Packet Storm new exploits for October, 2003.
63cd13d549e08c661624ae5de22a9818
WS_FTP server <= v4.0.1 for Windows 2000 remote stack overflow exploit which binds a shell to a port. Requires a ftp account.
d1c0de9f904bf4d9a6e68e991267a850
PHP-Nuke v6.5 and Spaiz-nuke v1.2 SQL injection exploit written in PHP. Adds an admin account.
075b3b2c3a8864197675515e90a3342d
Denial of service buffer overflow exploit for the TelCondex web server v2.12.30210 Build 3285 and below which overflows the HTTP referrer. Fix available Oliver Karow.
20c79a1ea93315692bf563efa676c67d
Denial of service exploit in ls, which is exploited remotely via wu-ftpd v2.6.2. In perl.
d172d1ad48e70d1f43bf8781bae6f7f1
The taper program in Redhat 7.3 contains a stack overflow. Note that taper is not setuid.
22f491634bf9f13060313a42fd059611
Sh-httpd v0.3 and 0.4 contain a remote directory traversal vulnerability involving a wildcard character which allows attackers to read any file on the system and execute CGI's. Patch included.
0a6560a983f4d7c86c1eb4c1f8375ba8
Php-nuke v6.6 and spaiz-nuke below v1.2beta remote exploit which allows you to take over the administrator account. In Spanish.
d0db271a1958e0baff9284c3401640c7
The FlexWATCH surveillance camera server is used by many banks and "secure" places and contains remotely exploitable vulnerabilities which allow remote attackers to view camera footage, add users, remove users, change the configuration, disable camera surveillance, and more.
656d2fad064108c3fe3c98b3b6f97e4f
PHP Advanced Poll v2.0.2 contains remotely exploitable PHP code injection, file include, and phpinfo vulnerabilities. Exploit URLs and vulnerable code snippets included. Patch and vulnerability details available here.
56e9fbaca901131a100472faa9d3f17b
Solaris runtime linker (ld.so.1) local root buffer overflow exploit. Bug discovered by Jouko Pynnonen.
159fa40468397e901231ffb0c7a34c8f
Directory traversal attacks against the iWeb mini http server. Exploit URLs included. Vendor URL here.
dcaefe6f98304668838e20ca5cbcf763
Xchat script which uses the DCC SEND overflow to kill mIRC clients v6.11 and below.
1040b28d55d687b066bab53964c3f2e5
Exploit for ms03-046 - Microsoft Exchange Server 5.5 and Exchange 2000 buffer overflow, in perl. Denial of service only.
17479c516711b178d64dbfcb23ff116f
cpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Exploit URL included. Fix available here.
fc3d68bc4d70e84ecab8477883ba365d
Information and packet capture of Mirc v6.11 and below DCC SEND buffer overflow exploit which crashes the client.
a84a0c6eae3a016419e6195491cd79b4
Iwconfig local proof of concept exploit - Causes a seg fault. Note that iwconfig is not suid.
eccf7607942949f8ecfed824257cd7ac
DeskPRO v1.1.0 and below do not adequately filter user provided data, allowing a remote attacker to insert malicious SQL statements into existing ones. Allows attackers to login to the system as an administrator without knowing the password.
6c7179a6ec73486ce67c6556b01c6725
mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.
bdc38dfedffb7977637c36ede12ea4e8
Remote denial of service exploit for the Microsoft Messenger service buffer overflow described in ms03-043 which causes the target machine to reboot. Includes the ability to send the packet from a spoofed source address and requires the remote netbios name. Tested against Windows 2000 SP4.
75bde2a7d5758f67ec04524fa6b11be9
Local exploit for Oracle Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86 that makes use of a buffer overflow to escalate user privileges via the oracle binary.
e67aa2d4ffbc82a005daedd92002cbf9
The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.
1e142d2d4429f36d6bdbd08409720df8
Simple notes on how to exploit GAIM via the festival plugin that was written quite poorly.
bf092631c2e47257ae9f6aa6be652dda
slocate package version 2.6 has a heap overflow that can be used to escalate privileges.
00b366b2c5e22e03fdbb21c45a07520c
Remote root exploit for ProFTPd 1.2.7-1.2.8.
da4e6897a3b2f1a99efc2ef3fd5b0837