Packet Storm new exploits for July, 2004.
05a94940c63edcac6c25221ed27c323654b6e6386db194f38da8105f67a6197bSQL Injection and cross site scripting vulnerabilities exist in AntiBoard versions 0.7.2 and below due to a lack of input validation of various variables.
12b0c1bd53ad0721a6420f87983d18b9305401bfa84b40954e60d6ee13921cd1Citadel/UX versions 6.23 and below are vulnerable to a buffer overflow that occurs when more than 97 bytes are sent with the USER directive to port 504.
aea378e63801bac88b6f441bca646722e75b24e31337df108dde36bc21e66ee6IRM Security Advisory 009 - RiSearch version 1.0.01 and RiSearch Pro 3.2.06 are susceptible to open FTP/HTTP proxying, directory listings, and file disclosure vulnerabilities.
4b5da6844da14d869b8b6a8df9ddcc0734547f1dab9d149dc17dea950607f571A vulnerability in the Opera 7.x series allows phishing attacks due to not updating the address bar if a web page is opened using the window.open function and then replaced using the location.replace function.
2b64c28e854d3abd60765551937f3f7fd6835b5e59e4664a7233b171d8bbb4deMicrosoft Windows 2K/XP Task Scheduler local exploit that will spawn notepad.exe.
20e1631372e049c682c8f434c7e218433de0a741f529452b367684f45b732aeeNucleus CMS version 3.01 addcoment/itemid SQL Injection Proof of Concept PHP exploit that dumps the username and md5 hash of the password for the administrator user.
f381b9e4184efeb21af8394ab8bfa4585b0b12a1ecc75b4d37d1c396de95e22deSeSIX Thintune with a firmware equal to or below 2.4.38 is susceptible to multiple vulnerabilities. These include having a backdoored service on a high port with an embedded password giving a remote root shell, various other passwords being stored locally in clear text, and a local root shell vulnerability.
c7d6d010b7722058b4e87e183838984d6663484de3c895b5781af6297637e073The EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Versions affected: EasyWeb FileManager 1.0 RC-1.
303f3fe96f6776b82f0eb5c7e944c6c222704eb9f590c10ad306018b5ee14b58Mozilla FireFox versions 0.9.1 and 0.9.2 has a flaw where it is possible to make a browser load a valid certificate from a trusted website by using a specially crafted onunload event
4035bc3b56a76e6a5acb1578979af0b395e4078e677ed97e922a6cc9a11c4813Apple OSX Panther 10.3.4 with Internet Connect version 1.3 by default appends to ppp.log in /tmp if the file already exists. If a symbolic link is made to any file on the system, it automatically writes to it as root allowing for an easy local compromise. Detailed exploitation given.
2f6db0577a7345df30a3467027308f9c9fa6a73932cae530a5da70cd8726be82FloodWorld, the IRC tool, is susceptible to a denial of service attack due to a mishandling of special characters.
23dd67e0372cde726e8461ace20d585dcdaff729688e872facf617f98973c2fbInternet Software Sciences's Web+Center version 4.0.1 suffers from a lack of sanity checking when parsing Cookie data and due to this is susceptible to a SQL injection attack. Full exploit provided.
e6fd7850e36b99da49d2e48ed56430740774adcc0722a02517238528e4f9634fPolar HelpDesk version 3.0 does not adequately verify whether the user logged onto the system has proper administrative access when performing administrative duties.
369c74af2bef236f285af211302fea6a714d58aababbfc74cde8cf5225e29562Denial of service test exploit for the flaw in Apache httpd 2.0.49.
982b22c0f47e2033d7ce6076df0a8b543ac44ff9ed3989f154408b09a37f4144Serena Software's TeamTrack version 6.1.1 is susceptible to a sensitive content disclosure vulnerability that can be exploited without having valid login credentials. Full exploit provided.
4191339b894cafd37ff68e0c11cad6e7bb1acf9ff0f9dd3451335ff761ce077bNetSupport DNA Helpdesk 1.x is susceptible to a SQL injection vulnerability. Full exploit provided.
a38e02e674a7c12a4b1a0261fe4698c50758836182a131d2a0e1148be2617f39Leigh Business Enterprises's (LBE) Web HelpDesk versions 4.0.80 and below suffer from a SQL injection attack vulnerability. Full exploit included.
bd45f9f6fbfdd6f65136f34c999c7e00d14f2bed97b355a02acac0c7104f7e0aProof of concept exploit code for the Samba 3.x swat preauthentication buffer overflow vulnerability.
4158f15155b3674337e624ebd8a866125068f737a7539d02866f5178e49c89abExploit that makes use of the mod_userdir vulnerability in various Apache 1.3 and 2.x servers. Ported to Windows by John Bissell.
fd00f9773c4596c9142305598ecee7f1d725ed3b3692b9348414e4cd20e373f2This document details the procedure for performing microcode updates on the AMD K8 processors. It also gives background information on the K8 microcode design and provides information on altering the microcode and loading the altered update for those who are interested in microcode hacking. Source code is included for a simple Linux microcode update driver for those who want to update their K8's microcode without waiting for the motherboard vendor to add it to the BIOS. The latest microcode update blocks are included in the driver.
4ecff8d0555e0bd10657e9dff39c32e92fc331ea26ca0cac5995390818707ac2Flash FTP Server version 1.0 (and possibly 2.1) for Windows is susceptible to a directory traversal attack.
e7c4a69fa6e9f50ddd7601dff354fb1131acb92290e55902121fbc0a85973a70Exploit that makes use of the mod_userdir vulnerability in various Apache 1.3 and 2.x servers.
8675f32c6af2043f644707d59bb74ae4eaf2e430aa1fb582122c2f9c86d7012aUnreal Decloak Toolkit version 0.1 illustrates the weak hashing system vulnerability in Unreal ircd 3.2 and previous versions.
b9f87a775c864e80c21ef6545cc72dbd0c4a0132cffc171c5d13262d8058894bThe third advisory in a three part series discussing more flaws in PHP Nuke ranging from full patch disclosure and cross site scripting to SQL injection attacks.
09c091f1f233ed1902d0aa74ac5da411fb080ada57495aec27ef66ae17793c0f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed