Packet Storm new exploits for June, 2003.
641191a8624734d6b9a124e05f637516588e8e4f31f51bd5506b487928a9dd2f
Local root exploit for kon version 0.3.9b-16 that makes use of a buffer overflow discovered in the -Coding switch.
1586b70f358e651d05f55592aa0f4e846738771a8dd29314ac025f542afa01e6
Denial of service exploit for the Pi3 web server version 2.0.2 that makes use of a malformed GET request.
a8f85d35b6797d09c4202c3b2fb8795e1815a65b2aacffdf8e99139fd252c0cd
Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
44d770ea27a8490f768df00ddd53357cee60223940c04a835e294debe42339e3
The Compaq Web Based Management Agent is vulnerable to server side injection, stack overflows, access violations, and creation of script objects.
1ac95b0059ba56c29c2e4bf897039346c99782f06b42f3096586c5b7e9ba6ee1
Secunia Security Advisory - The FTPServer/X FTP Server Control and COM Object v1.00.045 and v1.00.046 are vulnerable to buffer overflow that results in a denial of service and potentially can enable a remote attacker to gain access to the machine.
0894d97443bbd9d1990dddc0a475b12dff29aa463f6dba9d9b9afdabb6b001cc
Gkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
b973bd4af33c09c485c0b63186d2856b6559db115187b42032801bdb8afede57
gkrellmd < 2.1.12 remote exploit for Linux. Tested against Debian 3.0 with version 2.1.4.
aa8ce6fe14ecc2b660ceedf693cf2c3029daf366800f5723d6ca812b4e943aac
Local root exploit that makes use of a race condition vulnerability found in the Linux execve() system call that affects the 2.4 kernel tree.
c02c2f58cf3b035c346097edc9de2f0459979689331100ce6b90e71e1f58d4b2
Gkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
0484a62c7b78dd555a7a6f5e4945f1aa3126597a6351fbe10cbc505dfc097213
Kereval Security Advisory KSA-001 - Cross Site Scripting vulnerabilities exist in Tutos 1.1 allow for hostile code execution.
e7b4573c8bb5f2819b9bdd4a50ae12f65f581d9ffbff39d67207d7b923bf4d76
Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
bdb62d798a58f673dc7a74bf9554a3a89281cc32e003b0963dceb3f6d801b45a
Gkrellmd 2.1.10 has a daemon that suffers from a buffer overflow where it does not validate the 128 byte buffer input which allows an attack to crash the daemon resulting in a denial of service.
5576fce05496fe3b2b8845987b4ff494184c85561c15b45d535fb4fd39e7c46c
MyServer 0.4.1 is vulnerable to a denial of service when a GET request with 20 forward slashes gets sent to the server.
ca1b79e5b025115c5ec9cb904c864f70dc107b1f2555787902900093a7b61b14
Local root exploit against GNATS v3.113.x that makes use of a heap based environment variable overflow vulnerability. Related advisory found here. Tested against RedHat Linux versions 6-9.
538bd4423fdd435464a897aab663f0238af584df2870e50af3413af3511a2c1e
Local root exploit against GNATS v3.2 that makes use of the heap overflow found in the -d switch. Related advisory found here. Tested against RedHat Linux versions 6-9.
f5b477f0da8c0952aa1d3d05cdefb6691ea408d719dd83bb53879868bfcc2873
jnethack 1.1.5 and below exploit that yields gid of games. Tested against Debian Woody 3.0.
0cac4955047c0b0311c5301dedcf27d64d4f5c78c3f77710a896d66963d8b72b
Remote exploit that makes use of a SQL injection vulnerability that exists in the /viewtopic.php file in phpBB.
ae816afd06e9754038e95b8a44efd5ef404baaa7ba725077b7e618cdab27686b
STG Security Advisory - Java Enterprise User Solution, or JEUS, has a cross site scripting vulnerability issue when invoking non-existent URLs.
fb61d2e5a250f0d0de9f36ee16d044503666f5e77723563ef05e9844f37d058c
Microsoft Internet Explorer 5.01, 5.5 and 6.0 has a parsing procedure with a flaw in it that may cause arbitrary script commands to be executed in the Local Zone. This can lead to potential arbitrary command execution, local file reading and other severe consequences.
a1540b588487d7bd0bd38292e470f26634d2bc21c8824bc90b85740e975aa019
This script is used to automate escalation of normal user privileges to root making use of FORTH hacking on Sparc hardware.
325fd7bf0f7765175435cfc0edb188bbfee72d6c1fa31b5dedf1ab31c371b473
Xmame local root exploit for Redhat 7.0 and 7.2 which overflows the --lang switch in /usr/local/bin/xmame.x11.
8dce5d3bb6bbe4081f8ca8af9f20e24a1da5ec801e3f803058e7c3e1025ce41f
Enceladus Server Suite v3.9.11 contains buffer overflows in its ftp server that allow a remote attacker to crash the server with the possibility of remote command execution.
56660bf541dcb85e78cbce689ad870ff26fee9f883be3a7b0de8e42b51f1c7fe
LedNews v0.7 lacks any filtering allowing a remote attacker to embed javascript or various HTML tags. It may also be possible to add server side include tags into news posts as well.
bb8bdc61aef9712a1297bda410fd6d68cf2a865fc673e5a6a79779178914d42e
Pmachine version 2.2.1 has a fault Include() routine that allows a remote attacker to supply a malicious URL that in turn can be a script that the webserver will then execute.
3a954f23f36da44d1a53b9c709a5c45c9eee6bf4b1b93f9c0048194f7b4eb754