Packet Storm new exploits for October, 2003.
63cd13d549e08c661624ae5de22a9818WS_FTP server <= v4.0.1 for Windows 2000 remote stack overflow exploit which binds a shell to a port. Requires a ftp account.
d1c0de9f904bf4d9a6e68e991267a850PHP-Nuke v6.5 and Spaiz-nuke v1.2 SQL injection exploit written in PHP. Adds an admin account.
075b3b2c3a8864197675515e90a3342dDenial of service buffer overflow exploit for the TelCondex web server v2.12.30210 Build 3285 and below which overflows the HTTP referrer. Fix available Oliver Karow.
20c79a1ea93315692bf563efa676c67dDenial of service exploit in ls, which is exploited remotely via wu-ftpd v2.6.2. In perl.
d172d1ad48e70d1f43bf8781bae6f7f1The taper program in Redhat 7.3 contains a stack overflow. Note that taper is not setuid.
22f491634bf9f13060313a42fd059611Sh-httpd v0.3 and 0.4 contain a remote directory traversal vulnerability involving a wildcard character which allows attackers to read any file on the system and execute CGI's. Patch included.
0a6560a983f4d7c86c1eb4c1f8375ba8Php-nuke v6.6 and spaiz-nuke below v1.2beta remote exploit which allows you to take over the administrator account. In Spanish.
d0db271a1958e0baff9284c3401640c7The FlexWATCH surveillance camera server is used by many banks and "secure" places and contains remotely exploitable vulnerabilities which allow remote attackers to view camera footage, add users, remove users, change the configuration, disable camera surveillance, and more.
656d2fad064108c3fe3c98b3b6f97e4fPHP Advanced Poll v2.0.2 contains remotely exploitable PHP code injection, file include, and phpinfo vulnerabilities. Exploit URLs and vulnerable code snippets included. Patch and vulnerability details available here.
56e9fbaca901131a100472faa9d3f17bSolaris runtime linker (ld.so.1) local root buffer overflow exploit. Bug discovered by Jouko Pynnonen.
159fa40468397e901231ffb0c7a34c8fDirectory traversal attacks against the iWeb mini http server. Exploit URLs included. Vendor URL here.
dcaefe6f98304668838e20ca5cbcf763Xchat script which uses the DCC SEND overflow to kill mIRC clients v6.11 and below.
1040b28d55d687b066bab53964c3f2e5Exploit for ms03-046 - Microsoft Exchange Server 5.5 and Exchange 2000 buffer overflow, in perl. Denial of service only.
17479c516711b178d64dbfcb23ff116fcpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Exploit URL included. Fix available here.
fc3d68bc4d70e84ecab8477883ba365dInformation and packet capture of Mirc v6.11 and below DCC SEND buffer overflow exploit which crashes the client.
a84a0c6eae3a016419e6195491cd79b4Iwconfig local proof of concept exploit - Causes a seg fault. Note that iwconfig is not suid.
eccf7607942949f8ecfed824257cd7acDeskPRO v1.1.0 and below do not adequately filter user provided data, allowing a remote attacker to insert malicious SQL statements into existing ones. Allows attackers to login to the system as an administrator without knowing the password.
6c7179a6ec73486ce67c6556b01c6725mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.
bdc38dfedffb7977637c36ede12ea4e8Remote denial of service exploit for the Microsoft Messenger service buffer overflow described in ms03-043 which causes the target machine to reboot. Includes the ability to send the packet from a spoofed source address and requires the remote netbios name. Tested against Windows 2000 SP4.
75bde2a7d5758f67ec04524fa6b11be9Local exploit for Oracle Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86 that makes use of a buffer overflow to escalate user privileges via the oracle binary.
e67aa2d4ffbc82a005daedd92002cbf9The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.
1e142d2d4429f36d6bdbd08409720df8Simple notes on how to exploit GAIM via the festival plugin that was written quite poorly.
bf092631c2e47257ae9f6aa6be652ddaslocate package version 2.6 has a heap overflow that can be used to escalate privileges.
00b366b2c5e22e03fdbb21c45a07520cRemote root exploit for ProFTPd 1.2.7-1.2.8.
da4e6897a3b2f1a99efc2ef3fd5b0837
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed