7013 matches found
CVE-2000-0364
The CVE-2000-0364 entry concerns Red Hat Linux 6.0 where screen and rxvt fail to properly set tty device modes, enabling a local user to write to other virtual consoles. The vulnerability is localized (attack vector LOCAL) with low complexity and no authentication, and it can impact confidentiali...
Переполнение буфера в LCDproc
Многочисленные классические переполнения буфера...
win98-bluescreen.txt
=-= Next Generation of Windows 98 Blues Screen 2 =-= By RUBINHOC from BraZiL Original exploit found by www.securax.org Only for: ruindows 98 maybe 95 too. Techniques: NEW - Infernal Pulse 03/17/2000 =-= WIN98 webservers =-= customized by RUBINHOC rubinhoc:roottelnet victim.com 80 Trying x.x.x.x...
RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service)
RedHat Linux 6.x - X Font Server Buffer Overflow Denial of Service // source: https://www.securityfocus.com/bid/1111/info A denial of service exists in the X11 font server shipped with RedHat Linux 6.x. Due to improper input validation, it is possible for any user to crash the X fontserver. This...
Standard Poors ComStock 4.2.4 - Command Execution
Standard Poors ComStock 4.2.4 - Command Execution source: https://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1...
Zeus Web Server 3.x - Null Terminated Strings
source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable eg...
CVE-2000-0082
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML...
CVE-1999-1573
Multiple unknown vulnerabilities in the "r-cmnds" 1 remshd, 2 rexecd, 3 rlogind, 4 rlogin, 5 remsh, 6 rcp, 7 rexec, and 8 rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files...
unixware.pkg.exploits.txt
Greetings, OVERVIEW Most of UnixWare's pkg commands can be exploited to print /etc/shadow, leading to a probable root compromise. BACKGROUND Only tested on UnixWare 7.1. DETAILS The permissions for the UnixWare pkg commands are as follows: bash-2.02$ ls -la /usr/sbin/pkgchk /usr/bin/pkginfo...
Matt Wright guestbook.pl Arbitrary Command Execution
The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: ...
unixware.Xsco.txt
-----Original Message----- Date: Fri, 26 Nov 1999 04:27:16 +0300 MSK From: Matt Conover To: [email protected] Subject: w00giving '99 6: UnixWare 7's Xsco Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII w00w00 Security Development WSD...
[SECURITY] New version of proftpd fixes remote exploits
The proftpd version that was distributed in Debian GNU/Linux 2.1 had several buffer overruns that could be exploited by remote attackers. A short list of problems: user input was used in snprintf without sufficient checks there was an overflow in the logxfer routine you could overflow a buffer by...
SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation
!/bin/sh source: https://www.securityfocus.com/bid/738/info cdwtools is a package of utilities for cd-writing. The linux version of these utilities, which ships with S.u.S.E linux 6.1 and 6.2, is vulnerable to several local root compromises. It is known that there are a number of ways to exploit...
suse6.2pbpg.txt
Brock Tellier [email protected] Sent: Thursday, September 16, 1999 5:06 PM Subject: Two SuSE 6.2 local root exploits Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-...
sco_local_exploit.txt
Greetings, More SCO 5.0.x exploits, this time for scosession and scoterm. You'll only get egid=2bin out of scosession, but root for scoterm. Brock Tellier UNIX Systems Administrator Webley Systems www.webley.com --- scosessionx.c --- / SCO 5.0.x scosession local bin exploit sgid bin Will set...
windows_exploits.txt
Subject: About IGMP and another exploit for Windows95x/98x To: [email protected] I got two exploit and test it... - The first one is Flushot by DarkShow. This exploit can drop the network connection in windows 95 and 98First Edition - The other one is Pimp by Rob Mosher, this exploit can...
Linux_suse_exploits.txt
Subject: Two SuSE 6.2 local root exploits To: [email protected] Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-x 1 root root 23544 Jul 22 20:07 /usr/bin/pb...
netscape.4.51.javascript.txt
Date: Tue, 16 Mar 1999 11:09:41 PST From: Georgi Guninski To: [email protected] Subject: Re: Netscape upgrade FYI... Netscape has released version 4.51 of Communicator. It seems to fix the window spoofing bug http://www.geek-girl.com/bugtraq/19991/0747.html , along with the javascript bugs tha...
defeat.solaris.nonexec.stack.txt
Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...
mirc.5.6.autoload.url.txt
Date: Tue, 8 Jun 1999 22:49:35 -0400 From: Rich Lafferty To: [email protected] Subject: mIRC 5.6 automatic URL loading This one stunned me. I triple-checked and tested more than I'd usually test because I can't believe anyone would implement something so ridiculous. Perhaps I'm just optimistic...