Packet Storm new exploits for July, 2000.
9349ea6a657b5094e05cf05285f9a1b6bb04d5ed60b11272d30dc06a42851b41
NCSA Httpd v1.3 remote root exploit. Tested against Slackware 4.0.
fd048c6976c8652d858e282e552db1b774bbf2a33f9c4f5d8cbdad0d39ab5194
Bajie is a freeware HTTP daemon written in Java has vulnerabilities which allow remote users to view any file on the system, and find out the real server path.
bb0152854b73ba34c57a2533b63ba1faaf12153332b4f4aad09a36c44a8d4d19
Foundstone Security Advisory - Two show code vulnerabilities exist with BEA's WebLogic 5.1.0 allowing an attacker to view the source code of any file within the web document root of the web server. Depending on web application and directory structure attacker can access and view unauthorized files. Proof of concept URL's included.
a1739693599c1bd00c0168ba2ed4568341d3855b737c21cb6ff4a6e8b88a66b3
CVS v1.10.8 allows users to execute any binary on the server using CVS/Checkin.prog or CVS/Update.prog.
3bad54e974cc32ceefdd397039c3e78f336610cb288f63062a9e39840d1bfa34
BitchX-75p3 local exploit, Redhat 6.2 x86.
0fbfba9f5b11b246a994aa20de5302b946a018356a05381421a68087073333ca
The D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password.
38facafaac95d809bb8da1935129228b1a5ac274f9bdd91ef816186614cbbffd
Winamp contains a buffer overflow in its M3U playlist parser. It is possible to execute arbitrary code on a remote computer via a malicious playlist. Proof of concept playlist included.
9765035f7869f821c9fe0e6fe3c9d6e919118bc1a0033378ca09f8927214f384
Foundstone Security Advisory - AnalogX SimpleServer:WWW v1.06 and below is vulnerable to a "relative directory path" attack that allows a remote user to retrieve any known file one the the server.
2aa7701a5bbde76d87bd4d641b145632b1ca55e9080324df5aad27644489f2c1
ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included.
c08944303a5c4fb8db44beece6ca8c9e5f3f74e31842f8ec050ebb34e977435c
Foundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples.
ecf9025d8fb2c5b91e285bf9f4839c34b7b4005d1ba80cb67d41d7edd59381de
Netscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape.
0f05859c7ef597bbacc6e8eca02d88950d83123ded5db560eac573fc6dc8107f
Netscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms.
6c13825689c162377d5aef906252e6f595a0015f46abc25bdb05bed5645897b5
WFTPD/WFTPD Pro 2.41 RC11 contains four remote denial of service vulnerabilities. Perl proof of concept code included for each.
f66747fe1c3efb7f98a0b76e20c56baf2efea4d7adf3ae8f603bfb1fcc4364e6
fawx2.c sends fragmented junk to port 139, causing a blue screen under Windows 95 / 98 / 2000.
1985383a8c4a1bd9fdb9bde3638a6dc40d228e18f469aee8d932cdeec65324e4
Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups.
2f7dee6b0a712a2ec0f4773b51daa24e069086bc2dbc73ffb50a9d1c4ccfdca7
Form Mail v1.0 (form.cgi) remote exploit - spawns an xterm from the victim computer.
0a106d313f4d701240d2c353c6d13d94bd56cd95675b225e91644c39bf674c86
Click Responder v1.02 remote exploit - spawns an xterm from the victim computer.
641649b9d5e09cdbd6153ff158fd12a709fc05ea1502c9ebc1c2a9a2d2e706b7
bulk.cgi is a Bulk Mailer CGI which has remote vulernabilities which allow an attacker to spawn an xterm.
8bef063aa4f8a6099294506a682482551cb6e76ed05df104f7d8cd504ab6d562
AlienForm2 remote cgi exploit - Spawns an xterm from target machine.
0f1c6a0e6f0f4c3ce24670e4260bc91a1fbb65613853982bf45a8ba4a3f01572
bnbform.cgi v4.0 and below remote exploit - reads any file on the system.
f8545048ece8ca8481bfdc18a36d3918bf84ddc084afd0240f23a03690f02408
BitchX (75p3/1.0c16) local exploit.
aa40b281d2c006cac231c6c8505bc1727b23ce226626ce92283f8b3ea00b8bec
Wu-ftpd v2.4(4) remote root exploit. Exploits the SITE EXEC buffer overflow.
30ef02937719df0ad119e5858cca2726768166acf8b807fa9b407db7a9340c28
PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.
f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f