1471 matches found
MirOS BSD Korn Shell本地权限提升漏洞
BUGTRAQ ID: 28768 MirOS BSD是运行在32位i386和sparc平台上的BSD家族操作系统。 MirBSD的Korn Shell(mksh)在通过-T命令行开关附加到TTY时存在错误,本地攻击者可以利用之前写入到所附加虚拟控制台的字符以运行mksh用户的权限执行任意命令。 MirOS Project MirBSD Korn Shell R33d MirOS Project ------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mirbsd.org...
Windows Command Shell, Bind TCP (via Perl)
Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 139 include Msf::Payload::Single include...
多个BSD平台'strfmon()'函数整数溢出漏洞
BUGTRAQ ID: 28479 CVE ID:CVE-2008-1391 CNCVE ID:CNCVE-20081391 多个BSD平台'strfmon'函数处理存在整数溢出,可能以受影响应用程序上下文执行任意代码。失败的尝试可导致拒绝服务。 问题代码类似如下: include monetary.h ssizet strfmonchar restrict s, sizet maxsize, const char restrict format, ...; - --- 1. /usr/src/lib/libc/stdlib/strfmon.c -整数溢出...
Re: [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
On Mar 27, 2:09pm, [email protected] [email protected] wrote: -- Subject: securityreason BSD libc strfmon Multiple vulnerabilities ... stuff deleted ... | Problem exist also in printf function. | | Example code will show Integer Overflow . | | - ---example-start-- | include stdio.h | ...
CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...
CVE-2008-1391
CVE-2008-1391 is an integer overflow in the GNU C Library (glibc) strfmon width specifier handling that may be triggered by an attacker who can control the format string passed to strfmon (and related to printf in some contexts). The connected Nessus/OpenVAS entries indicate this vulnerability wa...
CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to 1 the strfmon function in...
[securityreason] *BSD libc (strfmon) Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BSD libc strfmon Multiple vulnerabilities Author: Maksymilian Arciemowicz cxib SecurityReason.com Date: - - Written: 10.03.2008 - - Public: 25.03.2008 SecurityReason Research SecurityAlert Id: 53 CVE: CVE-2008-1391 SecurityRisk: High Affected Software...
BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
// source: https://www.securityfocus.com/bid/28479/info Multiple BSD platforms are prone to an integer-overflow weakness. An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts wil...
BSD (Multiple Distributions) - strfmon() Integer Overflow
BSD Multiple Distributions - strfmon Integer Overflow // source: https://www.securityfocus.com/bid/28479/info Multiple BSD platforms are prone to an integer-overflow weakness. An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of...
Cross site scripting
Cross-site scripting XSS vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
BSD PPP pppx.conf - Local Denial of Service
BSD PPP pppx.conf - Local Denial of Service source: https://www.securityfocus.com/bid/28090/info BSD PPP is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to crash the application and...
BSD PPP 'pppx.conf' - Local Denial of Service
source: https://www.securityfocus.com/bid/28090/info BSD PPP is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to crash the application and deny service to legitimate users. Given the...
Multiple BSD systems user-ppp buffer overflow
Buffer overflow on PPP protocol parsing...
KAME Project IPv6 IPComp头远程拒绝服务漏洞
BUGTRAQ ID: 27642 CVECAN ID: CVE-2008-0177 KAME项目是6家日本公司协作为各种BSD系统所提供的免费IPv6、IPsec和Mobile IPv6实现。 KAME项目实现的IPv6协议栈存在漏洞,远程攻击者可能利用此漏洞导致服务器不可用。 如果BSD系统使用了KAME项目的IPv6实现的话,则在处理有IPComp头的IPv6报文时kame/sys/netinet6/ipcompinput.c文件的ipcomp6input函数会出现空指针引用。如果将内核配置为处理IPsec和IPv6通讯的话,单个特制的IPv6报文可能导致内核忙碌。 FreeBSD...
OS X Execute Command
Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 24 include Msf::Payload::Single include Msf::Payload::Bsd::X86...
[SECURITY] Fedora 7 Update: hsqldb-1.8.0.8-1jpp.5.fc7
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...
Xtacacsd 4.1.2 - report() Remote Buffer Overflow (Metasploit)
Xtacacsd 4.1.2 - report Remote Buffer Overflow Metasploit $Id: xtacacsdreport.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
CORE-2007-1106: SynCE Remote Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs SynCE Remote Command Injection Advisory Information Title: SynCE Remote Command Injection Advisory ID: CORE-2007-1106 Advisory URL:...
Core Security Technologies Advisory 2007.1106
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs SynCE Remote Command Injection Advisory Information Title: SynCE Remote Command Injection Advisory ID: CORE-2007-1106 Advisory URL:...