Packet Storm new exploits for January, 2002.
c8876e01bb72729efd8c9bb8059af190059d1b349a108ff8047f1404d6b7c269Wu-ftpd 2.6.[0/1] remote heap overflow written in Java. Provides a remote shell. Includes targets for RedHat 7.0 and wu-2.6.0/1 from www.wu-ftpd.org.
57929d95896c2d40e1e0a264c95b5e575151758f19e071e54f3d2c1e88fd64dfNetGear RO318 HTTP Filter Advisory - The firmware does not check URL's well enough and will send out restricted content if given a malformed URL. Includes perl exploit.
6e07fabd2f010c02fcaec5a1372c9f6341cee8b1bd9566de7cbd913ccf7a0bbcRootX is a local Macintosh OS/X exploit for sudo. Must be in sudoers. The latest Client/Server (10.1.2) are affected.
5ff52f6f3dfb5450eff58fc0b23c0c8073986283f4a01a42ace3f525d0299178GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0.
6c7a971a62cffc000b5fbfe560a6c6266cee3054efb33e5fa8c904d551d9a46dDebian uucp v1.06.1 local uid=utmp or root exploit. Trojans uucp and uux, attempting to get a root shell. Based on an exploit by zen-parse. Tested on Debian PowerPC Unstable.
c9cbbdcce388932c2f4626a8b3f784ee30cadbd876fa9fedf737a7fee68ad530Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option.
59327ddb76c91e3de271d2d39d73f05e157642374a506dd212cb01e7026276c7Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.
68cf6e7dc2b3afc0aa47e66d705351d8b032f2fac0afda3d0b705506d8468181Local root exploit for sudo + postfix. Exploits sudo prior to sudo-1.6.4.1. Tested on debian powerpc unstable.
56c4a7509e2a9ce7833c6d4cb82396da0284a904354b620cfe74d1de0f8ee533Cm-ssh is the Teso SSH remote exploit. Includes targets for SSH-1.5-1.2.27, SSH-1.99-OpenSSH_2.2.0p1, SSH-1.5-1.2.26, and SSH-1.5-1.2.31. Binary form only. Brute forces the stack.
36d483d3aefeedd928c940806cf788f6b477890f44e775db5cc7b2ecd2fa7557The Boozt! banner management software for Linux v0.9.8alpha remote exploit. Included shellcode creates a suid httpd shell in /tmp. Fix available here.
76e9febe02a80ee5b9f529526ed2bcc8ef743cd4768f9e070b7ca96214e48fe4Buggyzilla.pl exploits two vulnerabilities in bugzilla 2.14 or prior in order to execute commands on affected systems. This uses bad quotation of user input in bugzilla to gain access to administrator pages. The a weakness in the reports.cgi is then used to allow execution of commands. Advisory available here.
3e2376615b934217d9ee3fabfaf8b0934c68e5e806151b15baa23d51a10793baHosting Controller v1.4.1, an all-in-one administrative hosting tool for Windows, contains multiple vulnerabilities. It allows remote users to read any file on the system and browse non-public directories. Exploit URL's included.
2c63387a7684382d591e3e044e8f1a8a19214823af3c83775b0ffd2fbe8abd58NT PHP.exe remote exploit. Allows any file on the webserver to be read.
c70fec2805964960bbe0e6b210553f178550aa358ea04a158de1e717aa0fec37A small scanner and shell-like interface for the IIS unicode vulnerability (exploits directory traversal to reach cmd.exe).
4860665cc48f26976b79b732fa136524cf9ebb9a045a491dc290fe975295b816AOL Instant Messenger remote buffer overflow exploit. Affects AOL AIM for Windows stable v4.7.2480 and beta v4.8.2616. Over 100,000,000 users affected. Included shellcode shuts down the AIM client.
8720c24ba34092c4259dac1c30012a1a280c1dcffb617e2d23c9a40f5dd53caaZml.cgi contains remote vulnerabilities which allow any file on the webserver to be read. Exploit URL included. Tested against Redhat w/ Apache.
6d40c76de451527396ba0f48085fe01aab2b6d9b276d6f9f09050504dc27383e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed