NETGEAR DG834G SPECIAL FEATURES

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

netgearDG834G.txt

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

Mandrake Linux Security Advisory : usermode (MDKSA-2003:031-1)

The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that...

Mandrake Linux Security Advisory : proftpd (MDKSA-2003:095-1)

A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The...

eSeSIX.txt

eSeSIX Thintune thin client multiple vulnerabilities IT-Consult, 2004-07-24 Background - -------- Thintune is a series of thin client appliances sold by eSeSIX GmbH, Germany. They offer ICA, RDP, X11 and SSH support based on a customized Linux platform. See http://www.thintune.com for details...

eSeSIX Thintune thin client multiple vulnerabilities

eSeSIX Thintune thin client multiple vulnerabilities IT-Consult, 2004-07-24 Background - -------- Thintune is a series of thin client appliances sold by eSeSIX GmbH, Germany. They offer ICA, RDP, X11 and SSH support based on a customized Linux platform. See http://www.thintune.com for details...

Immunity Canvas: PSERVERD

Name| pserverd ---|--- CVE| CVE-2004-0396 Exploit Pack| CANVAS Description| CVS pserverd Notes| CVE Name: CVE-2004-0396 VENDOR: nongnu.org Notes: This overflow impacts CVS feature versions 1.12.7 and earlier, and stable versions 1.11.15 https://vulners.com/cve/CVE-2004-0396. ab note: cvsd running...

CVE-2003-1011

Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell...

HP-UX B11.11 - '/usr/bin/ct' Format String Privilege Escalation

/ File : xhp-ux11inlsct.c Usage : cc xhp-ux11inlsct.c -o xct ; ./xct Purpose : Get a local rootshell from /usr/bin/ct,using HP-UX location language format string bug. Author : watercloud xfocus org Tested : On HP-UX B11.11 . / include define PATH "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin...

HP-UX B11.11 - usrbinct Format String Privilege Escalation

HP-UX B11.11 - usrbinct Format String Privilege Escalation / File : xhp-ux11inlsct.c Usage : cc xhp-ux11inlsct.c -o xct ; ./xct Purpose : Get a local rootshell from /usr/bin/ct,using HP-UX location language format string bug. Author : watercloud xfocus org Tested : On HP-UX B11.11 . / include...

Console Root On OSX up to 10.2.8

On all versions of OSX up to and including 10.2.7 and possibly 10.2.8, init can be crashed using a USB keyboard by holding down CTRL-C immediately after boot, and keeping it held down. Init crashes two or three minutes into the boot process and drops you into a root shell. At this point, you can ...

kpopup 0.9.x - Privileged Command Execution

// source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library function insecurely to run other...

ProFTPD Security Advisory

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file. Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 23 14:43:10 PDT 2003...

consroot.exp

Hi there, here is a fully automated script for getting a root shell using a normal user account and remote-console acces. The Script was written by me based on an article from phrack.com article 53 - hacking forth by mudge ---snip--- --- consroot.exp " puts "\twhere MODE is one of:" puts "\t\tT =...

Intel PXE Server Remote Overflow

The remote host is running PXE Preboot eXecution Environment, a service which can be used to boot diskless clients. There is a flaw in the remote PXE which may allow an attacker to gain a root shell on this host. Nessus disabled this service to perform this security check C Tenable Network...

Samba < 2.2.8a / 3.0.0 Multiple Remote Overflows

The remote Samba server is vulnerable to a buffer overflow when it calls the function trans2open. An attacker may exploit this flaw to gain a root shell on this host. In addition, it is reported that this version of Samba is vulnerable to additional overflows, although Nessus has not checked for...

Samba TNG < 0.3.1 Multiple Remote Vulnerabilities

The remote Samba server, according to its version number, is vulnerable to multiple flaws that could let an attacker gain a root shell on this host. C Tenable Network Security, Inc. Ref: Date: Sat, 22 Mar 2003 21:03:11 +0100 CET From: Stephan Lauffer To: [email protected] Cc:...

Multiple FTP Server setproctitle Function Arbitrary Command Execution

The remote FTP server misuses the function setproctitle and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11391...

MDKSA-2003:031 - Updated usermode packages remove insecure shutdown command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: usermode Advisory ID: MDKSA-2003:031 Date: March 12th, 2003 Affected versions: 8.1, 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: The /usr/bin/shutdown command tha...

Mandrake usermode utilities unauthorized access

Any user can halt/reboot system and obtain root shell from console...