Packet Storm new exploits for August, 2004.
23a4c0e2fc061340844db15906f88155421b2ed0ad38202ceeb8256553e209fcRemote exploit that will change an IP address for the D-Link DCS-900 IP camera, due to the fact that it listens for a 62976/udp broadcast packet telling it what IP address to use without any authentication.
80731a57a2cea9ecb8dd3acadf07b2de5a77b44a1815266951ba9d93b953b1aaRemote exploit for Citadel/UX versions 6.23 and below that makes use of the USER directive overflow. Successful exploitation adds an account in /etc/passwd.
49c652bb47321274ba36227f601c86fc98a4cb2b83fcc5e9942bc5c64a9773adProof of concept exploit that makes use of a denial of service vulnerability in Ground Control II: Operation Exodus versions 1.0.0.7 and below.
e8aa9484473e912c92775d9ed8add564dd5c5a28a448bce5558d7cc4763b42cdKeene Digital Media Server version 1.0.2 is susceptible to a directory traversal attack due to a lack of sufficient input validation.
c6b7b8ca66b7a19b5018608256d434a4b46c13eb06079a5fd72bcfa81b0bc030Exploit that simulates POP3 server which sends a specially crafted email to a vulnerable Gaucho email client, triggering an overflow and binding a shell on port 2001. Version 1.4 build 145 is susceptible.
c8e97e6293220ffcd697f03cd1b7f766ea7557076534f67514f931b5f9a45e9fExploit that was found in the wild by k-otik.com that makes use of the Winamp vulnerability where insufficient restrictions on Winamp skin zip files (.wsz) allow a malicious attacker to place and execute arbitrary programs on a victim's system.
934ebde8434dd87a7cb361dbd695702d9dcbc47d07cdbc24edc7fa476d234f04Poor variable sanitization in Google's GMail system allows users to surf anonymously.
355bf8ddaa8226ffb0284f2b492e6d9f615dda011ccb317322ec9e1376e3f79dNetworkEverywhere router Model NR041 suffers a script injection over DHCP vulnerability. Full exploitation provided.
903895276da12171f8f6bee9fb35c1e69c16fb6918d5717dc4151e19c8021390Test exploit for Painkiller versions 1.3.1 and below that makes use of a memory corruption flaw.
9c66530de24124920a8c7919ae764141257f4b47f65e889b3185d1ef064c9822GulfTech Security Exploit - Easy File Sharing webserver version 1.25 denial of service exploit that consumes 99% of the CPU.
aea01cd9eb07d991268829b7e9d3317ecce42f8c3c22780ebe13704ee0b1811dGulfTech Security Advisory - Easy File Sharing webserver version 1.25 is susceptible to denial of service and unauthorized system access vulnerabilities.
dd5041d478afd6a443b87b296cde275f172821ea68015ab1cfa70c6beadc736aWebAPP is susceptible to a directory traversal attack and another flaw that allows an attacker the ability to retrieve the DES encrypted password hash of the administrator.
11c3e39d3b080f15fea744544c722881b3bd66496b99b5de45c74dda7613da5aSquirrelmail chpasswd local root bruteforce exploit.
c11002c92accfa594a79fbcbddbe201aaa79a0133e832a399b9ff95def57b50bPHP based exploit for Gallery versions 1.4.4 and below that makes use of an arbitrary file upload flaw.
b806e5a726748ac3e812380c5c54072f07a8feb8a713637a035694778211fc2dHafiye 1.0 has a terminal escape sequence injection vulnerability that can result in a denial of service and remote root compromise. Exploit included.
2993ef3947a5ac963374139c0072f900346d288754b6f9793b5cc5d393d67c15MusicDaemon versions 0.0.3 and below suffer from a remote denial of service and flaw where /etc/shadow can be extracted. Exploit included.
86d30b650082a4e71e7432e3cf564661de0639f7bc511f7a95e81c5f202a2ff8Axis versions 2100, 2110, 2120, 2420, and 2130 Network Camera along with the 2400 and 2401 Video Servers are susceptible to passwd file retrieval vulnerabilities, unauthenticated admin user additions, and hardcoded login/password flaws.
d1d78c221379418bea65762e89060fc19d494c26f885bd544cfcb10625efd868Heap overflow exploit for the qt BMP parsing bug foundd in versions 3.3.2.
5f0e53294c355773c2f38b6454412d756b958c6cb98ef187c12fb0b5bcfb115eMyDNS is susceptible to a SQL injection and directory traversal attack that allows for arbitrary file download. Version 1.4.2 fixes the SQL injection bug while the other bug is in all releases.
c36816d86fbea1b951d53fd79107db3a521ddd12c0f07d1c786aac6deabbedd6GulfTech Security Advisory - BadBlue Webserver version 2.5 is susceptible to a denial of service attack when multiple connections are made to it from a single host. Exploit provided.
9dbe4e55fe1e227f34cc5142b74962afa63e4be85ce1d38e91e344f0ef74106eLocal exploit for xv that makes use of the BMP parsing buffer overflow. Binds a shell to port 7000.
2ffb829c50939cf17884f3b925cf0be579f3073300e145927664d13eb2732456PHP based exploit for YaPiG 0.x that allows for an attacker to create arbitrary files on a vulnerable server.
d84ef4efc63ad0141d177a09b8ac9eb78fe82f50b463c66537c20e53232f892aMerak Webmail server version 5.2.7 has cross site scripting, full path disclosure, exposure of PHP files, and SQL injection vulnerabilities.
089caf859e10b39bd0ac02efa7546f2409a15eceb1de9ca5a88018b1f271135dIpSwitch IMail Server versions 8.1 and below password decryption utility. This server uses the polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break.
cdcde4da494127219fe8e50e8653ac8d70b3426eb86611ca50861a09255e7b4a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed