KDE 1.1.2 KApplication configfile - Local Privilege Escalation (3)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...

Hi again. Another overflow and TCP/IP stack flaw. Affected: virtually any system running on the top of Netware system with http remote administration including web caching solutions, BorderManager firewall and so on... There's an buffer overflow in remote http, usually on port 8008 or so...

fw1_script.tags.txt

Hi all, The "Strip Script Tags" in FW-1 can be circumvented by adding an extra tag like in this code: alert"hello world" test This code will pass unchanged, and still execute in both Navigator and Explorer. I tried this on version 3.0 of FW-1 on Windows NT 4.0 but I'm not able to check it on...

WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion

source: https://www.securityfocus.com/bid/2240/info Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under some configurations where this is enabled a remote us...

MediaHouse Software Statistics Server 4.285.1 - Server ID Buffer Overflow

MediaHouse Software Statistics Server 4.285.1 - Server ID Buffer Overflow source: https://www.securityfocus.com/bid/734/info The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16...

dip-exploit.sh

justa note.. dont forget to erase the temp.dip file when you run this exploit. / dip-exploit.c - overruns the buffer in dochatkey to give a shell / include include include include include define PATHDIP "/usr/sbin/dip" uchar shell = / courtesy of avalon ; /...

abuseconsole.sh

There is a security hole in RedHat 2.1, which installs the game abuse, /usr/lib/games/abuse/abuse.console suid root. The abuse.console program loads its files without absolute pathnames, assuming the user is running abuse from the /usr/lib/games/abuse directory. One of these files in the undrv...

wwwboard-bomb.txt

WWWBoard v2.0 ALPHA Vulnerability Recently, many vulnerabilities have been found in the popular WWWBoard script written by Matt Wright, this is yet another. When the followup value in a form posted to the WWWBoard script contains the same post number twice, the script follows up to that post twic...

wu-ftpd.bof+patch.txt

From: [email protected] mailto:[email protected]. edu On Behalf Of Gregory A Lundberg Sent: Tuesday, March 23, 1999 10:44 AM To: Russ Allbery Cc: [email protected]; [email protected] Subject: Re: FW: ftp exploit On 23 Mar 1999, Russ Allbery wrote: any comments? It's a...

Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)

source: https://www.securityfocus.com/bid/509/info WinGate's Winsock redirector service is susceptible to a buffer overflow vilnerability that will crash all WinGate services. !/usr/bin/python Qbik Wingate 3.0 DoS Proof of Concept Code. Vulnerability Discovered by eEye Digital Security...

HP-UX 10.20 newgrp - Local Privilege Escalation

HP-UX 10.20 newgrp - Local Privilege Escalation source: https://www.securityfocus.com/bid/683/info Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. !/usr/bin/perl use FileHandle; sub h2cs local$stuff=...