iisex.c is a remote command execution exploit for Microsoft IIS 4.0 and 5.0, as discussed in iis-unicode.txt which attempts to provide an interactive cmd.exe shell.
4750ce76fa11a85f6f1ef97478408066fedff3d6adc705ce98126be2563f7cf6/usr/sbin/userhelper / kbdrate local root exploit - works only at console. Works well for people you know.
f306e4b3197582d95675db9964fb45bc371416bf6ee9795a7888f293e8872bc3Slackware Linux's ppp-off command uses /tmp insecurely by writing ps output to /tmp/grep.tmp, allowing an unprivileged user to overwrite any file as root.
1e2516ab243a13e088be91f759a25f88ce099f7410487a4e595a22b99aeb688cThe Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.
321410a4245baf94d24899baac40728a163cf83df38b90575b4aac920f73f359Auction Weaver LITE 1.0 - 1.04 contains remote vulnerabilities which allow users to read any file on the filesystem, and delete arbitrary files. Fix available here.
7321c9d080577203ab8456a7016142136aeefd6b6f8b4e04f589c76bd7ab1aa9Georgi Guninski security advisory #24 - IE 5.5, Outlook, and Outlook Express has a serious security vulnerability which allows remote users to read local files, arbitrary URLs, and local directory structure after viewing a web page or reading HTML message. The problem is that you are allowed to specify an arbitrary codebase for an applet loaded from here.
4c84e6a9bab5f1f849dc508650403150f24b823501e7ecc02ccf5a7182a26dbcWeb Store (cgi-bin/Web_store/web_store.cgi) is vulnerable to a bug which allows remote users to read any file on the webserver. Exploit URL included.
e8d84c70573247b065488f0c2c61893c5a193d20ae5dd8ce1b4b82b6109b1452Red Hat 6.1/6.2 traceroute local root exploit which exploits the traceroute -g bug, as described in the Red Hat Advisory on Traceroute.
2f2c05c49da7f513c3947676832869a817e0236622068d98971c3738b9639160rain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.
2b1c446965eae66c719dc5275df8c83c036b0c35b914f77fa9b14f18472713f1PHP/3.0.12, 3.0.15, and 3.0.16 with apache 1.3.12 remote format string exploit for FreeBSD 3.4, Slackware Linux 4.0, and 7.0.
96da427c5e520f508d5095e2ae72b3ea84315600ce6f8c479d2b052c33f7f03fWingate 4.1 Beta A and below allows users with access to read the logs to read any file on the filesystem by encoding the URL with escape codes, bypassing input validation. Includes wgate41a.c, proof of concept code. Fix available here.
d911de7376362eaa57534d66e1363dca6a222e4eac2a3b3c940f8173fb80d190GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.
0152f01fe95821ca442a86d5040d00c6f94af97c5ed3d54f2c0d85ef0541b8d8Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840Kak.hta is a variation of the recent ActiveX Dotslash.
bdb21f8e4b7bfa50a24c006b6d2979c765ccd82a4bdedeee48257dd7ffdee0b2NSFocus Security Advisory(SA2000-04) - A denial of service flaw has been found in the Microsoft Win9x netbios client. An attacker can modify his host file share service and perform DoS attack against a Win9x client that visits it. Windows 95, 98, and 98se are vulnerable.
9236c974af81c4c844db26363d287b64b22ac6b3a14b0d4342716a88acbe836aNSFocus Security Advisory(SA2000-05) - Microsoft Windows 9x NETBIOS password verification contains a vulnerability which allows an attacker to use a share only knowing the first byte of the password, which can easily be guessed. This is the flaw described in ms00-072 which affects Windows 95, 98, and 98se.
7aef63a9de0679d5b03e709420e8ddace4d85f1bf4c6394a3d8949d58d90ea2aNSFOCUS Security Advisory(SA2000-03) - A denial of service vulnerability has been found in the IPX/SPX protocol implementation. When a WIN9x host receives a IPX NMPI packet that has the same source and destination machine name of its own, it will be lead to an infinite loop of sending and receiving packets. This attack will consume a large sum of CPU resource of attacked host, causing it to crash.
ee09333c713c3c147526afc9d6f8cea9c39dd915e503348778b1122d7781a015FreeBSD 4.X local /usr/bin/systat exploit. Gives a sgid kmem shell by exploiting the .terminfo bug in ncurses.
74912457abcb06d1b3486b0919890ed721d24f2ed15b58307dd60bb46c085361Synnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a23909da35478f6a2095d6d342fb63d5f4accfbcc2879f4add37f28616e828c3The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.
cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257Vigilante Advisory #14 - HP Jetdirect print servers have multiple vulnerabilities which have effects ranging from the service crashing to the printer initiating a firmware upgrade based on random garbage in the memory, and in some cases powercycling won't fix the crash. It requires a new firmware burn by eg. HP to restore the Jetdirect card. The FTP, Telnet, and LPD services contain buffer overflows, and spoofed malformed packets can crash the printer. Fix available here.
bdca6965e5cc27db16052ee9d2ed6315debed77a62a63aa071a0614cac33ff36PHPix, a Web-based photo album viewer written in PHP has a vulnerability which allows remote users to traverse directories and read any file on the server. Exploit URL included. Fix available here.
e4419820f11faed3b78317f5462ba2159447f498e8b203f34e98a29ecac583bcThe BOA webserver version 0.94.8.2 and below contains a vulnerability which allows remote users to read any file on the system. Exploit URL included. Fix available here.
a859a68ad11a042096b6a7dcc8f53e25349a563780aa31e67195cba709f232e8Delphis Consulting Plc Security Team Advisory DST2K0040 - QuotaAdvisor 4.1 by WQuinn For Windows NT allows users to list all the files contained on a file system which is on a server with QuotaAdvisor running on it.
207715a553367fd86d35fea578da89546850f009eafcc211cb4a0381746ecbedGodmessage 3 (Revision 4) is an Active X trojan which automatically uploads a binary to unpatched IE browsers by simply viewing HTML code. Tested against IE 5.0, 5.01, and 5.5 on Windows NT, 2000, and 98. WARNING: Viewing this HTML very well may break your computer if you run Windows!
a7e16b7e8a4025e6d430b19893b0e47492278ae88ad47135008aef0feeeb93cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed