Proof of concept exploit for /usr/sbin/chat on RedHat Linux 7.3. Note: chat is not setuid by default on most installations.
c9a281b9044a9467791c8614d54bcf288295b2f5098c342bdf3f19623a7da630Macromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.
a735d602394b50e656bc281563c0a6fa0a3b76a6ea07c95001ca5055469a229aRe-Boot Design ASP Forum is vulnerable to a SQL injection attack that allows remote accessing of a user account without prior knowledge of their password.
e678d70617cc30fc5813f731c6760853903497a982dccceee63e02e782e18f04Thread-ITSQL is susceptible to cross site scripting attacks in its Topic Title, Name and Message fields.
a8673828a2c183f9ff8049970d8dbf6c66a148d78e082ca0072c4acc741f989aThe Thread-IT Message board is vulnerable to cross site scripting injection via the Topic Title, Name and Message fields.
10e3db50f48b3886d5c8ae6c8e46cadf3fa8ec612cab4d818e88e79ee5f0385fComment Board is susceptible to cross site scripting attacks in the Topic Title, Name, and Message fields.
827dc62fdf35b1cc001920e7959315e067206ab13b453f97e6841f66fd718d36WebWeaver version 1.06 and below allows for anonymous surfing of the server if the Host field is set excessively long. It is also susceptible to various denial of services attacks.
d379db7c0aee30b485cfe256c1ea095e1ecc0ca84aa0b246acdf7e56cbf677dcFreeBSD Security Advisory FreeBSD-SA-03:14.arp - Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.
dde29ce8a88cf20ce908f5b73c17ed056e549898e79d57c425cc8cd42cc921c5Guardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
f3c7790699c2de28eff06ee5c00de602e489b1a387068cec05c864ef10156833602PRO LanSuite 2003 for Windows is vulnerable to sensitive information disclosure, logs freely being accessible to any remote attacker, the ability to read any file on the server, and directory traversal attacks.
9f04a1d343d4cc73ccc8d7925f80792502dfe9ae066749060a5a410c141bac4bThe Savant Web Server version 3.1 for Windows 95, 98, ME, NT, and 2000 is remotely vulnerable to a denial of service condition when various malformed GET requests are passed to the server.
2bd87abf901a44d0071f6039019aec576f2bf17865434df7b85c0d48b661fdc7TCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
cd7f1d11b3ca6f5557a7089d0ad41c6cfe112cbae11c131b99ae3ae789457d9eThe Oracle-Proxy aka SQL-Gateway of Gauntlet Firewall version 6 crashes when invalid data is sent over any defined SQL-gw disallowing any future connections.
a0e10a92d97abbd19d53edba384816435d156b0d725e5b27d36f4936aab82bbeNULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
9bd9eaaee3c3e86fe3542b65ecfc1b31fb82cef2f2febf220de60c32a9c33f01NULLhttpd version 0.5.1 and below is vulnerable to a remote denial of service attack that utilizes 100% of the CPU and consumes any unused memory.
5e460644a7de9fa6951e7addf77a7867790c8a4a7e60614db8e8431f63fde7dcPROTEGO Security Advisory #PSA200302 - MondoSearch versions 4.4, 5.0, and 5.1 are all susceptible to having arbitrary ASP code executed on the server via the Msmsetup.exe binary.
dd2110920726df2b84f352c14daafac87f04aa60c0693776f805424930b8f0f7ISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
0b7e33b20eb6e39707bf6f99835e0d7b6a4c02fe435aa0e95c32fea7585d8deePaper describing the fundamentals to writing shellcode on Linux x86 systems. Filled with loads of examples.
c7f898409a0cfbef6ca72115bde9760dfaa77bbaa75169f1aee06693faa67236AppScan 4 Audit Edition has a flaw where the Explore stage of the utility has an automatic scan option. When a reference to a URL in an href tag is made using a wrapper function instead of directly calling window.open or document.location javascript functions, AppScan will not detect the link and the URL will not be tested against any attack.
738c67afd76910eef51c248ffef68d21df6238a1d7277ac9314af039a2a5aabeMoozatech Advisory - wzdftpd FTP server version 0.1rc5 is vulnerable to a remote denial of service when an internal check during the login process verifies the input. Sending a single CRLF sequence at login will cause an Unhandled exception.
9dc709a32ecc61f75ab26f3b3ad333db8c02afd077bd2ccd557d391336f40994Packet Storm new exploits for March, 2003.
99a4af813d300038af78ac3abb7d9b6bd8d2dceb9b661b5b112f238494160780This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
c77c45cda120a2df844639ed9545243e9c9a436bd723e556c9ea06c15a682d06Both OpenSSH portable versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code with at least one of the bugs being remotely exploitable.
6039997a0d3920e9ec4076fc04dcbce3949da71808527bf29c18e4ad183aa448mpg123 v0.59r and 0.59s remote client-side heap corruption exploit that makes use of the overflow found in the readstring() function of httpget.c which does not limit the amount of data written to a buffer.
b966ec4b297ac556e11aa1acbd8b25b092385a2aa517c52977bb4f02b7484849Remote exploit for lsh 1.4.x that makes use of a boundary error in read_line.c when checking for errors. Spawns a bindshell on port 45295.
e168f8955d32dfb71b3687b375f1e860d3b0793aad3026a1c30016d53a3c21eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed