Cerberus Information Security Advisory (CISADV000503) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Lsoft's (www.lsoft.com) Listserv Web Archive component (wa/wa.exe v1.8d - this is the most recent version.
17136805bc3f264e963bf55df3a44d6c7550f0c96ca7a5a74efedb9e27ff8debIf root ever does "rm -rf /tmp/foo" for a directory structure not completely owned by root, a local user can delete all files that root can.
3ba1f58d2454e57c2aabb1552bf4229866c003b9fde29b9e8099400b1fef591cUsing the good old NullByte(\000) its possible to open "any" file on the webserver(with its permissions) running the "UltraBoard" forum-software.
cac53c20c8f003f1c433d4901d938d89d764d76df657e71ce2c13537f325a103RFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.
eb477a77f630953d91b35937b63fd59b9bc492d8898abfeed95794044c8189f8There is a way to disable tcpdump running on a remote host. By sending a carefully crafted UDP packet on the network which tcpdump monitors, it is possible, under certain circonstances, to make tcpdump fall into an infinite loop.
762d8e63fbcb7f43d09fcb049e572dc985c7e6be26bd6c5efc3db1e022573ef8The precise details of how to exploit these holes is minimized to prevent compromising the integrity of all current Internet-accessible FileMaker Pro 5 databases and mail servers. However, details can be easily deduced by referencing the FileMaker Pro 5 documentation and by consulting the FileMaker XML Technology Overview white paper available via the FileMaker XML Central Web site.
266a2b3612f869f2b2ce836b82d96495dbb6d573fd9f243d85c88bce65c7fde5It seems that, even though a regular (non-"enabled") user should not be able to see the access-lists or other security-related information in the router, one can do just that. The online help systems doesn't list the commands as being available, but out of 75 extra "show" options that are available in "enable" mode (on a 12.0(5)3640), only 13 were actually restricted.
2c33ae7e113f98c67d0be4eb389aefb18fd47f1579f69e7636939aefb440a243When accepting luser console login, pam_console called by /bin/login tries to be user-friendly, doing several chowns on devices like login tty and corresponding vcs[a] device, as well as other interesting devices: fd*, audio devices (dsp*, mixer*, audio*, midi*, sequencer), cdrom, streamer/zip drive devices, frame buffer devices, kbd*, js*, video*, radio*, winradio*, vtx*, vbi* and so on. Probably it's designed to make console logins more comfortable, but has DEADLY effects on servers with console luser-login ability (and that's quite common).
1d635e59bee6725bcf7c4b9d3459f4bb45a1383179c65d540f6ca36f5edf6fe0Here is how to exploit the bug for cracking systems running Jana. I tested it with Jana 1.45 on Windows 98 and Windows 2000. 1. Open a browser window 2. Type i.e http://the.server.com/./.././.././.././windows/win.ini.
5619cda37bd593b8aa8636730088c1f2262151ba1f7ad4ec649f9de333df9d1afdmount local root exploit - tested on Slackware 4.0. Must be in the floppy group. Modified from last version to work on Slackware 7.
255ecb2ad7fe3f717a036f24b6eb2b7864a4ac3e503bf58f697e951d039c3d6bLoWNOISE - ISMyASP - IIS ASP source code viewer using the ISM.DLL buffer truncation bug.
9241f106e5a1324d8a3d58d2cb7e0f90b573f60e513c6fc2476e0f44a3d799b3New Vulnerability found in Allmanage. This one gives access to the main admin panel where you can set a lot of options and variables. Websites using Allmanage Website Administration Software 2.6 with the upload ability contain an easily exploited vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main directory of the CGI script.
0e8435060a9e6771f7386b3732f06e361de8d7c64759e6a4602769a0519d780fFTP Server (Version 6.2/OpenBSD/Linux-0.10) and 6.3 ?? getwd() overflow. linux exploit, remote penetration. Submitted Anonymously.
82deb3b1e336420b047ae22a065a37491bc71fc6c6c4453cf3461919f13bcbfdNew TESO kscd exploit (cd player is KDE multimedia package)
e2cfafa7ac798db283b6758278403a70baea8c1bc09a51fe0721f706e1a5989anetprex.c is a SPARC / i386 buffer overflow root exploit for /usr/lib/lp/bin/netpr. Tested on Solaris 2.6 & 2.7.
21278b338507f51451755de48454f9dbe57552b2e6b8eb5518d045548be3b193Websites using Allmanage Website Administration Software 2.6 with the upload ability contain an easily exploited vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main directory of the CGI script.
28da141276c6e2c819bc1648db253cc3e8c8bb66f3f25be3bda20c50b11dcfceWatcheador is a Windows application allows you to view ASP source code using the Index Server bug in IIS 4 & IIS 5. Written in Delphi 4.0. Comments in spanish.
0cb4c709460305fb3b8f99be10150eb2688fae9185521c51c6dbb18bf49e09daSilent delivery and installation of an executable on a target Windows computer is possible by combining some bugs. No client input other than opening an email or newsgroup post is neceassary, making the possibilities endless. The key component is from Georgi Guninski, the wordpad overflow. An ActiveX control does the rest. Exploit code included.
007f9308b3ece160e58c992cce562deeca8b829f5e860c221e1cc845b05f041anis-spoof.c spoofs the response from a NIS server to a client.
e767ec14fcd1d8828d2216e5f793b7001d6f722f8cd0bbb2330dd185eed139b3BufferOverflow Advisory: Unchecked system call in Bugzilla 2.8. The script used to submit new bugs, process_bug.cgi, is vulnerable because it does not check the contents of the who field. Includes perl remote exploit code.
c03b1338b6456d559d308a4ca0f67b5d6cb1acb1d1ed85a1dec83f1ca6175f4cGnapster and possibly other napster clients do not check the integrity of filenames in download requests. Any filename that the client user has read access to may be downloaded. Also includes some service denial techniques.
5712de51a767ac94e1223643e7f8b24f6f5b3594014d86267156adb3b30b5091Hotmail is vulnerable to yet another serious security problem involving javascript. Windows, MacOS, and Linux users are affected. Consequences include hotmail account takeover, redirecting a hotmail user to any site, or access to the users computer if combined with other known exploits.
b5c11b65292e58dd2677389be22affdd1c3df87cc7488c5d48a5d785938ef4f6Major security issue with networksolutions.com(easysteps.pl). This is being distributed amongst the irc.
5bb0b27956ea17dfff4e3397488439c628f1b4637003f3b6a938c243e772152cSSG-arp.c - AIX 4.1.4.0 local root /usr/sbin/arp exploit.
9ff86808e28a7d23e83be7990d965a070f7b61cbe274620b1437a7bb90a0435bThis exploit spawns an EGID mail shell on the default Slackware 4 install.
d1e67efe4126f2f7afd3ac7d85e4649457759a6fd8ea24490ca70370881514ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed