ABUS TVIP 11550/21550 suffers from arbitrary file read, file upload, and command execution vulnerabilities.
2f51d4760c8bd61052e7053ffd77dd4337c961386e2656f7ff4271440419c1b2Limewire directory traversal exploit. Exploits bug in versions 4.1.2 - 4.5.6, inclusive.
a0dfa08e39acd486c6491f79f378b661f19d8d1edb4b5a89ab50190a58682691mailmgr version 1.2.3 is vulnerable to symlink attacks. If the utility is run as root, any file on the system can be overwritten.
93ee7bc51fe3ac504ce9e5a8fdfd64f5776ac41c90200f5e29296b8b1bab4e7eMajordomo, the popular mailing list utility, defaults which_access to open in the configuration file. A list of email accounts for a mailing list can be compromised by this de-facto setting by sending which @. Patch included.
8efeb015e6583cfd9603c53d758fcd752e89c4d7096f788f8d997d1a1b2f0abeHackbot v2.15 is an host exploration tool and banner grabber. It scans hosts for FTP banners, SSH banners, Open Relays, EXPN and VRFY options, more than 200 common CGI vulnerabilities and common indexable directories, NT unicode vulnerabilities and NT nimda infections.
585541a710f53e77b36a655588a546bd1b454b40761f3c43c42fd4f3dd1de912Hackbot v2.14 is an host exploration tool and banner grabber. It scans hosts for FTP banners, SSH banners, Open Relays, EXPN and VRFY options, more than 200 common CGI vulnerabilities and common indexable directories, NT unicode vulnerabilities and NT nimda infections.
1a35fc593b830443865629022963080c2a7ec60a4bc217fd12e1071e7e4610dbNovell GroupWise Internet Agent 6.0.1 sp1 contains a buffer overflow in the smtp service which can be exploited over port 25. Tested on Novell NetWare 5.1 sp3. Fix available here.
a176e4e5a0799c3a71f7a3f6764dbd5dc8b33db8e6a3951197adf2671d937e12The script command overwrites hardlinks named typescript in the current directory.
d79023227c22e8ad95ff6441f4cb693f4c84fd87bea085fa786b664d343ebb48Majordomo v1.94.4 contains vulnerabilities which allow local users to obtain a uid=majordomo shell.
f73ece74f87e2fff78d541fca10443ea2833f826616305f86792de0c8030f123Removing the SUID bit from xlock causes enter to work as a password to unlock the screen for all users except root. With no SUID bit it can no longer read /etc/shadow, creating a blank .xlockrc, causing enter to be a valid password.
7a3fc00fea0ff0994ae858e317eefc68874f30058a8c8af694cc82126a795089Whois.pl is a remote exploit for Fastgraf's whois.cgi perl script.
805a20d41225bbbbdd659b9161bb4d4a47c0dad781d97b2378c5e7f8c4611a81GNU tar follows symlinks blindly, a problem if you untar as root.
941d4baa8400f1fbed234f9bd2533ce2860e8137e6ad91ba30b49a049594c4f6Fastgraf's whois.cgi perl script lacks meta character checking, allowing remote users to execute arbitrary commands as uid of the webserver.
5abaa53a2c6a8bbe911a2c4851d96061e1ccfb4c69892c8acb5e5a3ac920d6ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed