297 matches found
XV 3.x - '.BMP' Parsing Local Buffer Overflow
/ xv exploit for the bmp parsing buffer overflow infamous42md AT hotpop DOT com PEOPLE STOP EMAILING MY BUGTRAQ ADDRESS AND USE THIS ONE!! n00batlocalho.outernet gcc -Wall xvbmpslap.c n00batlocalho.outernet ./a.out Usage: ./a.out align n00batlocalho.outernet ./a.out 0xbffff388...
SquirrelMail - chpasswd Local Buffer Overflow
SquirrelMail - chpasswd Local Buffer Overflow / 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff Coded by x314 c 2004 Copyright by x314. All Rights Reserved. Greets: m0s krewz. / include char shellcode=...
Linux Kernel 2.4.232.6.0 - do_mremap() Bound Checking Validator (1)
Linux Kernel 2.4.232.6.0 - domremap Bound Checking Validator 1 / EDB Note: This will just "test" the vulnerability. EDB Note: An exploit version can be found here https://www.exploit-db.com/exploits/145/ / / Proof-of-concept exploit code for domremap Copyright C 2004 Christophe Devine and Julien...
Linux Kernel ""do_mremap"" Local Proof of Concept
No description provided by source. / Proof-of-concept exploit code for domremap Copyright C 2004 Christophe Devine and Julien Tinnes This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
Linux Kernel 2.4.22 - do_brk() Local Privilege Escalation (1)
Linux Kernel 2.4.22 - dobrk Local Privilege Escalation 1 ; E-DB Note: Updated Exploit https://www.exploit-db.com/exploits/131/ ; ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader...
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1)
; E-DB Note: Updated Exploit https://www.exploit-db.com/exploits/131/ ; ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against...
Pine <= 4.56 Remote Buffer Overflow Exploit
No description provided by source. / Mon Sep 15 09:35:01 CEST 2003 remote? Pine = 4.56 exploit by sorbo sorbox yahoo com darkirco Ok won't talk much about the bug since as usual idefense advisories are proper advisories and explain everything... exploiting the bug is trivial after reading the adv...
Pine 4.56 - Remote Buffer Overflow
/ Mon Sep 15 09:35:01 CEST 2003 remote? Pine eip/ebp this can actually be "bruteforced" I didn't show this since this is a PoC and uses "exact offsets" All u do is supply multiple charsets and overwrite larger areas of memory This makes method 1 100% successfull or letys say 99.9% nice for remote...
CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service process kill or possibly other behaviors that would not normally be allowed, by modifying the...
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file descriptor arguement to _TT_ISCLOSE()
Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate a client-supplied argument, allowing attackers to overwrite certain locations in memory with zeros. This vulnerability could be exploited in a number of ways, potentially allowing attackers to:...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that...
Grsecurity problem - modifying "read-only kernel"
Affected: Grsecurityand maybe other linux hardening patchs. Description: Grsecurity and maybe other linux hardening patchs integrates a variant of the patch published in phrack p58-0x07 article supposed to forbid writing to /dev/mem and /dev/kmem by disabling function dowritemem. This is done by...
CVE-2002-0164
Vulnerability in the MIT-SHM extension of the X server on Linux XFree86 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges...
RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation
!/usr/bin/perl Redhat 6.1 man exploit - gives egid 15 Written just for fun - [email protected] $shellcode = "\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07". "\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b". "\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff"...
SuSE_root_exploit.txt
nlservd/rnavc local root exploit for Linux x86 tested on SuSE 6.2 exploits Arkiea's Knox backup package. gcc -o knox knox.c ./knox NOTE: you MUST have void mainsetuidgeteuid; system"/bin/bash"; compiled in /tmp/ui for this to work. To exploit rnavc, simply change the execl call to...
NetBSD 1.4 OpenBSD 2.5 Solaris 7.0 - profil(2) Modify The Internal Data Space
NetBSD 1.4 OpenBSD 2.5 Solaris 7.0 - profil2 Modify The Internal Data Space / source: https://www.securityfocus.com/bid/570/info Some BSD's use a profil2 system call that dates back to "version 6" unix. This system call arranges for the kernel to sample the PC and increment an element of an array...
SGI IRIX - 'LsD' Multiple Local Buffer Overflows
/ copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include include include define BUFSIZE 2068 define OFFS 800 define ADDRS 3 define ALIGN 0 define ALIGN2 4 char...