Packet Storm new exploits for September, 2004.
6487b533303aef310fb606cf4031233665038b0d3a39264f5bb3d1a10868e021
Local exploit for flc versions 1.0.4 and below. Note that flc is not setuid by default and this is completely proof of concept. Tested on Slackware 10.0.
418b63d366a109a7ec708279fa5ce175e8923a21150f47f353a099403ad65f4c
Remote denial of service proof of concept exploit that makes use of a buffer overflow in Mdaemon SMTP server version 6.5.1.
804b7dc239fe04dc64bbb5c1e88a61656cb63f516cf3d37601658a60ec6a72d6
Remote proof of concept exploit for MDaemon IMAP server version 6.5.1 that makes use of an overflow in the LIST command.
7765b49b13bbc2fc6df506806a4f1def9a83a1d4a346c019faad1582f97079e7
Both aspWebCalendar and aspWebAlbum are susceptible to SQL injection attacks.
cbcdae728a34d30d596efd851faa6388885c4df0b771d740a69f3bbb6f577ee3
Proof of concept exploit ActivePost Standard versions 3.1 and below that makes use of a denial of service flaw.
bbb17d24cb628e3c1334d55dbe2e4753e2e988da7fdef7ec2ee6a29831cb6c23
Local root exploit that makes use of a buffer overflow in the Software Distributor utilities for HP-UX.
82d65b407a37a3ab39bc7d992bea154fb467c37350dce76f824a999dd2d53d19
Local format string exploit for /usr/sbin/ping under HP-UX.
61a2363dd060c8177bf52b47dc06b4540cf1587f6845ea99052c44d06cb31e22
Local format string exploit for /usr/bin/cu under HP-UX.
57206e7293d7bca0cb7d8d4291c67d84cf2cb6040f246ba4f663fc0056f390d1
GDI+ JPEG remote exploit that is a modified version of the FoToZ exploit that has reverse connect-back functionality as well as a bind feature that will work with all NT based OSes. This even-moreso enhanced version also has the ability add a user to the administrative group and can perform a file download.
20c93c78772b0990144751c09236f2b8c235714fcc01bac6f35dc0c88f2dc37a
Microsoft Windows JPEG GDI+ Overflow Download Shellcoded exploit.
ee65d8dd1061332d648503cf739eedf5b2c3f57d9cb1c8df57fffbc1fef368b6
GDI+ JPEG remote exploit that is a modified version of the FoToZ exploit that has reverse connect-back functionality as well as a bind feature that will work with all NT based OSes.
d8355ee0ee39e0020db08761e80e8dc97cb432c9a970c1cd4a0d88cdb50b417c
Microsoft Windows proof of concept JPEG GDI+ overflow shellcoded exploit that launches a local cmd.exe.
68ec3cf6594190766b5c1153c0e82bb34d0d0cf6f04eb6a95d05d317b7e06753
GNU sharutils versions 4.2.1 and below local format string vulnerability proof of concept exploit.
77348517a311c4d33a71d136d2a86f87228102b1b0790917f34f7f55a44d78b2
Denial of service exploit for PopMessenger versions 1.60 that makes use of a flaw when handling dialog boxes in relation to illegal characters.
ffa5592f64a45d81de279146b0206c3db5db1d01f749e11b7ca335bdb9de2e7d
Emulive Server4 Commerce Edition Build 7560 suffers from a denial of service vulnerability and allows for unauthorized administrative access due to insufficient input verification.
fc29d1775b0b44311d1616e7891e8a27cc8a0c7abb1b30ffea9932ec9f74c208
Proof of concept local exploit that creates a jpeg image to test for the buffer overrun vulnerability discovered under Microsoft Windows. Shellcode and valid addresses have been removed.
e83fbb2e408ae3c6401a0784ac524596ecbe9f71755bf31f63bfb9df23c0e2da
Remote denial of service exploit for Lords of the Realm III versions 1.01 and below that will crash the server.
aafd15c0fa22fa3995ac2f2f79ca9462b0147632305366fc1435344c6da002bc
Mambo versions 4.5 and below are susceptible to cross site scripting and remote command execution flaws.
f1adb6277c56b90345f1a0481e0f3f0ec78fce087033de3e0c2aa3b0ec129889
The dupescan binary from glFTPd versions 2.00RC3 and below suffers from a stack overflow that can be exploited locally. Full exploit included.
160289b0841eaee7d277dbda03e49e1139d4b00c48d005bd5958349f4609a988
Local exploit for sudo version 1.6.8p1 that makes use of a flaw in sudoedit.
ab1bfd7ddab1b1c6b89d7c8e3bdb7bc786b3bad054180fc0cc417bc68c3ca04f
Mambo versions 4.5.1 and below are susceptible to a SQL injection vulnerability.
4d025889e22337402a892e1c2a8fc928680f8c29a942f1164367af073911141a
ZyXEL Prestige 650HW-31 and 650R-11 DSL Router denial of service exploit.
e8cc8aa0e77ce2a4cff14c8233b83829173b4599367ed8e83e217ece1585d09a
RsyncX version 2.1, the frontend for rsync on OS X, fails to drop a group id of wheel and allows for arbitrary program execution.
7461c1d224257e6868b2e710ecfd89f961714104279359829f4e24b82656f49b
Remote denial of service exploit for Pigeon versions 3.02.0143 and below.
cb65fe199cc4cbac985760de68a05888a15acf6bd8ccf4895e9316d6e9c0b438