1904 matches found
GLIBC locale - Format Strings
/ su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"...
Directory traversal bug in Communigate Pro 4's Webmail service
Directory traversal bug in Communigate Pro 4.0b to 4.0.2 -------------------------------------------------------- Overview -------- When experimenting a bit with Communigate Pro's webmail service I found a directory traversal bug by which attackers can read any file readable by the user Communiga...
MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration (2)
/ source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly,...
zml.cgi does not adequately validate user input thereby allowing directory traversal
Overview zml.cgi does not adequately validate user input, allowing for directory traversal out of the web root directory. Description The perl script zml.cgi reads and parses a file on the server, executing certain Server Side Include SSI directives found in the file. The script accepts a CGI...
BRU 17.0 - XBRU Insecure Temporary File
BRU 17.0 - XBRU Insecure Temporary File source: https://www.securityfocus.com/bid/5708/info BRU is a backup and restore utility distributed by The Tolis Group. This problem affects the utility on the Linux platform. xbru does not properly check for the existence of temporary files prior to...
MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration (1)
MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration 1 / source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration...
MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration (1)
/ source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly,...
OpenBSD 2.93.0 - Default Crontab Root Command Injection
OpenBSD 2.93.0 - Default Crontab Root Command Injection / source: https://www.securityfocus.com/bid/4495/info OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information. The mail1 utility is used to send the summaries to the roo...
GNU fileutils - recursive directory removal race condition
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: fileutils Version: 4.1 stable and 4.1.6 development version Homepage: http://www.gnu.org/software/fileutils/fileutils.html Author: Wojciech Purczynski [email protected] Date: March 10, 2002 Issue: ====== Race condition in various utilities from...
CVE-2001-0968
Knox Arkeia server 4.2 (and possibly other versions) installs its root user with a null password by default, enabling privilege escalation for local and remote users. The available documents describe the vulnerable condition but do not specify patches or fixes. No explicit exploit details or reme...
rsync 2.3/2.4/2.5 - Signed Array Index Remote Code Execution
// source: https://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability...
Solaris in.telnetd TTYPROMPT Buffer Overflow
漏洞描述:Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris 10的TELNET服务在处理畸形的认证数据时存在漏洞,远程攻击者可能利用此漏洞绕过认证获得访问。 Solaris...
CVE-1999-1394
CVE-1999-1394 : BSD 4.4–based operating systems running at security level 1 allow the root user to clear immutable/append-only flags on files by unmounting the filesystem and using a filesystem editor (e.g., fsdb) to modify a device directly. The description does not specify affected products, ve...
CVE-1999-1394
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device...
security alert: speechd from speechio.org
this is my first post in this kin of thing so bare with me. there is a vulnerability in speechd that alllows you to run arbetrary code as the root user or whoever is running speechd hopefully not root!. it will only work if you are using rsynth, that is all i have tested, it may work on festival...
FreeBSD-SA-01:49.telnetd
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:49 Security Advisory FreeBSD, Inc. Topic: telnetd contains remote buffer overflow Category: core Module: telnetd Announced: 2001-07-23 Revised: 2001-07-27 Credits:...
FreeBSD-SA-01:23.icecast
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:23 Security Advisory FreeBSD, Inc. Topic: icecast port contains remote vulnerability Category: ports Module: icecast Announced: 2001-03-12 Credits: |CyRaX| Affects: Ports...
[SECURITY] [DSA-032-1] proftp runs as root, /var symlink removal
Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes The following problems have been reported for the version of proftpd in Debian 2.2 potato: 1. There is a configuration error in the postinst script, when the user enters yes, when asked if anonymous...
mysqld log file
Tested on Red Hat 7.0: narrow@tornado /$ cat /var/log/mysqld.log | grep "Password=PASSWORD" 001225 21:08:18 7 Query UPDATE user SET Password=PASSWORD'rewt' WHERE user='root' narrow@tornado /$ Here we have the password for user 'root'. -- Narrow - [email protected] - http://www.zone.ee/unix/ - Esto...
vixie-cron - Local Privilege Escalation
vixie-cron - Local Privilege Escalation !/bin/sh echo '.-------------------------------------------------------------------------.' echo '| Marchew Hyperreal Industries ................... |' echo "| ...well, it is just me, but it is more elite to speak as a group... |" echo...