3217 matches found
XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...
linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes
No description provided by source. / ============================================================================================= linux/x86 Shellcode Polymorphic - setuid0 + chmod/etc/shadow, 0666 Shellcode 61 Bytes...
Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit
No description provided by source. / OS X = 10.2.4 DirectoryService local root PATH exploit DirectoryService must be crashed prior to execution, per @stake advisory. If you discover how to crash DirectoryService e-mail me at [email protected] Neeko Oni -- Assuming DirectoryService has been...
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes
No description provided by source. / Linux/x86 setuid0 + setgid0 + execve/bin/sh, /bin/sh, NULL - 37 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x6a\x2e // push $0x2e \x58 // pop %eax \x53 // push %ebx...
qmailadmin 1.0.x Local Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on...
ISDN4Linux 3.1 IPPPD Device String SysLog Format String Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some...
solaris/x86 setuid(0), execve(//bin/sh); exit(0) NULL Free 39 bytes
No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...
SGI IRIX <= 6.5.4 midikeys Root Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/262/info The setuid root midikeys executable can be used to edit arbitrary files via its graphical user interface. This grants malicious users root access to the system. Running the midikeys application, clicking in sound...
Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes
No description provided by source. / Linux/SuperH - sh4 - setuid0 ; execve/bin/sh, NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3...
QNX RTOS 4.25/6.1 phgrafx-startup Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4916/info The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This...
AFD 1.2.x Working Directory Local Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/5626/info AFD Automatic File Distributor is prone to a number of locally exploitable stack and heap based buffer overflow conditions. These issues are all related to insufficient bounds checking of externally supplied...
Linux - setuid(0) & execve("/sbin/poweroff -f")
No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve/sbin/poweroff -f 47 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int main char shellcode...
Firebird 1.5 - Local Inet_Server Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17077/info Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an...
Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit
No description provided by source. / Author: h00lyshit Vulnerable: Linux 2.6 ALL Type of Vulnerability: Local Race Tested On : various distros Vendor Status: unknown Disclaimer: In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or sprea...
TrueCrypt 4.3 - Privilege Escalation Exploit
No description provided by source. $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi [email protected] TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of servic...
QNX 6.4.x/6.5.x pppoectl - Information Disclosure
No description provided by source. QNX 6.4.x/6.5.x pppoectl disclose /etc/shadow by cenobyte 2013 [email protected] - vulnerability description: QNX setuid root /sbin/pppoectl allows any user to gain access to privileged information such as the root password hash. The vulnerability exis...
SGI Performance Co-Pilot 2.1.x/2.2 pmpost Symbolic Link Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2887/info Performance Co-Pilot PCP is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now availab...
SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...
Oracle 8/9i DBSNMP Oracle Home Environment Variable Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/3138/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLEHOME environment variable is filled with 750 bytes or...
David Bagley xlock 4.16 User Supplied Format String Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a numb...