GFHost.pl

GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 =...

PT-2004-1058 · Mit +1 · Krb5-Server +5

Name of the Vulnerable Software and Affected Versions: krb5-devel versions 1.2.2 krb5-server versions 1.2.2 krb5-libs versions 1.2.2 krb5-workstation versions 1.2.2 MIT Kerberos 5 krb5 versions prior to 1.3.4 Description: The issue concerns multiple vulnerabilities in the krb5 package of Red Hat...

Rlpr 2.04 - 'msg()' Remote Format String

by jaguar !/usr/bin/python import os, sys, socket, struct, time, telnetlib class rlprd: fd = None pad = 2 00000000 31DB xor ebx,ebx 00000002 F7E3 mul ebx 00000004 B003 mov al,0x3 00000006 80C304 add bl,0x4 00000009 89E1 mov ecx,esp 0000000B 4A dec edx 0000000C CC int3 0000000D CD80 int 0x80...

IBM acpRunner Activex Dangerous Methods Vulnerability

IBM acpRunner Activex Dangerous Methods Vulnerability Release Date: June 15, 2004 Date Reported: February 20, 2004 Patch Development Time In Days: 116 Severity: High Remote Code Execution Vendor: IBM Systems Affected: acpRunner Activex Version 1.2.5.0 Overview: eEye Digital Security has discovere...

[Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke

=========================================================================== =========================================================================== Advisory: 2004-OSC2Nuke-001 Affected Software: OSC2Nuke 7x version 1 OSCNukeLite V3.1 and earlier Main Developer: Dreamlite Development Team Modu...

CVE-2003-1033

The 1 instdbmsrv and 2 instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious...

CVE-2003-1033

The CVE affects SAP DB Development Tools 7.x (instances of instdbmsrv and instlserver). The root cause is that these programs trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver binary. This trust enables local users to escalate privile...

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20040101

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org - - - - - - - - - - - - - - - ...

CVE-2003-1156

Java Runtime Environment JRE and Software Development Kit SDK 1.4.2 through 1.4.202 allows local users to overwrite arbitrary files via a symlink attack on 1 unpack.log, as created by the unpack program, or 2 .mailcap1 and .mime.types1, as created by the RPM program...

Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2)

/ hatorihanzo.c Linux kernel dobrk vma overflow exploit. The bug was found by Paul IhaQueR Starzetz Further research and exploit development by Wojciech Purczynski and Paul Starzetz. c 2003 Copyright by IhaQueR and cliph. All Rights Reserved. COPYING, PRINTING, DISTRIBUTION, MODIFICATION,...

Linux Kernel 2.4.22 - do_brk() Local Privilege Escalation (2)

Linux Kernel 2.4.22 - dobrk Local Privilege Escalation 2 / hatorihanzo.c Linux kernel dobrk vma overflow exploit. The bug was found by Paul IhaQueR Starzetz Further research and exploit development by Wojciech Purczynski and Paul Starzetz. c 2003 Copyright by IhaQueR and cliph. All Rights Reserve...

minimalist code execution

No description provided...

Multiple jre/jdk installation symbolic link bugs

No description provided...

Witango & Tango 2000 Application Server Remote System Buffer Overrun

NGSSoftware Insight Security Research Advisory Name: WiTango Application Server & Tango 2000 Systems Affected: Windows Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.witango.com Author: Mark Litchfield [email protected] Date: 18th July 2003 Advisory numbe...

0006_AP.CF-rds-dump.txt

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - Exploit Code: Victim1 Initial Bug Report By: rs2112 release date: 06/26/2003 +------------------- -- - + timeline of...

Macromedia ColdFusion MX 6.0 - Remote Development Service File Disclosure

Macromedia ColdFusion MX 6.0 - Remote Development Service File Disclosure source: https://www.securityfocus.com/bid/8109/info A vulnerability has been reported for the RDS service that may allow an attacker to obtain unauthorized access to a data residing on a ColdFusion MX server. The...

Macromedia ColdFusion MX 6.0 - Remote Development Service File Disclosure

source: https://www.securityfocus.com/bid/8109/info A vulnerability has been reported for the RDS service that may allow an attacker to obtain unauthorized access to a data residing on a ColdFusion MX server. The vulnerability is due to the way that authentication is done when communicating with ...

podboard dev 0.0 Script Injection

Version : dev 0.0 Website : http://www.planetpod.de Problem : XSS bug Exploit : ++++++++++Login and go to this link : http://server/podboard11/forumdetails.php?groupid=1 Fill in Nick-name: scriptalert'XSS bug'/script Fill in Your location: scriptalert'XSS bug'/script Fill in your Homepage:...

SRT2003-04-22-1336 - SAP DB Development Tools install flaw

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

yabbse.pl

yabbse.pl exploit Spawn bash style Shell on Apache CPANEL Spabam 2003 PRIV8 code [email protected] This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...