Packet Storm new exploits for June, 2004.
aa47ccefc4438ecb4072ae85f1448ae2cc0442aab527e45abc1fea47972d981c
Exploit for the atari800 atari emulator. This exploit is local, and may in some circumstances give local root.
726481df498f83c26393c601faeb59541a54dda4fc18be0dda8d134d643a2ff3
All versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
6850af71802ee705a1be21d2e279558327d7f8c14f4363ad429d736e33bfa329
Remote exploit that makes use of a format string vulnerability in rlpr version 2.x.
671d9ed33356c2438a4c4a70a5e1e61d2e6b9186125af05bd345ee60f4144974
New UPNP exploit that affects Microsoft Windows XP SP0. Binds a shell on port 1981.
b32da5228997cbf8201fa805c7daa21ca9f569746c832b6fa6f5c82886895b75
It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
a4526052ca2cb1a9ff1b6dffe4989feaa6565bda6886895d2f79921d22533f39
Linksys Web Camera versions 2.12 and below are vulnerable to a file inclusion vulnerability.
7db8adff539759a22178341934bcc379d78e782cf0284c071d71e7f4c0543530
Remote proof of concept denial of service exploit that makes use of a flaw in the Unreal game engine where a simple UDP packet with a long value can overwrite important memory zones. Vulnerable games include: DeusEx versions below and equal to 1.112fm, Devastation versions below and equal to 390, Mobile Forces versions below and equal to 20000, Nerf Arena Blast versions below and equal to 1.2, Postal 2 versions below and equal to 1337, Rune versions below and equal to 107, Tactical Ops versions below and equal to 3.4.0, TNN Pro Hunter, Unreal 1 versions below and equal to 226f, Unreal II XMP versions below and equal to 7710, Unreal Tournament versions below and equal to 451b, Unreal Tournament 2003 versions below and equal to 2225, Unreal Tournament 2004 versions below 3236, Wheel of Time versions below and equal to 333b, X-com Enforcer.
6c7d8ca999fd82ca534f47257a00d83b7cdf78a424a1ac8cf377fb5568c2fdf5
The DI-614+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
b89f567cac4704eaa1323775e91f7c938e9c34a4c6b3f5a58e198b767eca3571
Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530
Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
55974cc18c7257c5e90e2f3887ac897970b45e11380ca3ee193ebdcf9304a993
Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
bc31d33c1db4f1dcd9a4ae2f956fc02dbd2c9d2de27d2c22695f954c79bf9233
Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Full proof of concept exploit included.
cb84018e4595e260c546cc412ec384eecb358019a95b682a3b76aa4857dc9956
VP-ASP Shopping Cart version 5.x is remote susceptible to cross site scripting and SQL injection attacks.
db8830218c1a550f3a985dfb8800743c8e466a48417e32a30fe90ed3bf11b96a
A very simple bug in the Linux kernel allows a small program to cause a denial of service. This flaw affects both the 2.4.2x and 2.6.x kernels on the x86 architecture.
4401c12e6329f60078d093537d2085227726b4bd70f20f9a1556884d34432d5d
When an overly long filename is requested via the WinAgents TFTP server, a denial of service occurs due to an error in the handling of the request. Tested against version 3.0, other versions may be susceptible. Exploitation included.
37edc8387891774a869861d51b12bf0f6942164a32c1c8e0af19bfa75a3d0c01
PHP-Nuke versions 6.x - 7.3 suffer from multiple cross site scripting flaws and one SQL injection attack.
91617b0086be744417da762ae75a78ca3a9666abf5c6dfe2b7512cbada4af510
A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
25e6d7fa0bcf5322d784aae69a7d723c7a2a77c7d734ecd26ddce28269d237a8
Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
819184677465c2c8b615fa02029e918e3a745193ddc406e52a03e02353079da1
Roundup is susceptible to a directory traversal attack that will permit an attacker to view files outside of the web root.
7fd41156408d7900ff12d872c097c46cdf71081faf65ff30cce336cd42e00f41
Reseller accounts used with Cpanel are able to change all passwords without verification.
d19e8b37f3bffeb48a29443c2a381cd6858d44de8fe4e2ebb1ff40591db6ab32
Remote denial of service proof of concept exploit that makes use of a flaw in the Race Driver server versions 1.20 and below.
63abcd06683f2a78ef7af3df85c244b01a803c88e300012bb4e03143f5df3ed1
Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server. Affected versions: Crystal Reports version 9 and 10, Crystal Enterprise version 9 and 10. Exploitation details included.
08653c6229ab236fa5b5c28b167c87d32b7d71b68342d06f9afedf0d1dc76728
USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.
9355223364a226a9678e3b296d0cdc281938db1b9412641fba0392b38c8c4485
Remote exploit for Borland Interbase 7.1 SP2 and below that spawns a shell under the uid running the database. Targets included for Linux Interbase 7.1 SP 2 and Linux Interbase 6.01 InterBaseSS_LI-V6.0-1.i386.rpm.
5d817a11e46cbba76ba13cffc204517f20ed0ba8ab02ea224660d23758ad1bc5