AIX 5.3.0 - 'invscout' Local Command Execution

!/usr/bin/sh r00t exploit written for the invscout bug reported by Idefense labs http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities coded by ri0t exploitation is trivial but automated with this script www.ri0tnet.net usage ./getr00t.sh : exploitation gives euidroot from...

[Full-Disclosure] Kernelpanik Labs Digest 2005-2

Hi, This is a email digest with security fails recently published by Kernelpanik Labs http://www.kernelpanik.org. paNews 2.0.4b ------------- Remote SQL injection and command execution. Spanish: http://www.kernelpanik.org/docs/kernelpanik/panews.txt cuteNews 1.3.6 -------------- Remote XSS and...

CVE-2005-0019

Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands...

CVE-2005-0183

The CVE-2005-0183 issue affects the Vacation plugin (version 0.15 and earlier) used with Squirrelmail. Local users can execute arbitrary commands by injecting shell metacharacters into a command-line argument, due to improper handling in ftpfile within the plugin. This leads to potential compromi...

CVE-2004-1365

Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user...

CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...

CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...

Oracle extproc local command execution (#NISR23122004C)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc local command execution Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...

CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as 1 termcap, 2 printdevice, 3 titleold, 4 filetype, 5 syntax, 6 backupext, 7 keymap, 8 patchmode, or 9 langmenu...

[Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX invscout Local Command Execution Vulnerability

IBM AIX invscout Local Command Execution Vulnerability iDEFENSE Security Advisory 12.20.04 www.idefense.com/application/poi/display?id=171&type=vulnerabilities December 20, 2004 I. BACKGROUND The invscout program is a setuid root application, installed by default under newer versions of IBM AIX,...

QNX PPPoEd 2.4/4.25/6.2 - Path Environment Variable Local Command Execution

source: https://www.securityfocus.com/bid/11105/info QNX PPoEd is reported prone to a problem that exists in the handling of paths to external executables that are employed by PPPoEd. Because of this, an attacker may be able to gain elevated privileges on a host with a vulnerable version of PPPoE...

OpenSSH < 3.0.2 UseLogin Environment Variable Local Command Execution

Binary data 1992.prm...

CVE-2003-0949

xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands...

Platform Load Sharing Facility 45 - LSF_ENVDIR Local Command Execution

Platform Load Sharing Facility 45 - LSFENVDIR Local Command Execution source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated...

Platform Load Sharing Facility 4/5 - &#039;LSF_ENVDIR&#039; Local Command Execution

source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system. LSF 5.1 'lsadmin' local root exploit...

PT-2002-1282 · Oracle · Tarantella Enterprise 3

Name of the Vulnerable Software and Affected Versions: Tarantella Enterprise 3 versions 3.01 through 3.20 Description: A race condition exists in the installation script, which creates a world-writeable temporary "gunzip" program before executing it. This could allow local users to execute...

CVE-2001-1272

wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e external command option...

Sendmail < 8.11.2 -bt Option Local Overflow

The remote Sendmail server, according to its version number, may be vulnerable to a '-bt' overflow attack that allows a local user to execute arbitrary commands as root. C Tenable Network Security, Inc. Ref: To: [email protected] Subject: sendmail -bt negative index bug... From: Michal...

CVE-1999-1560

Vulnerability in a script in Texas A&M University TAMU Tiger allows local users to execute arbitrary commands as the Tiger user, usually root...