Wd.pl is a remote IIS exploit in perl which exploits the bug in ntdll.dll described inms03-007. Tested on Windows 2000 Advanced Server SP3 - Korean language edition.
5ea1f6ba50a1127397038bd3ad1cc1ed795a67a840eab0ac0c674e81cf2d7b19Zero Day Initiative Advisory 12-142 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
4b4d0a01355713d6b9b2023bec9de5d8a94b9df2193510d724d023512bc800da57 bytes small Linux x86 chmod 666 /etc/passwd and /etc/shadow shellcode.
590e152e8000ac65c31808f69843049356045877a386919811bea3db71213bd4Rainbowdigital suffers from a remote SQL injection vulnerability.
99d02de14a1f053395b2d6291f379842ae9851cf7644f89cd9216c54bd15763fThe WD TV Live Streaming Media Player suffers from two implementation flaws that together allow for remote command execution as root.
30e038aaf42732de5c7c31917ec77feb71e99f5a032ca468e8d514c9181e41c1WD ShareSpace versions 2.3.02 and below suffer from a remote sensitive data disclosure vulnerability.
2ff30788aee07286ddd4c6f580352e236991687d8162d3125603f64f55c1b35dJoomla hwdVideoShare version r805 suffers from a remote shell upload vulnerability.
bc1e6119f2ed610cbf46770b53e894f80bf571ef0fd6dd76866a7970a5544ce0PHP versions 5.4.3 and below wddx_serialize_* / stream_bucket_* variant object null pointer dereference exploit.
186f4ea7623d98c66ebb266a599e771143dbdb3ba4aac5d564ff29b77b55d1d6Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts local accounts NT/LM hashes and history, domain accounts NT/LM hashes and history, cached domain password, and Bitlocker recovery information.
2eacce746014f5b388071f4ac9185d0040e4e0b9d6ad96eadfdb72d65f73e252Ubuntu Security Notice 1396-1 - It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. Various other issues were also addressed.
6e37a6e7af6dadd5caece2f389fd20999a42067305f2184d676361f4c1b51ea0Secunia Security Advisory - Two vulnerabilities have been reported in swDesk, which can be exploited by malicious people to compromise a vulnerable system.
b9a9624b38f1f69785758ca0381fd79a1cb0a4a279a7918cf803c22e2f55f007Secunia Security Advisory - A vulnerability has been reported in swDesk, which can be exploited by malicious users to compromise a vulnerable system.
c2e79e95c3e58e62d7118576d34273047a4e43ad4ce48f52a8ad48f3b070115fswDesk suffers from cross site scripting, PHP code injection and shell upload vulnerabilities.
fa983a2d4a4eed5643f7d022b1403ee7611d425e992bcc6fd99fcde12cf183ddEWD suffers from a remote SQL injection vulnerability.
ea57cef0ab209a73369190db945069363f3291088f40c67fe0dc9c409ee9b4cb94 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.
fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95fLinux/x86 polymorphic shellcode that escalates uid/gid and adds user iph to /etc/passwd without a password.
c76ec179be82bd66c6ce5163485d57eea3d44050cf6f706dcc2af9eaea0200ddCalibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.
803cea9af662f56f8c5d24c4e88e0d59ba6548ac865fb65d1a853fca08aef00cThe zFTP server suffers from a remote denial of service condition when handling multiple STAT and CWD command requests.
8407a8948f7a9148808d25756720686181651afab0fbe2eb264d023cb76c64bbVUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurByWeekdayParam::bywdaylist()" function within the "gwwww1.dll" component when processing a malformed "RRULE" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
e9739b7f115e53c739cde3bd056999eafde0be533a0e278ee536f5712c2718beCheck Point Security Management Products suffer from multiple symlink vulnerabilities. Due to the combination of inadequate file checks, predictable file names and writing of temporary configuration files to /tmp it is possible for a unprivileged local user to exploit the post-installation script to overwrite arbitrary files on the security management system through symlink following. The script also contains a second-order symlink vulnerability which makes it possible for an attacker to gain control of the SMS configuration file: $FWDIR/conf/sofaware/SWManagementServer.ini.
9c9530656dc7486ce3d99175a4a77905ed90e3d797246e746914fe8311174a28This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.
bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854Matrix Media WD Plymouth suffers from multiple remote SQL injection vulnerabilities.
716efaa9caaddd826dff5a3fd5fa9a3c7f2bf4d778926e76d36db5680efd23ddThe tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).
63ab4191e6a01dfd4d9e71eb1a2b714a49c9ce0a01416a2d40ebffcbf486eb65iPhone4 FTP Server 1.0 empty CWD-RETR remote crash denial of service exploit.
475b9126b494053efc37cc13c7a6fa63dedf0a3b5b6cfad131b1b11adc82d7a6PresseTool suffers from a remote /etc/passwd file disclosure vulnerability.
542a9ff9cd2f460897a859eb02232dafb6fb4f267d8bcecdf0eedaa8edc3e22aThis Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.
5582013e7dde303149edfe7da48c08313b51ded046619d9bfba33ef02981baa8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed