bland.c exploits a bug in Guantlet 5.0 which causes the firewall to hang when an invalid ICMP packet is sent to a machine which is forwarded through the firewall.
09a5c8c71232fd537a6add6c81e27e690a0d7c6674e8c844053c608c81e84ec0Frontpage Server Extension shtml.exe denial of service attack. Based on an advisory by www.xato.net. Vulnerable systems include Microsoft Windows 95, 98, NT 4.0 and NT 2000.
43d752f3668ac471fb7f9b5cda917b5b2b09dc06934f38381a453cd6dfb342d1Zgv 3.0 local exploit for Linux.
97a09fdb60023de0734f695a952ce7ceec2f4651602772ae2bbd81286136ebe7rumple.tgz exploits the recent ld.so unsetenv vulnerability in Caldera Openlinux.
56c493b400141689b410dc981464badb4d7008167d902e6412e0e9cce077ac82Solaris 2.x locale exploit - exploits /usr/bin/msgfmt and /usr/bin/eject locale format bug for local root access.
88937ded48954c3ed21f78a4d769f8190c43fa9f3802825fa180b88ccb18bec4The IMP-2.2.0 webmail interface contains a bug in the the library file "horde.lib" which allows commands to be executed under the UID which the webserver runs as. Exploit information included. Patch available here.
5cd37cea6ed0bf632564427031d816598d01b2a66f0f2101fca4af6f7600bec3Darxite Daemon v0.4 password authentication buffer overflow exploit. Spawns a remote shell.
e3dd3a037dbb8d042f99c43279d3db0d7a79d4196e1044166dd2c8ca7718e9a6TYPSoft FTP Server 0.78 for Windows 9X and WinNT is vulnerable to a denial of service attack. Sending a long user or pass commands causes the server to hang and increase system resources. Perl exploit included.
6290ed9092ce73d9e92df721518efe218bf3ccf081ac7b79d93e84f30cccd104Anyportal v0.1 allows remote users to read any file on the webserver by submitting modified forms.
e1ec85ae33fed5f71b59bb5010d7c3248c2ba5c473dd1c55908c4be4e6a1ee39phpPhotoAlbum v0.99 and below for Windows and Unix allows remote users to read any file on the system with priviledges as the httpd. Fix available here.
1fd5dac557c53d92324e640ef142c13d6504f28411ca172131ea0b05a2852c6eSecure Reality Pty Ltd. Security Advisory #1 - PHP's handling of uploads permits a remote attacker to manipulate PHP applications into opening arbitrary files on the server with the permission level of the user running the server. Almost any PHP program which provides upload capability is vulnerable.
aeaf6e2aa7063b4ff85dd2c6645bd2a6aa56552e8a26b759f5817c1bbd0a2039Screen 3.9.5 and below local root exploit for Linux. Tested against SuSE 6.1.
b32cf02872905afa005ea30d36475fca569d44e349e023f5c0478a9e94373d11GLIBC 2.1 language local root exploit. Includes bypassing Solar Designer Stack Patch. Tested against Debian 2.1/2.2, exploits Glibc and /usr/bin/msgfmt.
7595e563137275d49fd68534ecc6196a233a1a24803e1370fc47ba2aae3be20cGopher2.3.1p0 and below has many overflowable functions in the daemon. Most of them overflow with hardcoded data that gets passed along - making it not possible to change any pointers. The "halidate" function contains an exploitable buffer overflow - exploit code for linux included. Note: This is not related to the other vulnerability, authenticate.c, which has since been patched in 2.3.1p0. 2.3.1p0 is vulnerable to this.
c9a967732b2e2119e924d33a9e324290a5f84f712275f52f3cd713c43b128f87BNC 2.6.4 remote denial of service exploit. Causes all users who are connected to IRC by BNC by exhausting the resources of the BNC server.
2b404efc7917d8d05e17566fbbda6f862e58ad17893ed5aac38f790bba57dbebHyperterminal, the default telnet program on Windows 98, contains a buffer overflow vulnerability. It is possible to exploit via IE using a long telnet: URL.
8b90845eac862f8b4a616ef0ba0cd3928cdcaecbb16e67ea6204413e73f639bdAuction Weaver 1.02 Lite remote proof of concept exploit. Spawns an xterm by exploiting an insecure open() call.
05490e9058e27b2b15a85eb91906bf90777cd620da83832f56681fe3570761b8The ICQ Greeting Card service allows HTML commands to be sent to the target user. Any malicious HTML such as file:///c:/con/con can crash the system or exploit other HTML based vulnerabilities.
bc5b109db4538ee867af58c61bf71e039eb3c0c10b62871eae499953483f35fcVigilante Advisory #8 - NTMail Configuration Service v5 & v6 denial of service. The web configuration running on TCP port 8000 does not flush incomplete HTTP requests, and thus it is possible to use up all the server ressources within a very short time.
c9fec19beb463e9c88ed288d26e1bc526386517c5982cb2f718dc275c18ea22bcpmdaemon is a program that runs as a daemon or a cgi which allows changing of passwords. It allows brute force dictionary attacks against user passwords without any logging. Includes exp_cpmdaemon.c proof of concept code.
3483de64828caecd47ac6a0791f690c8028feb0bc3131f6bcd8c612b01b7ba04WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.
193366b65a5b1cdd836be3470f4aa6808039ca44452fe3c05bb6a2925d08ca56WFTPD/WFTPD Pro 2.41 RC12 contains a remote denial of service vulnerability which does not require a valid login/password. Perl exploit code included.
2ce2075c4946300317f659cb6ce029291184ad6df10f2c8ceaee2b6620d0efc2Thatware is a news portal administration tool. The security vulnerabilities in Thatware allows attacker to gain administrative access to the application. Two exploits included. Fix: For a quick fix, simply rename admin.php3 and simply quote all numeric data in SQL statements.
f1837f7f0c5bc17cf29726c8a0e878307e31fc3411e3a8cfb596b751b87fd088
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed