Proof of Concept. There exists a vulnerability in Pine 4.21 involving the portion of code in charge of peroidically checking email when a pine client is open.
4c381d3dd367cf74ed25122f66d5999b745e2e0d8ac761b2a7d1dd33c1d5f17cThis hole is for the control panel of all Alabanza based resellers/hosts. There could be more bugs. This is serious enough since you can delete all resold domains for a particulr webhosting company. You can also change the default MX and CNAME records of all associated domains.
53801f2b11521cbfb88f3a244efe6da453e8cf7c77bc1c4480c79b3231bb1fc6Klogd Local Exploit. Envcheck is a Linux/x86 kernel module which strips dangerous environment variables before executing a new program, and which can be used to log these probably threatening events. However, a recent format string handling bug in klogd allows an attacker to overflow its buffer and execute arbitrary code.
00657f3b775f48ad572550dfdff266b0e9640533df27a3bbd59dfc91f83192ebDenial of service exploit for CiscoSecure ACS for Windows NT Server prior to release 2.4(3), as described in cisco.00-09-21.ciscosecure. Sends an oversized URL to TCP port 2002, causing the CSAdmin module to crash.
d76e6d70deea1e08c86802aa50e2b1dc8d782a0cb82ae1a351ea663e9c68ef64Synnergy Laboratories Advisory SLA-2000-14 - The BSD/Linux telnet client has a stack overflow which is not usually a security problem, except in the case of a restricted shell environment which allows users to set environment variables and run telnet. Perl proof of concept exploit included.
edc44b44131a6f19bee4f950cce7723477469f167ee3406d25923487214db406Exploit for the recently published Denial of Service Vulnerability in WebTV for Windows discussed on Bugtraq ID 1671 published on 9/12/2000.
8b66d8e815481bbb72395de08927c43e8bc87630b8ebaafcd5fa7b63694b0c8aMultihtml.c is a remote exploit for /cgi-bin/multihtml.pl, versions previous to 2.2 which spawns a remote shell.
1cb8b402e54df7815270db3a85536296536997d3459dfb03bc464424e639323cVigilante Advisory #13 - WinCOM LPD V1.00.90 for Windows NT contains a denial of service vulnerability. A steady stream of LPD options sent to TCP port 515 will eventually consume all the memory on that host.
ba7ccfd5b67e3c0588662c9527a602816dcfb0c5a62a0a91d09a4406cc5875b6Napster sends the full path of all the MP3's it sends to the remote user.
2b462826c9393e9037288e380064d8302a7d3cb8499ca32b1d10dcd7d360e5f1C-Kermit local exploit. Versions 7.0.197 and below are vulnerable. Tested on Slackware 7, where it is not suid. It is suid on Olivetti X/OS R2.3, 3.x.
b1c58ec5e7f44694f976de55f2766d8a2088c17241a91eff5815c66be7258e40Kernel logging daemon klogd in the sysklogd package for Linux contains a "format bug" making it vulnerable to local root compromise (successfully tested on Linux/x86). There's also a possibility for remote vulnerability under certain (rather unprobable) circumstances and a more probable semi-remote exploitableness with knfsd.
2ecbd0ed65cc65018f64e392edb56708bf8a2ff389e963f1c9c260946bd00f25Vigilante Advisory #12 - Mdaemon 3.1.1 for Windows NT includes Webconfig and Worldclient which listen to TCP port 3000 and 3001. They both are vulnerable to a heap overflow vulnerability which could be used to execute arbitrary code. Fix available here.
9633e5d15d8fbf21e8c07e68f5b9143eb0b13c96a75fdb436fc56cddf57db245The Windows 2000 Telnet client can be launched via email or browser and automatically passes NTLM authentication credentials to a telnet server. Proof of concept exploit includes a modified telnet server which causes the w2k telnet client to auto authenticate and prehash-ntlm.c which can be used to launch a dictionary attack against a retrieved hash.
82b52ace068cc6c157c2910a941a5a36a69ebeed844d0b304468d6b56322c0aeMultiHTML (/cgi-bin/multihtml.pl)is a CGI script which has a vulnerability allowing remote users to read any file on the webserver.
228cf3036d6dc675782ffe1ed3fbd4cb7b47b8d64048d18536d2852fc1ee1bf8Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.
682efe87f41f4ff59f349e51db891761fcbe069277019c774fc845c93fc2a01dVigilante Advisory #11 - Lotus Domino ESMTP Service Lotus Domino Release 5.0.2a contains a buffer overflow in the processing of SMTp commands, causing the service to crash. Tested on OS/2 Warp 4.5, it is assumed that other platforms are vulnerable as well.
899917d16df031887b0b09207f33847668e2d85bd87d183da90737c8950ead90Vigilante Advisory #10 - Intel Express Switch series 500 crashes when a malformed ICMP packet is sent to the Intel Express Switch or a host behind it. The switch looses all routing functionality but continues to function as a switch, except for the fact that learning also crashes, so new connections are not "picked up". Fix available here.
7256e8c0df1d7ce12f4af0950cdfe91032004217c0851024af0a141e17c70d5aVigilante Advisory #9 - Internet Information Server (IIS) 4.0 for Windows NT 4.0 is vulnerable to a denial of service attack as described in ms00-063 in which a certain series of requests can cause INETINFO.EXE to gradually consume all system ressources (99-100% CPU and all memory). When the pagefile can't expand any further, INETINFO.EXE is killed by the operating system.
f88b454e98f58dc0cab36e2079df258a10823f10487e75deb9870d645da092caScreen 3.9.5 BSD local root exploit. Tested against OpenBSD.
8ee52045aae8ee9d02f7529addb6cb4f32eb283bdbcc2dfabb8ab07255fc01c5locale.c is a local root exploit for the glibc / locale format string bug. Tested against RedHat 6.2 with kernel 2.2.16.
04c4435735e287f9fd1e709e762aa900e3d60c3d7b0792743e6936a569fb926eScreen 3.7.6 (and others) local root exploit.
62f1c82f1876f11bcc563d044cc998f0f0b3ce2061a32bad1588595b8a773e53Yabb 9.1.2000 and prior for Windows and Unix is a web based BBS system which has a vulnerability in YaBB.pl which allows remote attackers to view any file on the system.
b2141b021a48b28bf0bb81210dfbaa6fe7aae1817ab3d9c84bb3511551d57e91Robotex Viking Server 1.0.6 Build 355 and prior for Windows 95 and NT remote buffer overflow exploit. Binds a shell to a port.
e22c42e753f4fa08366620f23765653b64d03ab67ef2ecf8a07e490cb488a968Mobius DocumentDirect for the Internet 1.2 remote exploit. Binds a shell to a port.
ce3a7e218bb9fb62db69535c606419166b381ba3fb2b77281d56bfcfa40b2ec3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed