Phf remote buffer overflow exploit for Linux x86. This is unrelated to the well known bad filter problem.
dda637097e40cd9c4bab46146c697ddeda5528f58361e4794448e0c9456e6f07Gnomehack v1.0.5 local buffer overflow exploit which gives a egid=60 (games) shell if gnomehack is sgid (2755), tested on Debian 2.2. The same bug also affects Nethack.
816be742420d036d0db3dc9087eb0fb8b2fcf51694ed67304fa2c176d19a55caVoyant Technologies Sonata Conferencing vulnerability report - Local and remote vulnerabilities have been found in both the Solaris and OS/2 hosts, including reused default passwords, poor file permissions, a lack of host hardening, account enumeration, and an insecure X console.
a8e729c47d2cec5776df25793904a78c510a9d33109cf09b1c50ec0743406e0eAll versions of the OpenSSH ssh client prior to 2.3.0 have a vulnerability which allows malicious OpenSSH servers to turn on port forwarding even if it is disabled in the client configuration, allowing hostile servers can access your X11 display or your ssh-agent. Newest version available here.
88a6f152715ed2102ed19a929d57f787c9dc819200cd2d44c5c2953c5a65bd70Openwall.c is a local root exploit in LBNL traceroute v1.4a5 which executes the heap instead of the stack, avoiding the openwall kernel patch.
5a4eb07dd10935e561cd0362cab0d201490486943936df1793875876d5cc6377Traceroot2.c - Improved local root exploit in LBNL traceroute v1.4a5. Tested against Debian GNU/Linux 2.2 x86 and sparc, and Red Hat 6.2 x86. Advisory on this issue available here.
a06125779635863516715cdc87f58a395e2f5821e7f2c5fb7bace3311690914bSolaris Sparc 2.6 / 7 local root exploit against /usr/bin/passwd which uses the yet unpatched libc locale bug and bypasses non-executable stack protection.
9dc277fdb780142c947251ebc93a3f2d952d404ea7c6e9a9a18360bb133880c4BSDI /usr/contrib/bin/filter v2.* local buffer overflow exploit. Tested on BSDI 3.0, provides a shell with GID mail.
e534fc0c8aa82b47dead2e0e671e1935ad2cdccabd46b611e35f366b86b24a78iXsecurity Security Vulnerability Report - The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files to anyone who can access TCP port 2301. Allows remote users to read the remote console password. Software version 2.28 verified vulnerable. Compaq advisory available here.
992ae643310081a28265d7edbe6fcf3cd675ed92732e4ecbee1271c805355517HP/UX 10.20 allows any file on the filesystem to be chmodded 644.
368ae0b6b600d64d563f95321811ba39e6896823d87ed0d1bd39969c6643ad34An exploitable buffer overflow vulnerability has been found in phf which is unrelated to the well known bad filter problem. All versions of phf should be removed.
ff285dd904fee784fd1e37931b106356da7e64de091e7f180c0b4cd0475e9bdbRemote exploit for rpc.sadmind which brute forces the offset. Tested against Solaris X86 and SPARC v2.6 and 7.0.
c543a35cc08b05e3cb588f1186f77256b06978241255de8c03f64460975820d7Remote denail of service exploit for Microsoft Exchange 5.5 SP3 Internet Mail Service. A message containing charset = "" causes mail service to crash.
c78e67a1dba1114925190b261aaf34271dcd0f4d45718566b9aeb095f29a02b4Georgi Guninski security advisory #27 - There is a security vulnerability in IE 5.x, Outlook, and Outlook Express which allows searching for files with specific name (wildcards are allowed) or content. Combined with other local file reading vulnerabilities this allows attackers to search for and retrieve any file on a users drive. The problem is the "ixsso.query" ActiveXObject which is used to query the Indexing service and surprisingly it is marked safe for scripting. Exploit code included, demonstration available here.
3742942ac9c34bf744dba44bf01b4e6299d39d0c180e6b80617ec20f063387b0Many systems have the SUID bit set on cons.saver (/usr/lib/mc/bin/cons.saver), part of the Midnight Commander package. A denial of service vulnerability has been found which allows local users to overwrite a null character to any symlinkable file. Includes proof of concept exploit and a patch for cons.saver.
65e644ff14594df49724ef14d399326c53243a989d5213911a2bd76b3885227cGBook - A web site guestbook has a remote command execution vulnerability in gbook.cgi.
3432eb8381e12fc433761f3a9958b15e18568c1417a95438a04888df586aee42Dump-0.4b15-1 local root exploit tested on Redhat 6.2.
d31cd93409f644756b8b6acfdfd278b35330784f6a3365bc1c5848ed1558216fThe Sambar Server v4.4 Beta 4 for Windows 95/NT is vulnerable to a remote denial of service attack due to the con/con bug. Perl proof of concept code included.
55be48679e17a74e5287e6a851ca595e4a6e8b5e87adc6609febe7527a7324faUni2.pl checks a host for the recent IIS unicode vulnerability in 14 different ways. Also gives you the browser URL for the exploit. Origionally Roeland.
e78ceffc48a61327d8c39d0102a0875da2417fd1dcd4021dee6997d46324ab95The OmniHTTPd web server v2.06 and below contains a remote denial of service vulnerability in /cgi-bin/visadmin.exe.
e9fe1c87ec8c2ace2f271f1492b978a382de898fb38ca45578151f10e594c30aIIS Unicode remote exploit - Executes commands remotely on IIS 4.0 on NT and IIS 5.0 on Windows NT and 2000.
fbc3b2aa102785a4757f4a193d95da46e9bee307e89c92a60281da7338e006ddPoll It v2.0 CGI exploit which binds a shell to tcp port 60179.
ac9a11e96cfadd025d991a68aab80ce6e5c6b256ab9c91bac1ebb6ed4483fa53Quake World server for Unix v2.30 contains a buffer overflow in the rcon featurE which causes the server to crash with a segmentation fault. Proof of concept exploit included.
5b198903dd85e21a8769b846a484a623ccc88784bcd3bfc27ed0eaca05c05520Gsx-0.90d and below contains a remote denial of service vulnerability which allows remote users to crash the GTK scour client by creating many connections.
fca19f01f198cf6d609684334652291702e97a3f95884df50ab26df1d034a49dSecurax Security Advisory #8 - IIS 4.0 contains a denial of service vulnerability which is similar to the unicode vulnerability. This can be fixed by installing the recent unicode patches.
f877b8c806d53dfad30246acf6a74461dbb28f13b37fda783263068d9efcb449
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed