4d7c8450af8f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed