Bug in pine 4.20 below allows pine to execute a command mailed to the user without the user seeing what it is by Jim Herbert. Includes commentary by Pavel Kankovsky on how it is still not fixed in 4.21.
3666f88135de094542fb169ef70fc2338e61507c7e7fe1ec4be8e3b8ec7d257eRiched20.dll, which Microsost wordpad uses, is vulnerable to a buffer overflow attack. This paper gives lots of detailed information on of exploiting this vulnerability.
3f1b59360021dd122d37fd44d66487de0c4de9144e6bb58b16b27327eed42ef1Internet Explorer 5.0 under Windows 95 and WinNT 4.0 (guess other versions are affected) has security problems with HTTP redirects in XML objects. This allows at least Reading any (local or nonlocal) XML file and any wellformed documents, Reading parts of documents, Checking for the existence of local files, and possibly reading arbitrary files. Exploit included.
5b6c27497f657cb808f65f63aae3c8ef89936dfdab9b4da93b59f14c50255ef8Exploit for vulnerabilities in sendmail 8.8.8 which hijacks incoming mail and saves it in /tmp.
bafadc740b0a5f08f59f80e1deefd74e1785d438413907c07207f431886905b3Integrated FTP attack facility. Remote exploit for wu-ftpd 2.5.0. Explains how to find the offset if you have the binary, and includes offsets for Redhat 6, Redhat 5.1, Redhat 5.2, and Debian 2.1.
5f3e182f8921a74a73a9d092c32adf6a628d50cdd4fa2d0665dc1ffb78405e19The Vermillion ftp daemon (VFTPD) version 1.23 has a remote DOS attack. Example included.
364eb73941cc98cd5a2bce052f4c3f604902f79f987368276c4c0288d9a0028cCGI vulnerability found in meta.pl that allows a remote user.to view files on the system as the UID of the httpd server.
b7f7521aa7e1a5c8863f05860d8a9ccf5f935deae7fdd07e63ddbf8b161b997cHP network printers (tested on HP LaserJet 4500) crash when given a URL loger then 256 characters.
d123734b6144ec16fede7b2f3f1b576848b20cada113ae27077f9c444a9ea6cdIf proftpd has the mod_sqlpw.c optional module compiled in, the last command will display passwords instead of usernames.
ec7d82abc3be27d87dddd381e6122c6d188a6c5e42de20b16c051adac8a7c83aZetaMail 2.1 POP3/SMTP server is vulnerable to a buffer overflow caused by a long username / password. Binary / Source for the DoS exploit here.
05ab8f61d142aacfec12a6ab466acd75890a08dc2d75bd8809207b0e15a17a65Lynx has mechanisms to avoid spoofed 'special URLs'. The protections are insufficient and can result in local compromise.
572c27a381354f90a31a76977dccc10442db4065337602fbc6a83efbba50ffb1Remote DOS Attack in G6 FTP Server v2.0 (beta 4/5) caused by a buffer overflow in a long user name.
10a81014393e2e851e86f1b981ebf6ad5d458b73177cd286b8726538c086aa92Cgitest.exe CGI is distributed with W4-Server2.6a/32-bits has a buffer overflow. Any instructions can be executed on the victim host by using this buffer overflow exploit.
152b3ef6e55079125a83e4cd6e9842f7de802388a4ca59dc948071470fdfe4afDeleGate 5.9.0 remote overflow.
30642c0d094ab7bf796632ec2992a7147c5d28d2f0a2c746c0c9cc62f2186936NetCPlus SmartServer3 POP 3.51.1 Exploit. Windows binary and source code included. Spawns a command prompt on port 666.
3238b2a6cb153549cf675abd04b8822306e36d2bba966fb91a9d003d385162dbA remotely exploitable buffer overflow has been found in ssh-1.2.27. The problem is the length of the session key is not checked. Multiple platforms are vulnerable.
0a85e8ff5334fd6c730fcbee204b3fcbd601aa00b5176eb6e14ee47c1a17e5dbADM named 8.2/8.2.1 NXT remote overflow exploit. Includes shellcode for linux x86, Solaris/Sparc, and NetBSD (with and without chroot). Slightly broken to discourage script kiddies.
e34031f3f343e58dd2155719b49f877be36a74f1455787d8c32c17baeacace25When patches/fixes are applied to binaries on UnixWare 7, the original, unpatched binary files (with the suid/sgid bits maintained) are stored in /var/sadm. By default, the permissions on this directory is 755. This allows normal users to execute and exploit old binaries leftover from patching.
ddcc3aea580eae13df34903d75ef698ba2a71c314c68aee75fb50df4903aaa5dFormHandler.cgi uses hard coded physical path names for templates so it is possible to read any file on the system.
982f352a5e509b2e9e1fc85b0d6714be542e0e546c96f5882dc578ee003c3f13A bug in the processing of NXT records allows attackers remote access to DNS servers at the priveledge level that the DNS server runs at. All versions of Bind below 8.2.2 patchlevel 3 are vulnerable. Updated with a little more detailed information about the bug and the handling of NXT records. Advisory from isc here.
0f62614994f9e3c303188367fb4933c80f550e5e69a744404d32c72ec099ca7dThere is a buffer overflow in NetCPlus' SmartServer3 POP3 server which can allow a remote attacker to execute arbitrary code on the machine. Affected are windows 95/98/NT machines running NetCPlus' SmartServer3 program with the POP3 server started. The version tested was 3.51.1.
33c1d77e009be8792bfdf0e14f137ed0d95f798035b257ffb85809fe276c7cffISS Security Advisory: Multiple Root Compromise Vulnerabilities in Oracle Application Server for Solaris. An account on the target system is required to exploit these vulnerabilities. Oracle Application Server prior to release 4.0.8 is affected by these vulnerabilities.
efb4afb5de23974d9b3bcdbaf09f000d1e0757705e82f4e88a4061c72070a989When installed out of the box, XITAMI allows all users to access a sample CGI program called TESTCGI.EXE. This program outputs a lot of information about the box running the webserver, such as environment settings, various directory information, current user logged in etc. This information can be usefull to crackers.
e490f819bf469767694bdb66cc208f53decd72b89aa917eb62974baf262b8b50Bug in Windows Mailgate 3.2.114. DoS exploit included.
daefc728e283d08cd3bf532ae4cbf6df50665d7e9d17bf2433f3f72d65db52c0rpc.nfsd2 exploit for Linux.
6fc116c5392ead9489a303becab2008d6ff235abdd986aff52bc4057fd75746c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed