Packet Storm new exploits for August, 2004.
23a4c0e2fc061340844db15906f88155421b2ed0ad38202ceeb8256553e209fc
Remote exploit that will change an IP address for the D-Link DCS-900 IP camera, due to the fact that it listens for a 62976/udp broadcast packet telling it what IP address to use without any authentication.
80731a57a2cea9ecb8dd3acadf07b2de5a77b44a1815266951ba9d93b953b1aa
Remote exploit for Citadel/UX versions 6.23 and below that makes use of the USER directive overflow. Successful exploitation adds an account in /etc/passwd.
49c652bb47321274ba36227f601c86fc98a4cb2b83fcc5e9942bc5c64a9773ad
Proof of concept exploit that makes use of a denial of service vulnerability in Ground Control II: Operation Exodus versions 1.0.0.7 and below.
e8aa9484473e912c92775d9ed8add564dd5c5a28a448bce5558d7cc4763b42cd
Keene Digital Media Server version 1.0.2 is susceptible to a directory traversal attack due to a lack of sufficient input validation.
c6b7b8ca66b7a19b5018608256d434a4b46c13eb06079a5fd72bcfa81b0bc030
Exploit that simulates POP3 server which sends a specially crafted email to a vulnerable Gaucho email client, triggering an overflow and binding a shell on port 2001. Version 1.4 build 145 is susceptible.
c8e97e6293220ffcd697f03cd1b7f766ea7557076534f67514f931b5f9a45e9f
Exploit that was found in the wild by k-otik.com that makes use of the Winamp vulnerability where insufficient restrictions on Winamp skin zip files (.wsz) allow a malicious attacker to place and execute arbitrary programs on a victim's system.
934ebde8434dd87a7cb361dbd695702d9dcbc47d07cdbc24edc7fa476d234f04
Poor variable sanitization in Google's GMail system allows users to surf anonymously.
355bf8ddaa8226ffb0284f2b492e6d9f615dda011ccb317322ec9e1376e3f79d
NetworkEverywhere router Model NR041 suffers a script injection over DHCP vulnerability. Full exploitation provided.
903895276da12171f8f6bee9fb35c1e69c16fb6918d5717dc4151e19c8021390
Test exploit for Painkiller versions 1.3.1 and below that makes use of a memory corruption flaw.
9c66530de24124920a8c7919ae764141257f4b47f65e889b3185d1ef064c9822
GulfTech Security Exploit - Easy File Sharing webserver version 1.25 denial of service exploit that consumes 99% of the CPU.
aea01cd9eb07d991268829b7e9d3317ecce42f8c3c22780ebe13704ee0b1811d
GulfTech Security Advisory - Easy File Sharing webserver version 1.25 is susceptible to denial of service and unauthorized system access vulnerabilities.
dd5041d478afd6a443b87b296cde275f172821ea68015ab1cfa70c6beadc736a
WebAPP is susceptible to a directory traversal attack and another flaw that allows an attacker the ability to retrieve the DES encrypted password hash of the administrator.
11c3e39d3b080f15fea744544c722881b3bd66496b99b5de45c74dda7613da5a
Squirrelmail chpasswd local root bruteforce exploit.
c11002c92accfa594a79fbcbddbe201aaa79a0133e832a399b9ff95def57b50b
PHP based exploit for Gallery versions 1.4.4 and below that makes use of an arbitrary file upload flaw.
b806e5a726748ac3e812380c5c54072f07a8feb8a713637a035694778211fc2d
Hafiye 1.0 has a terminal escape sequence injection vulnerability that can result in a denial of service and remote root compromise. Exploit included.
2993ef3947a5ac963374139c0072f900346d288754b6f9793b5cc5d393d67c15
MusicDaemon versions 0.0.3 and below suffer from a remote denial of service and flaw where /etc/shadow can be extracted. Exploit included.
86d30b650082a4e71e7432e3cf564661de0639f7bc511f7a95e81c5f202a2ff8
Axis versions 2100, 2110, 2120, 2420, and 2130 Network Camera along with the 2400 and 2401 Video Servers are susceptible to passwd file retrieval vulnerabilities, unauthenticated admin user additions, and hardcoded login/password flaws.
d1d78c221379418bea65762e89060fc19d494c26f885bd544cfcb10625efd868
Heap overflow exploit for the qt BMP parsing bug foundd in versions 3.3.2.
5f0e53294c355773c2f38b6454412d756b958c6cb98ef187c12fb0b5bcfb115e
MyDNS is susceptible to a SQL injection and directory traversal attack that allows for arbitrary file download. Version 1.4.2 fixes the SQL injection bug while the other bug is in all releases.
c36816d86fbea1b951d53fd79107db3a521ddd12c0f07d1c786aac6deabbedd6
GulfTech Security Advisory - BadBlue Webserver version 2.5 is susceptible to a denial of service attack when multiple connections are made to it from a single host. Exploit provided.
9dbe4e55fe1e227f34cc5142b74962afa63e4be85ce1d38e91e344f0ef74106e
Local exploit for xv that makes use of the BMP parsing buffer overflow. Binds a shell to port 7000.
2ffb829c50939cf17884f3b925cf0be579f3073300e145927664d13eb2732456
PHP based exploit for YaPiG 0.x that allows for an attacker to create arbitrary files on a vulnerable server.
d84ef4efc63ad0141d177a09b8ac9eb78fe82f50b463c66537c20e53232f892a
Merak Webmail server version 5.2.7 has cross site scripting, full path disclosure, exposure of PHP files, and SQL injection vulnerabilities.
089caf859e10b39bd0ac02efa7546f2409a15eceb1de9ca5a88018b1f271135d
IpSwitch IMail Server versions 8.1 and below password decryption utility. This server uses the polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break.
cdcde4da494127219fe8e50e8653ac8d70b3426eb86611ca50861a09255e7b4a