aspads.txt

We've had a number of questions and possible solutions suggested in the past few hours, let me try and summarize. 1. Several people noted that enabling extensions with "::$DATA" added, i.e. ".asp::$DATA", would cause them to be executed instead of read. This does work, and is faster than removing...

icq-hidden-files.txt

Date: Fri, 1 Jan 1999 14:20:34 +1100 From: Justin Clift To: [email protected] Subject: Win32 ICQ 98a flaw Hello everyone, A while ago I found a flaw in ICQ which I believe to be fairly serious and asked whom to notify. Thanks for everyone's assistance in this. :- I notified Mirabilis and they...

defeat.solaris.nonexec.stack.txt

Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...

processdump.txt

Date: Tue, 15 Sep 1998 12:36:22 +0800 From: David Luyer Subject: Dump a mode --x--x--x binary on Linux 2.0.x The following file can be LDPRELOAD'ed against a mode 111 --x--x--x binary on Linux 2.0.x. It will dump the binary to a series of process-dump-... files in the current directory. The...

digital-unix4.0-asm-shell.txt

Date: Tue, 26 Jan 1999 15:18:08 -0500 From: Seth Michael McGann To: [email protected] Subject: Re: Digital Unix 4.0 exploitable buffer overflows On Mon, 25 Jan 1999, Lamont Granquist wrote: Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an...

Web Server /cgi-bin Shell Access

The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP daemon. %NASLMINLEV...

CVE-1999-1019

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable processd with a Trojan horse, facilitating a root or Administrator compromise...

Omnicron OmniHTTPd 1.1/2.0 Alpha 1 - 'visiadmin.exe' Denial of Service

source: https://www.securityfocus.com/bid/1808/info OmniHTTPD is a web-server offered by Omnicron for the MS Windows platform. One of the CGI utilities it ships with and installs by default contains a bug that could, if exploited, lead to a denial of service condition on host it runs on. When the...

SGI IRIX 6.5.4 - midikeys Root

source: https://www.securityfocus.com/bid/262/info The setuid root "midikeys" executable can be used to edit arbitrary files via its graphical user interface. This grants malicious users root access to the system. Running the midikeys application, clicking in sounds, and then songs will bring up ...

Solaris 2.67.08 - netpr Local Buffer Overflow (2)

Solaris 2.67.08 - netpr Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have be...

CVE-1999-0527

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten...

CVE-1999-1440

Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is...

PT-1998-1190 · Unknown · Nukenabber

Name of the Vulnerable Software and Affected Versions: NukeNabber affected versions not specified Description: The issue allows remote attackers to cause a denial of service by connecting to the "NukeNabber port 1080" without sending any data. This action causes the CPU usage to rise to 100% due ...

[SECURITY] Seyon is vulnerable to a root exploit

Description ----------- We have received a report from SGI that a vulnerability has been discovered in the seyon program. This can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability. Since SGI does not provide exploit information, we are unable to...

IRIX Multiple Buffer Overflow Exploits (LsD)

Exploit for irix platform in category local exploits ============================================ IRIX Multiple Buffer Overflow Exploits LsD ============================================ / copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include include include define BUFSIZE 2068 define...

SGI IRIX 5.36.2 - ordist Local Privilege Escalation

SGI IRIX 5.36.2 - ordist Local Privilege Escalation // source: https://www.securityfocus.com/bid/415/info A buffer overflow exists in the ordist program, as shipped with Irix 6.x and 5.x from Silicon Graphics. By supplying long arguments to the '-d' option, containing a properly crafted buffer of...

Xt Library - Local Privilege Escalation

include include include define DEFAULTOFFSET 0 define BUFFERSIZE 1491 long getespvoid asm"movl %esp,%eax\n"; mainint argc, char argv char buff = NULL; unsigned long addrptr = NULL; char ptr = NULL; char execshell = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b" "\x31\xd2" "\x89\x56\x07" "\x89\x56\x0...

sudo.bin - NLSPATH Privilege Escalation

sudo.bin - NLSPATH Privilege Escalation include include include include include define PATHSUDO "/usr/bin/sudo.bin" define BUFFERSIZE 1024 define DEFAULTOFFSET 50 ulong getesp asm"movl %esp, %eax"; mainint argc, char argv uchar execshell =...