Packet Storm new exploits for July, 2000.
9349ea6a657b5094e05cf05285f9a1b6bb04d5ed60b11272d30dc06a42851b41NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0.
fd048c6976c8652d858e282e552db1b774bbf2a33f9c4f5d8cbdad0d39ab5194Bajie is a freeware HTTP daemon written in Java has vulnerabilities which allow remote users to view any file on the system, and find out the real server path.
bb0152854b73ba34c57a2533b63ba1faaf12153332b4f4aad09a36c44a8d4d19Foundstone Security Advisory - Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing an attacker to view the source code of any file within the web document root of the web server. Depending on web application and directory structure attacker can access and view unauthorized files. Proof of concept URL's included.
a1739693599c1bd00c0168ba2ed4568341d3855b737c21cb6ff4a6e8b88a66b3CVS v1.10.8 allows users to execute any binary on the server using CVS/Checkin.prog or CVS/Update.prog.
3bad54e974cc32ceefdd397039c3e78f336610cb288f63062a9e39840d1bfa34BitchX-75p3 local exploit, Redhat 6.2 x86.
0fbfba9f5b11b246a994aa20de5302b946a018356a05381421a68087073333caThe D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password.
38facafaac95d809bb8da1935129228b1a5ac274f9bdd91ef816186614cbbffdWinamp contains a buffer overflow in its M3U playlist parser. It is possible to execute arbitrary code on a remote computer via a malicious playlist. Proof of concept playlist included.
9765035f7869f821c9fe0e6fe3c9d6e919118bc1a0033378ca09f8927214f384Foundstone Security Advisory - AnalogX SimpleServer:WWW v1.06 and below is vulnerable to a "relative directory path" attack that allows a remote user to retrieve any known file one the the server.
2aa7701a5bbde76d87bd4d641b145632b1ca55e9080324df5aad27644489f2c1ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included.
c08944303a5c4fb8db44beece6ca8c9e5f3f74e31842f8ec050ebb34e977435cFoundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples.
ecf9025d8fb2c5b91e285bf9f4839c34b7b4005d1ba80cb67d41d7edd59381deNetscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape.
0f05859c7ef597bbacc6e8eca02d88950d83123ded5db560eac573fc6dc8107fNetscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms.
6c13825689c162377d5aef906252e6f595a0015f46abc25bdb05bed5645897b5WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each.
f66747fe1c3efb7f98a0b76e20c56baf2efea4d7adf3ae8f603bfb1fcc4364e6fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000.
1985383a8c4a1bd9fdb9bde3638a6dc40d228e18f469aee8d932cdeec65324e4Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups.
2f7dee6b0a712a2ec0f4773b51daa24e069086bc2dbc73ffb50a9d1c4ccfdca7Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer.
0a106d313f4d701240d2c353c6d13d94bd56cd95675b225e91644c39bf674c86Click Responder v1.02 remote exploit - spawns an xterm from the victim computer.
641649b9d5e09cdbd6153ff158fd12a709fc05ea1502c9ebc1c2a9a2d2e706b7bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm.
8bef063aa4f8a6099294506a682482551cb6e76ed05df104f7d8cd504ab6d562AlienForm2 remote cgi exploit - Spawns an xterm from target machine.
0f1c6a0e6f0f4c3ce24670e4260bc91a1fbb65613853982bf45a8ba4a3f01572bnbform.cgi v4.0 and below remote exploit - reads any file on the system.
f8545048ece8ca8481bfdc18a36d3918bf84ddc084afd0240f23a03690f02408BitchX (75p3/1.0c16) local exploit.
aa40b281d2c006cac231c6c8505bc1727b23ce226626ce92283f8b3ea00b8becWu-ftpd v2.4(4) remote root exploit. Exploits the SITE EXEC buffer overflow.
30ef02937719df0ad119e5858cca2726768166acf8b807fa9b407db7a9340c28PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.
f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
