Immunix OS stackguard evading LC glibc + su + msgfmt local root exploit. Tested on Immunix OS (Stackguarded Redhat 6.2). Patch available here.
e2922ba11b17fe95138d9bdf5612999e7ad04919271ca894dc28a29b7d779223/usr/bin/traceroute local root format string exploit for LBNL traceroute, distributed with Red Hat 6.1/6.2 and Debian 2.2.
eac8e33beaa9da34d3ff79bf6a8fd5f9817c277464588facdda8b802d020cab4OpenBSD 2.6 and 2.7 xlock local root format string exploit.
d9c51047e5c8a7f38729c09e87bad09d9750d4d980cea6a7b2e76cf318636dbaGeorgi Guninski security advisory #23 - Internet Explorer 5.5/Outlook allow executing arbitray programs after viewing web page or email message. This very serious vulnerability may easily lead to taking full control over user's computer. The problem is the com.ms.activeX.ActiveXComponent java object, which allows creating and scripting arbitrary ActiveX objects, including those not marked safe for scripting. Demonstration available here.
27e12e35034dfe08d65a2d1ce60a0c62b0edbb7d88eec3dfcb77203e10bad419Delphis Consulting Plc Security Team Advisory DST2K0039 - WebData allows users which have an account to read any file on the webserver. Patch and exploit information included.
9d9b28782a7e43b0f385240fa3af864d29b9b0299405af6b0e8f22619c48d855Delphis Consulting Plc Security Team Advisory DST2K0036 - CyberOffice Shopping Cart v2 under Windows NT allows remote users to modify the price of items because prices are set by a hidden form field.
23e3f2c45abc484fb83817dec5582c0edb01f638db7dcbb693eec81c06bf7de3Cached_Feed.cgi v1.0 from here.
58833a60a07b6e7617ac6adbcde536677a6818e5d40950bc51da81bb9684196bThttpd 2.19 and below includes a CGI program "ssi" which contains a vulnerability which allows remote users to read any file on the webserver. Exploit examples included. Fix available here.
5cf4c016185b6b2c6b33bf5944ac239ead66ec315980d03e497f790eea3acb5bWhen scp'ing files from a remote machine, the remote scp daemon can be modified to overwrite arbitrary files on the client side. Scp from ssh-1.2.30 and below is vulnerable. Proof of concept scp replacment included.
c83fdb97397307f495d1cef7e5ab8dc8f8740692dccebe8deaaee85d3f5a2fe1BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
e24169f769ff08b95674ca0b151e7ca48901eed39216c7984e0e4d0e2e4797aeOpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
0871c02f9900cd9d31c6b18d39964674456feb034d0b15de1647853203cc0096Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
3039f45d2afe1dffcacaeeaa10a0cd1ac319430fdfef2be12356e97c5078f50b/usr/bin/chpass local EDITOR variable format string exploit for *BSD. Tested on OpenBSD, FreeBSD, and NetBSD.
97b3137f4851f097d02215919feb794baf8bc78203a4d676704fcda9229e4198Inebriation.c is a local linux/x86 /bin/su + locale libc functions exploit which has been written in response to previous unreliable exploits for this vulnerability. It includes a perl wrapper to find the correct offset, can use GOT overwrites to evade stackguard, stackshield, and libsafe, uses clean overflow string creation, and has documentation and several other usability improvements.
79c94c5fa03623a02f4886cf1b9049e8f2ca654b18f436c51d3c88a2c462c274There is a vulnerability in the Wingate engine that allows a malicious user to disable all services to the engine by sending an abnormal string to the enabled Winsock Redirecter Service. Wingate Home/Standard/Pro version 4.0.1 is vulnerable. The problem has been addressed in Wingate 4.1 Beta A.
adfb54633be316c75b5176b75c94c600197e9e47ad32afe8556a55aab94d4477
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed