feeble.you!dora.exploit

Sunday, March 18, 2001 Silent delivery and installation of an executable on a target computer. No client input other than opening an email using Eudora 5.02 - Sponsored Mode provided 'use Microsoft viewer' and 'allow executables in HTML content' are enabled. One wonders why they are there in the...

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require...

Tru64 UNIX 4.0g - '/usr/bin/at' Local Privilege Escalation

/ Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require modification, may require deletion, heh. Note: executablestack...

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit

Exploit for tru64 platform in category local exploits ============================================== Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit ============================================== / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site:...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

Дырка в Lotus Notes (stored foms)

Внутрь письма можно вставить исполняемый код во внутреннем формате...

Tru64 5 - 'su' Env Local Stack Overflow

/ Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru64 5A OSF/1 / / By: K2 thx horizon,lamo...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...

Tru64 5 - su Env Local Stack Overflow

Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...

Microsoft Outlook 2000 0/98 0/Express 5.5 - Concealed Attachment

source: https://www.securityfocus.com/bid/2260/info Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as...

CVE-2000-1225

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

Проблемы в TrendMicro InterScan VirusWall (shared folder permissons)

При установке создается разделяемая папка, содержащая исполняемые файлы доступная всем пользователям на запись/изменение...

Microsoft IIS 4.0/5.0 - Executable File Parsing

source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed request for an executable file follow...

Microsoft IIS 4.05.0 - Executable File Parsing

Microsoft IIS 4.05.0 - Executable File Parsing source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a special...

mandrake.urpmi.txt

Local Exploit Issue with: /usr/bin/urpmi The urpmi executable perl script root@localhost /root ls -al /usr/bin/urpmi -rwsr-x--- 1 root urpmi 9352 Apr 4 2000 /usr/bin/urpmi This requires an account in the urpmi group. Possibly physical access to the box as well. On Mandrake 7.1 the package urpmi w...

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

CVE-2000-0663

The registry entry for the Windows Shell executable Explorer.exe in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path"...

Microsoft Windows NT 4.02000 - DLL Search Path

Microsoft Windows NT 4.02000 - DLL Search Path source: https://www.securityfocus.com/bid/1699/info When a program executes under Microsoft Windows, it may require additional code stored in DLL library files. These files are dynamically located at run time, and loaded if necessary. A weakness exis...

Дырка в Apache-ssl из Trustix

Из-за ошибки в скрипте инсталляции часть исполняемых файлов устанавливается открытыми на запись...