vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected.
50488cee02fca807a8ce6e2060e9884bc802b907abd649fbdd372b9c7f8b7faeVigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.
e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4cBubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot.
2013c97c64a142d7b60cf7fb0c87cfb2051a655e1a6bbacda27c715de28a58c4Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems.
087027be1ed28b34dfed0504b156c7b5365220433158b9462f5e771cc9c446cdA short advisory on how to manipulate a bug in the PHP-nuke Web Portal System to allow you to gain administrative access.
cf5caaf8ca30d68549e8b03b403d8357b9091908f9a1f4a699adfa6d79dd6c90USSR Labs Advisory #51 - There is a remote denial of service caused by a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000 for Windows NT/2000. The included shell code causes the system to crash.
80aaff8dc2722ce8975dbf99700af93496577d3c0b91d5b96d636774b89c15f0Darxite, a daemon that retrieves files via FTP or HTTP, has several vulnerabilities throughout the code that allow a local/remote user to crash the servers, as well as a passwd authentication remote overflow, allowing remote shell access as the uid of the darxite daemon. Exploit and advisory included. Tested against Linux x86 systems.
2c5a17a7af5e62b8c35d708754842d9f6d13efbcd99d19896e60c3d9ca6f3760Slrnpull.c exploits a local buffer overflow vulnerability in slrnpull version 0.9.6.2, which is setgid news. Tested against RedHat 6.2.
416129da6ec1a149669dbfa4d033e8be06cf479f020fc5eefda50e6ade9d3fc9A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc
eca37faae9a6a2eeba44799294fae819f847c9d8cb2db5b49509a50b9b29c9acHtgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program.
c01230dec2a91deb2f424d3380ac2843757db64552164f3d93bd6365f519b20bSrcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages.
33424ecc3ff3c935dcbae09202091459045e94a6f7ba54fa540a7133c419705eThe ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string.
4ed56e4e5d88cc9b9c62d4ce74ab7b94bc9d98b285cadb58d0da304ceca15a9bGeorgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here.
49fd86e3c8396e11f2d62291b0e07c00a9c7b972856156f9dac92627faf60f3bRapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
1fd2ed25e75ae6103e367de4a012acaddbd2dec2b82709822d1d1f127d8cc413Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration.
8c9396b46daebd7ef569ec0f947a5ed309df55823876b48edcb9daffb8a5e521Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here.
dcb764dd372fa94bea264f25decd609cbc3da5a3d482b1c028224a0dfc38159bVigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here.
14919ca4948fe3696698e353b783188ead84c819a08b964e581bbb6c4dfa3cc0Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here.
2f0b0f3203076a0c3be1376c0bf6a444c51fef60e897a936f0aedc04872cfb91Form-Totaller version 1.0 (form-totaller.cgi) trusts user input for filenames, allowing a remote user to read any file on the webserver.
e3d777d52f8cfacde87ec258a2d6cfa48ba8b637c56c21835cdf716ee4620394The Everything Form (everythingform.cgi) contains remote vulnerabilities which allow any file on the sytem to be read.
1b339106ce174c1887c0dbb63dc46ef3e2273e5d5d44fae56593ea21e2c22e12The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86.
0a1486af2061c3b2f7952eb470c47fcbf6d3d36571a036f046ae5709356c58d1Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0.
71aa58978ab9c730cefaa09803a9c98febeb91b69d9d601ac9a232b790ac1e41Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k.
4d5eb9ffd94b406e9662e8575bcca3692763124371afe9b77e28d789f947712fRedhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2.
c1de1ba5c571d6f403a8f820e615faa4e5df066142935928a9f9d39804e2b53fGopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd.
9c2f2d4a91a62e040ddd61ebd3561c42d0097168294f3951f1f9d91c91fab2e1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed