Packet Storm new exploits for June, 2004.
aa47ccefc4438ecb4072ae85f1448ae2cc0442aab527e45abc1fea47972d981cExploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
726481df498f83c26393c601faeb59541a54dda4fc18be0dda8d134d643a2ff3All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
6850af71802ee705a1be21d2e279558327d7f8c14f4363ad429d736e33bfa329Remote exploit that makes use of a format string vulnerability in rlpr version 2.x.
671d9ed33356c2438a4c4a70a5e1e61d2e6b9186125af05bd345ee60f4144974New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.
b32da5228997cbf8201fa805c7daa21ca9f569746c832b6fa6f5c82886895b75It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
a4526052ca2cb1a9ff1b6dffe4989feaa6565bda6886895d2f79921d22533f39Linksys Web Camera versions 2.12 and below are vulnerable to a file inclusion vulnerability.
7db8adff539759a22178341934bcc379d78e782cf0284c071d71e7f4c0543530Remote proof of concept denial of service exploit that makes use of a flaw in the Unreal game engine where a simple UDP packet with a long value can overwrite important memory zones. Vulnerable games include: DeusEx versions below and equal to 1.112fm, Devastation versions below and equal to 390, Mobile Forces versions below and equal to 20000, Nerf Arena Blast versions below and equal to 1.2, Postal 2 versions below and equal to 1337, Rune versions below and equal to 107, Tactical Ops versions below and equal to 3.4.0, TNN Pro Hunter, Unreal 1 versions below and equal to 226f, Unreal II XMP versions below and equal to 7710, Unreal Tournament versions below and equal to 451b, Unreal Tournament 2003 versions below and equal to 2225, Unreal Tournament 2004 versions below 3236, Wheel of Time versions below and equal to 333b, X-com Enforcer.
6c7d8ca999fd82ca534f47257a00d83b7cdf78a424a1ac8cf377fb5568c2fdf5The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
b89f567cac4704eaa1323775e91f7c938e9c34a4c6b3f5a58e198b767eca3571Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
55974cc18c7257c5e90e2f3887ac897970b45e11380ca3ee193ebdcf9304a993Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
bc31d33c1db4f1dcd9a4ae2f956fc02dbd2c9d2de27d2c22695f954c79bf9233Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.
cb84018e4595e260c546cc412ec384eecb358019a95b682a3b76aa4857dc9956VP-ASP Shopping Cart version 5.x is remote susceptible to cross site scripting and SQL injection attacks.
db8830218c1a550f3a985dfb8800743c8e466a48417e32a30fe90ed3bf11b96aA very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.
4401c12e6329f60078d093537d2085227726b4bd70f20f9a1556884d34432d5dWhen an overly long filename is requested via the WinAgents TFTP server, a denial of service occurs due to an error in the handling of the request. Tested against version 3.0, other versions may be susceptible. Exploitation included.
37edc8387891774a869861d51b12bf0f6942164a32c1c8e0af19bfa75a3d0c01PHP-Nuke versions 6.x - 7.3 suffer from multiple cross site scripting flaws and one SQL injection attack.
91617b0086be744417da762ae75a78ca3a9666abf5c6dfe2b7512cbada4af510A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
25e6d7fa0bcf5322d784aae69a7d723c7a2a77c7d734ecd26ddce28269d237a8Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
819184677465c2c8b615fa02029e918e3a745193ddc406e52a03e02353079da1Roundup is susceptible to a directory traversal attack that will permit an attacker to view files outside of the web root.
7fd41156408d7900ff12d872c097c46cdf71081faf65ff30cce336cd42e00f41Reseller accounts used with Cpanel are able to change all passwords without verification.
d19e8b37f3bffeb48a29443c2a381cd6858d44de8fe4e2ebb1ff40591db6ab32Remote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.
63abcd06683f2a78ef7af3df85c244b01a803c88e300012bb4e03143f5df3ed1Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
08653c6229ab236fa5b5c28b167c87d32b7d71b68342d06f9afedf0d1dc76728USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.
9355223364a226a9678e3b296d0cdc281938db1b9412641fba0392b38c8c4485Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.
5d817a11e46cbba76ba13cffc204517f20ed0ba8ab02ea224660d23758ad1bc5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed