Packet Storm new exploits for October, 2004.
53d00e61931eac6a47815a5261ecadac919823ba2cfda6036820fe44cf42f9adRemote root exploit for the STOR buffer overflow vulnerability in Code-Crafters Ability FTPd version 2.34. The EIP address only works on Windows 2000 SP4. Two shellcodes are included. One binds a shell and another streams a file and executes.
f402160d538f63e97458e75baaad6d4dc5288a0430435e6567a0c76362822792Proof of concept exploit for Master of Orion III versions 1.2.5 and below which suffer from buffer overflow and allocation errors.
505124f0a29c72a428518e910334f4f7712741c1b20597a13ebbca8945f628c9Remote root exploit for a heap buffer overflow in wvftp-0.9.
9593f0c5fd5fd0c44d00731d177d4bc57c6937f84780bfbf1801854b65e8faf1MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.
9cdcfa966f1b52e3db88669267c30a79a0da90da60a10ee65048a42219f21e53Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.
df45b66cae305c03efbb5a88fba4a7f4c1d037611a3521f385486026caaff373There is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.
24283338134ab68e16c03983a163ba4627ec59ad549edd928b9c4c5688c6f6e6mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.
834ffbcab9fe491dcb7f248248f9542c337a4d42432f6b53633d5c5528041e9aFull write up and exploitation walk-thru for the Microsoft Internet Explorer ms-its scheme/CHM remote code execution vulnerability.
c10437988f65d562e543ddae063d81d560a65d91c131cdb441b41b5044e534ceAbility FTP server 2.34 FTP STOR buffer overflow remote exploit that spawns a shell on port 4444 upon successful exploitation.
39dfb200bb55c2fb0fffdc3697970f7ee2ba3f62c21c2adfd4d3a5f4996de5a8Altiris Carbon Copy Version 6.0.5257 allows for a user to browse to cmd.exe and spawn a shell as SYSTEM.
6ef1b88164c9c818f8c4aa86dabcd881831325a0099d0eb3250d14e927fb9c7dUBB.threads 3.4.x is susceptible to SQL injection attacks.
1176de5c1b15e8f7b8429f321e35cfe188b48e789ca195924bfbedb19b60e07fRemote proof of concept exploit for Privateer's Bounty: Age of Sail II versions 1.04.151 and below that makes use of a buffer overflow.
969c8216b3922369a4dfee9cedac1bdeb7f1c43d81ea49206668d6f8ca75322aProof of concept exploit for Vypress Tonecast versions 1.3 and below that suffer from a denial of service vulnerability.
c226858f86c2b7ffdaf0c7c887183fe6005f6eea5fb4bb6d5e446510d8d578adProof of concept exploit for Socat versions 1.4.0.2 and below that makes use of a format string vulnerability.
9ed0cf58b0b7dd6a47511b5d8f0661f3c0f25236007227a0b310775686548d06Proof of concept exploit for the mod_include module in Apache 1.3.31 that is susceptible to a buffer overflow.
a7d67b6ae598462fcf1311fa7182534dd474a28ce7c057c3264a690b66f04628Example code of using shellcode to bypass stackguard.
a3833f3f4b753ac7331f34d2f941431266e966ed6b605e9858d1f68e92d4fd84Local root exploit for /usr/sbin/iwconfig.
10b71b48cb5e4b165f212352a02ef424f83595d0dcaf1c2619779a0133ef61f9Local root exploit for /sbin/ifenslave.
8fbd7a93da6b7b610698f7b15ec38201522ff308b0dee9883544408815519bfcIIS 5 null pointer proof of concept exploit.
80e021ee49bc8b8c86efd67d2904ce71e04ef0648b422b39cee57bf1dfef4527SaleLogix Server and Web Client suffer from bypass authentication, privilege escalation, SQL injection, information leak, arbitrary file creation, and directory traversal flaws.
cf52df7a7caebca0796139424646c88526767a6d48c7e79e1dfe9288dfa48f9eRemote proof of concept exploit for the ProFTPD 1.2.x user enumeration vulnerability.
1a9f67d4e3a545bb044fe39bd1c9b16e5d474cf940899ecfd73d586444949990CoolPHP 1.0-stable is susceptible to cross site scripting, path disclosure, and directory traversal attacks.
e2e1f48f15660fe2081380445cadfd0431fd941dc2a499a07f2c1a2fc79ee69eYak! versions 2.1.2 and below suffer from remote directory traversal and arbitrary file upload vulnerabilities.
e9eca6add7ddbd7ddf31c47cc1614f574b9a113f384abf9d9a64091993ae4fcaMMDF deliver local root exploit for SCO OpenServer 5.0.7 x86.
5a32e0e43ec0a91696cd2732619706797117d91a12166e0b705430b2a2d691a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed