Solaris Sparc 2.6 / 7 local root exploit against /usr/bin/passwd which uses the yet unpatched libc locale bug and bypasses non-executable stack protection.
9dc277fdb780142c947251ebc93a3f2d952d404ea7c6e9a9a18360bb133880c4BSDI /usr/contrib/bin/filter v2.* local buffer overflow exploit. Tested on BSDI 3.0, provides a shell with GID mail.
e534fc0c8aa82b47dead2e0e671e1935ad2cdccabd46b611e35f366b86b24a78Shadow Penguin Security Advsory #37 - WinProxy 2.0.0/2.0.1 (now known as Black Jumbo dog) contains many remotely exploitable buffer overflows. Exploit for the POP3 service included, tested on Japanese Windows98.
78e8de82cf9348d47c5825f12d48e94baa226fdb5c9e134cadcd9e5e315b39a4This is a php script which goes to the database (Postgresql) and generate some statistics from the data. For more info see this snortdb page.
221ba130f9735cee45697fe01ed5f6eaec67d1b0ff3fa6bd692e2fdf50096ef5CERT Advisory CA-2000-20 - Name servers running ISC bind v8.2 through 8.2.2-P6 contains two denial of service vulnerabilities. The first vulnerability is referred to by the ISC as the "zxfr bug" and affects ISC BIND version 8.2.2, patch levels 1 through 6. The second vulnerability, the "srv bug", affects ISC BIND versions 8.2 through 8.2.2-P6. More information about these vulnerabilities available here.
cd95a6b1bc9eb41421ec292ed176c6f56b4fb75e5f0998df20e42d7175b1cfbfiXsecurity Security Vulnerability Report - The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files to anyone who can access TCP port 2301. Allows remote users to read the remote console password. Software version 2.28 verified vulnerable. Compaq advisory available here.
992ae643310081a28265d7edbe6fcf3cd675ed92732e4ecbee1271c805355517HP/UX 10.20 allows any file on the filesystem to be chmodded 644.
368ae0b6b600d64d563f95321811ba39e6896823d87ed0d1bd39969c6643ad34An exploitable buffer overflow vulnerability has been found in phf which is unrelated to the well known bad filter problem. All versions of phf should be removed.
ff285dd904fee784fd1e37931b106356da7e64de091e7f180c0b4cd0475e9bdbObject Enumeration in Novell Environments - Due to a combination of legacy support and default settings, Novell Netware servers using native IP will leak system information via TCP port 524 when properly queried. In mixed Novell/Microsoft environments, information regarding Microsoft devices is leaked via the Service Advertising Protocol (SAP) table. Third party products, such as those used to synchronize directory services between environments can further the problem. Essentially, a remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication.
f09861f9843c17db74e28912eb8310b10f91156447711890837c68c8aac45b4eRed Hat Security Advisory - The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to create a format-string exploit in these programs.
1db0f0456fa0d2b426f0fb186273f3437f1e0cbc4de2f5ae56b730e83a612f38Slackware Security Advisory - Pine 4.21 and below contains remote vulnerabilities. Upgrade to at least Pine 4.30.
9b969c6ac82ffea290161611e9b42207e6f66a62f417de73c296ad690c63b908Xato Security Advisory XATO-112000-01 - The Cart32 shopping cart v3.5 and below for Windows contains multiple remote vulnerabilities. Common user misconfigurations and bad password encryption make the application more vulnerable, often allowing a full compromise of the server.
1b68205e70ca4e4f88bcbe2c595d4abb3e3d2bc69c1f1a4b3a2ee611cee2a60cRemote exploit for rpc.sadmind which brute forces the offset. Tested against Solaris X86 and SPARC v2.6 and 7.0.
c543a35cc08b05e3cb588f1186f77256b06978241255de8c03f64460975820d7Red Hat Security Advisory - Adding specific headers to messages, the pine mail reader v4.21 and the imap server could be made to exit with an error message when users attempted to manipulate mail folders containing those messages.
940bdfed990b3d5a0cd95e63dddf3ebbbb155b9cb2670e92b144e217d665d80bRemote denail of service exploit for Microsoft Exchange 5.5 SP3 Internet Mail Service. A message containing charset = "" causes mail service to crash.
c78e67a1dba1114925190b261aaf34271dcd0f4d45718566b9aeb095f29a02b4Georgi Guninski security advisory #27 - There is a security vulnerability in IE 5.x, Outlook, and Outlook Express which allows searching for files with specific name (wildcards are allowed) or content. Combined with other local file reading vulnerabilities this allows attackers to search for and retrieve any file on a users drive. The problem is the "ixsso.query" ActiveXObject which is used to query the Indexing service and surprisingly it is marked safe for scripting. Exploit code included, demonstration available here.
3742942ac9c34bf744dba44bf01b4e6299d39d0c180e6b80617ec20f063387b0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed