Packet Storm new exploits for October, 2004.
53d00e61931eac6a47815a5261ecadac919823ba2cfda6036820fe44cf42f9ad
Remote root exploit for the STOR buffer overflow vulnerability in Code-Crafters Ability FTPd version 2.34. The EIP address only works on Windows 2000 SP4. Two shellcodes are included. One binds a shell and another streams a file and executes.
f402160d538f63e97458e75baaad6d4dc5288a0430435e6567a0c76362822792
Proof of concept exploit for Master of Orion III versions 1.2.5 and below which suffer from buffer overflow and allocation errors.
505124f0a29c72a428518e910334f4f7712741c1b20597a13ebbca8945f628c9
Remote root exploit for a heap buffer overflow in wvftp-0.9.
9593f0c5fd5fd0c44d00731d177d4bc57c6937f84780bfbf1801854b65e8faf1
MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.
9cdcfa966f1b52e3db88669267c30a79a0da90da60a10ee65048a42219f21e53
Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.
df45b66cae305c03efbb5a88fba4a7f4c1d037611a3521f385486026caaff373
There is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.
24283338134ab68e16c03983a163ba4627ec59ad549edd928b9c4c5688c6f6e6
mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.
834ffbcab9fe491dcb7f248248f9542c337a4d42432f6b53633d5c5528041e9a
Full write up and exploitation walk-thru for the Microsoft Internet Explorer ms-its scheme/CHM remote code execution vulnerability.
c10437988f65d562e543ddae063d81d560a65d91c131cdb441b41b5044e534ce
Ability FTP server 2.34 FTP STOR buffer overflow remote exploit that spawns a shell on port 4444 upon successful exploitation.
39dfb200bb55c2fb0fffdc3697970f7ee2ba3f62c21c2adfd4d3a5f4996de5a8
Altiris Carbon Copy Version 6.0.5257 allows for a user to browse to cmd.exe and spawn a shell as SYSTEM.
6ef1b88164c9c818f8c4aa86dabcd881831325a0099d0eb3250d14e927fb9c7d
UBB.threads 3.4.x is susceptible to SQL injection attacks.
1176de5c1b15e8f7b8429f321e35cfe188b48e789ca195924bfbedb19b60e07f
Remote proof of concept exploit for Privateer's Bounty: Age of Sail II versions 1.04.151 and below that makes use of a buffer overflow.
969c8216b3922369a4dfee9cedac1bdeb7f1c43d81ea49206668d6f8ca75322a
Proof of concept exploit for Vypress Tonecast versions 1.3 and below that suffer from a denial of service vulnerability.
c226858f86c2b7ffdaf0c7c887183fe6005f6eea5fb4bb6d5e446510d8d578ad
Proof of concept exploit for Socat versions 1.4.0.2 and below that makes use of a format string vulnerability.
9ed0cf58b0b7dd6a47511b5d8f0661f3c0f25236007227a0b310775686548d06
Proof of concept exploit for the mod_include module in Apache 1.3.31 that is susceptible to a buffer overflow.
a7d67b6ae598462fcf1311fa7182534dd474a28ce7c057c3264a690b66f04628
Example code of using shellcode to bypass stackguard.
a3833f3f4b753ac7331f34d2f941431266e966ed6b605e9858d1f68e92d4fd84
Local root exploit for /usr/sbin/iwconfig.
10b71b48cb5e4b165f212352a02ef424f83595d0dcaf1c2619779a0133ef61f9
Local root exploit for /sbin/ifenslave.
8fbd7a93da6b7b610698f7b15ec38201522ff308b0dee9883544408815519bfc
IIS 5 null pointer proof of concept exploit.
80e021ee49bc8b8c86efd67d2904ce71e04ef0648b422b39cee57bf1dfef4527
SaleLogix Server and Web Client suffer from bypass authentication, privilege escalation, SQL injection, information leak, arbitrary file creation, and directory traversal flaws.
cf52df7a7caebca0796139424646c88526767a6d48c7e79e1dfe9288dfa48f9e
Remote proof of concept exploit for the ProFTPD 1.2.x user enumeration vulnerability.
1a9f67d4e3a545bb044fe39bd1c9b16e5d474cf940899ecfd73d586444949990
CoolPHP 1.0-stable is susceptible to cross site scripting, path disclosure, and directory traversal attacks.
e2e1f48f15660fe2081380445cadfd0431fd941dc2a499a07f2c1a2fc79ee69e
Yak! versions 2.1.2 and below suffer from remote directory traversal and arbitrary file upload vulnerabilities.
e9eca6add7ddbd7ddf31c47cc1614f574b9a113f384abf9d9a64091993ae4fca
MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86.
5a32e0e43ec0a91696cd2732619706797117d91a12166e0b705430b2a2d691a5