Secure Network Operations, Inc. Advisory SRT2003-07-08-1223 - IBM U2 UniVerse version 10.0.0.9 and below allows the uvadm user to escalate to root privileges via a buffer overflow in uvadmsh.
07bee1686a0c83e96b5a7d0c30fcdc0f47ba477ddd22842dd3e50400b4aa78c6Secure Network Operations, Inc. Advisory SRT2003-07-07-0913 - IBM U2 UniVerse version 10.0.0.9 and below commits some abnormal suid behavior in its uvrestore and setacc applications allowing an attacker to monitor other user ttys and more.
2c90d30100f5f984b3cf32a5c64662112d4acdb4e1ed35b55f059aa383f79e89Secure Network Operations, Inc. Advisory SRT2003-07-07-0833 - IBM U2 UniVerse version 10.0.0.9 and below on Linux allows users with uvadm rights the ability to escalate to root privileges.
bc6359004efcd5b06bacf05b043408021032d202e1eeabf6980ac879a8b11f43Secure Network Operations, Inc. Advisory SRT2003-07-07-0831 - IBM U2 UniVerse version 10.0.0.9 and below on Linux and DGUX has a legacy program included in the package that creates hard links as root.
6a486570d3ce8440e70bf1f76f1a3177aebbaa5a9eb2a4dcaeabe63319a83984Logo for Engination
d9d9453e3bbdff8bbded4e89a8a5a70726ce4159d4c42e98a0a74e95f34e5d31nfs-utils version 1.0.3 and below for Linux has an off-by-one bug that allows a local or remote attacker to send an RPC request to mountd that could execute arbitrary code or cause a denial of service.
3fe1bcb8239cc8b00c2dfcf354fa601b0b377cb56afd088883e8b2af3724d591Hopfake logs traceroute attempts and can also add some extra fake hops. Works well with TCP/UDP and ICMP-ECHO based traceroutes.
240d10356442704cb6a76489439bf4cccb4452ed4ca304baddfcacd35e7c9ddfMoby's Netsuite 1.21 httpd server is vulnerable to a multitude of directory traversal bugs that allow an attacker to access files outside of the web root.
c3a9e9ae00e9e67b478e9d3093cc3f9669abbf2620d5783b4b97471d46479220Hummingbird's Exceed X emulator mishandles fonts and is vulnerable to both remote and local denial of service attacks and may allow an attacker to remotely gain root privileges.
4229f6700178e0c3f5a09ba9b35ac021fc622a1b8acd2e2bc7bda54b9d98eea6Simple shellcode that allows command execution on Microsoft Windows platforms.
a5a6d5c1a064493d07a7279f0875d3e18e7199ccc79e6c56780408cd1ef3e18cA buffer overflow has been discovered in the IMAP4rev1 MDaemon v6.7.9 and below that can allow malicious users to remotely crash this application and commit code execution with SYSTEM privileges.
abf6ce1c4d9bf7f8ca7fe731e42afda03ebc4f4ddfc1cbcedb749995121a265cExploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html.
de57f77d0570f6c0cef77345b9c3a45bdf07eb7947748433529550f3a4693e1aLocal exploit for Upclient 5.0.b5 that spawns a shell with kmem privileges. Tested on FreeBSD 5.0.
12ad32e03b238b43ac52391150406436f569b35875fd12e93cbdce6c5c310419Paper discussing more shatter attacks that are possible using SEH memory locations to escalate privileges in Windows. Related information available here.
08eeaae0ef4d604d10152e302c4788b1eb3339d71fd9c5a793d9b0e5a67d44e0OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.
b080fa6cc868df661d6a5f84927bd9d12568a47e84e38cf22695a72e5ee75f19Backdoored version of OpenSSH 3.6.1p2 that has a magic password, logs logins and passwords to a specified file, and disables use of the default configuration file.
b8d706e7016863b7aae46d746b1f0f9ebfe89f5729e5b7e3f964a1ff7c5aa41fPacket Storm new exploits for April, 2003.
31c9e6c9d8582f6aca72f21d5e0406005516f63c17fe7cad6b90dc9ccac51305Packet Storm new exploits for January, 2002.
c8876e01bb72729efd8c9bb8059af190059d1b349a108ff8047f1404d6b7c269Packet Storm new exploits for January, 2003.
05e9bf140090db0cdb886afeb952996de9fc46088acb9fcee3c4fd94972e4c8dPacket Storm new exploits for May, 2003.
3266d5d2ec89be98ae96388144950426ff1b73fbfc6af81a7f8f55b77fcfbbb5LLC v0.9.2 is a log cleaner for Linux.
bd31dd99d9d4d55fa1aa06496921958c44bf0a1c8dcfe1f12eb4e6ef80fbcf36Another submission of a t-shirt graphic for Packet Storm.
794a4b796619be7e502818e0873d5237f7795ce41886683121a1e66ccefd49a9mIRC 6.03 and below allows an attacker to misleading supply a URL that poses as one URL but leads to another by setting the color of the secondary URL to the default background color.
6b69a01535a0c67322cb56b25faa8fc7dba090f0825a3a04ed026b05cdd0462dmIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
e563523994f9fa8795dd89183f1920def4ff07f15d1392c758656569e82a5204Proof of concept exploit for mnoGoSearch 3.1.20 (and possibly works on 3.2.10) that binds a shell to port 10000. Tested against FreeBSD.
3b52260178c6331557b9865a060541ff07d5cdeeedbe2e926b3952bdeac4b23d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
