1237 matches found
Crafty Game Stack Overflow & Exploit
Copyright © Rosiello Security http://www.rosiello.org ADVISORY: http://www.rosiello.org/en/readbugs.php?18 BACKGROUND: by SecurityTracker EXPLOIT: http://www.rosiello.org/archivio/crafty.zip Impact: Execution of arbitrary code via local system, User access via local system Versions: 19.3 and prio...
problems with database files in 'SignatureDB'
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - File: LynX-adv4SignatureDB.txt Date: 15/02/2004 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - o NAME: problems with database files in...
[Full-Disclosure] Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows
Georgi Guninski security advisory 65, 2004 Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows Systems affected: qmail 1.03 on linux, don't know about other OSes. Risk: Unknown. maybe so, maybe no. Date: 15 January 2004 Legal Notice: This...
FAT32 directory auth bypass on Linux Abyssws < 1.2
Luigi Auriemma Application: Abyss webserver http://www.aprelium.com Versions: minors than 1.2 Platforms: Linux version only Bug: Bypassing of password protected folders authorization on FAT32 filesystems Risk: medium but rarely users use Linux to run a webserver on a FAT32 partition Exploitation:...
Real Server 7/8/9 Remote Root Exploit (Windows & Linux)
Exploit for multiple platform in category remote exploits ======================================================= Real Server 7/8/9 Remote Root Exploit Windows & Linux ======================================================= / / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by:...
VMware Workstation 4.0.1 (for Linux systems) vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description - ----------- The following products have a vulnerability that can allow a non-root user of the host system to delete files. VMware Workstation 4.0.1 for Linux systems build 5289 and earlier releases Details/Impact - -------------- By...
VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description - ----------- The following products have a vulnerability that can allow a user of the host system to start an arbitrary program with root privileges: VMware GSX Server 2.5.1 for Linux systems build 4968 and earlier releases VMware...
[Full-Disclosure] SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
[Full-Disclosure] SRT2003-07-07-0913 - Abnormal suid behavior in several applications
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation
It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2003-06-17...
Ifenslave 0.0.7 - Argument Local Buffer Overflow (2)
Ifenslave 0.0.7 - Argument Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it i...
OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool
/ SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include include / an illegal user / define NOUSER...
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
/ Remote root exploit for Samba 2.2.x and prior that works against Linux all distributions, FreeBSD 4.x, 5.x, NetBSD 1.x and OpenBSD 2.x, 3.x and 3.2 non-executable stack. sambal.c is able to identify samba boxes. It will send a netbios name packet to port 137. If the box responds with the mac...
Remote Buffer Overflow in Sendmail
Overview There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root. Description Researchers at Internet Security Systems ISS have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an...
Security bug in CGI::Lite::escape_dangerous_chars() function
SUBJECT Security bug in CGI::Lite::escapedangerouschars function, part of the CGI::Lite 2.0 package, and earlier revisions thereof. SUMMARY The CGI::Lite::escapedangerouschars function fails to escape the entire set of special characters that may have significance to the underlying shell command...
ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow
source: https://www.securityfocus.com/bid/6658/info It has been reported that a buffer overflow in escputil exists. When supplied with excessively long arguments, it is possible to overwrite stack memory. escputil is reportedly installed setgid 'sys' on Mandrake Linux, so it is possible that this...
GLIBC locale - Format Strings
/ su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"...
[RAZOR] Problems with mkstemp()
Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications Michal Zalewski [email protected], 12/05/2002 Copyright C 2002 by Bindview Corporation 1 Scope and exposure info -------------------------- A common practice of installing 'tmpwatch' utili...
apache-linux.txt
/ LINUX X86 APACHE REMOTE EXPLOIT!!!!!!!!! This is the unpublished source for apache OpenSSL handshake exploit. We obtained this exploit by modifying a circulating apache worm, created by contem@efnet BY nebunu compile: gcc -o apache-ex apache.ex.c -lcrypto run: ./apache-ex do not use hostname! u...
SCPOnly 2.3/2.4 - SSH Environment Shell Escaping
source: https://www.securityfocus.com/bid/5526/info scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. The default installation of scponly does not place sufficient access controls on the .ssh subdirectory. Due to this...