Packet Storm new exploits for January, 2005.
b3cc672742ae6abc2421a5291f99236c6ac9529789725a2f01dfeceea21e9b3a
Microsoft Internet Explorer .ANI file handling exploit. Modified version of the houseofdabus exploit. Universal version of the exploit. Tested on: Windows Server 2003, Windows XP SP0/SP1, Windows 2000 SP2/SP3/SP4.
7d28b6b89f96a1823cf6133c4dfbbf4eeebb9afb847e5f3ffc5da17e887c96b4
The webmail portion of Infinite Mobile Delivery 2.6 from Captaris, Inc. contains a Cross Site Scripting vulnerability. In addition to the XSS, an even smaller issue exists where a user can determine the installation path of the client and where e-mails are stored.
ab16cccb8d5dac3bb83fa685da0c66ecaf107bea553a5bde32efb50a81721cbf
Multiple versions of the Merak Mail Server with Icewarp Web Mail suffer from various flaws. Included are cross site scripting, path disclosure, arbitrary file manipulation/access, and weak password encryption vulnerabilities.
2f72998322fa1ea4c6c2c644becc01d4932c53fb305167832b92978f9a58c796
Alt-N WebAdmin, the web application used to administer MDaemon and RelayFax, is susceptible to cross site scripting, html injection, and unauthenticated account modification vulnerabilities. Versions 3.0.2 and below are susceptible.
3248495f1d679d6e5e1767f9bda0c7cfd2ea42a402d286793af304c0def1cfd0
WebWasher Classic has a design flaw weakness where the CONNECT method allows remote attackers to connect to any server listening on the localhost interface of the proxy server.
2a29f5edeac813ac66ecbdbee56a1015c23933d41ef1785125f74e1a02901cf6
Two exploits for Winamp 5.05 and 5.08. They make use of the buffer overflow vulnerability discovered by NSFOCUS.
3b29a4995e0aaccc260541dbb627b87fbe7fb0efadc0a8f4304d08d688585a97
Exploit for Outlook that can press a button to verify it is okay to access protected contact data. Tested against Windows XP SP1. This functionality may be utilized in future worm creation.
b7b894daaf5e749e2f7ec8cab19e398017e5a3a7694ac2d2bf74ebf782fb2f30
An unnamed antivirus product can cause a denial of service on Microsoft Windows due to not closing open registry handles.
10e74a2c526a065ee0572cf3e0b04c2ade62abdeccdc6aa8429bc8da242910db
Apple's OS X batch family of commands make poor use of setuid capabilities allowing for privilege escalation.
4b7f8222d4d52c294fcfe9d3930da745c276ff2c756307556f0b7f809f135083
Pocket IE on a Windows Mobile Pocket PC suffers from Unicode URL obfuscation, local file access, and cross site scripting vulnerabilities.
bec395013c609fcafb8b6c84f0300549081528029323dea25c5102ec9493c217
Modified uselib() local exploit for the Linux kernel series. This version has been modified to also work on SMP kernels. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected.
5e811fb3a37fea86aa97d208b9d826680bddf7e732a63c3f6952d51dfe5d31ea
Siteman versions 1.1.10 and below remote administrative account addition exploit.
b877cfac097f68de3a9f7a2e28a40d53104a37f15d43fac11d8a0e3616a63bd3
Local root exploit for /usr/bin/trn. Tested on Mandrake 9.2, Slackware 9.1.0/10.0.0.
01582be97fed45d219f9fdddda6cbadc367a0d5d9c76671520bd0222ed537e2d
Remote format string exploit for Berlios gpsd, a remake of pygps. On Debian, it achieves uid of gpsd. On Redhat, it achieves root.
9cf987a3eb342c6394cc4295306f491839c95483078d7f507c259c3482d304c3
phpEventCalendar version 0.2 does not check title and event text when the data is inserted in the database, allowing for arbitrary HTML injection.
e8a699fef2e513e4378aa82199db727c3e572800b81722fc116d8c0e405fae00
Exponent CMS version 0.95 is susceptible to full path disclosure and cross site scripting vulnerabilities.
cba48bf52bb176ac8e8bda738703049a1c0e2915e1885ece04e0b5b76e7fb5a5
Detailed analysis of three different vulnerabilities that reside in AWStats which all allow for remote command execution.
74511a1c2d8b5d0dd45ea1e139574de5434d44c4a7e1207c7f78f2ac9324e365
Codebug Labs Advisory 07 - MercuryBoard version 1.1.1 suffers from full path disclosure, cross site scripting, and SQL injection vulnerabilities.
a5dd346b2b76b8259b8056a173a7b0ddc02288d8e782620519e1e93d42cc7968
Local proof of concept exploit for W32Dasm which suffers from a classic buffer overflow vulnerability when analyzing files.
a44335a5b4c70b0d99744758f3679185362ee6a37c83fd430730372e089ffbf8
AwStats exploit that makes use of a remote command execution vulnerability in versions 6.2 and below.
810a1b6622168332504e360c7e6c6da2f9cba118f557e5e09ee9ec3f50f1bbdc
AwStats exploit that makes use of a remote command execution vulnerability in versions 6.2 and below.
be671afe2f640ea4ebc8399b59f577f8e679a509900ad185c46a6d313f3dc8f2
Funduc search and replace compressed file local buffer overflow exploit.
330ed4397d80f8d1f93106c532f481ba8da62d45bdc2be4fc9e1f89e233d4ba6
Siteman version 1.0.x remote perl exploit that adds an administrative account.
24250a5f88d11411275a9dc4ee3d5a05bf4833631d14b6dc2520a5c02db22cdb
Local root exploit for mRouter installed by iSync on Mac OS X 10.3.
9a814a90dbb6e5458ed265b55264c5bf185da8f2b4e2f51e6fe813505c80c98a