Intel PXE Server Remote Overflow

The remote host is running PXE Preboot eXecution Environment, a service which can be used to boot diskless clients. There is a flaw in the remote PXE which may allow an attacker to gain a root shell on this host. Nessus disabled this service to perform this security check C Tenable Network...

Oracle Net Services CREATE DATABASE LINK Query Overflow

The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query CREATE DATABASE LINK. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable...

PoPToP PPTP 1.1.4-b3 - Remote Command Execution

/ exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up a reverse shell with...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit

Exploit for linux platform in category remote exploits =========================================== PoPToP PPTP include include define uint8t char define uint16t WORD define uint32t DWORD char shellcode = "\x1a\x76\xa2\x41\x21\xf5\x1a\x43\xa2\x5a\x1a\x58\xd0\x1a\xce\x6b"...

ShopCart.pl

Shopcart exploit Spawn bash style Shell with webserver uid Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 = "/cgi-local/shop.pl/page=;";...

Tanne netzio.c logger Function Remote Format String

The remote tanned server contains a format string vulnerability. An attacker may use this flaw to gain a shell on this host. C Tenable Network Security, Inc. Ref: From: "dong-h0un yoU" To: [email protected] Date: Tue, 07 Jan 2003 16:59:11 +0800 Subject: VulnWatch INetCop Security Advisory...

Samba TNG < 0.3.1 Multiple Remote Vulnerabilities

The remote Samba server, according to its version number, is vulnerable to multiple flaws that could let an attacker gain a root shell on this host. C Tenable Network Security, Inc. Ref: Date: Sat, 22 Mar 2003 21:03:11 +0100 CET From: Stephan Lauffer To: [email protected] Cc:...

Multiple FTP Server setproctitle Function Arbitrary Command Execution

The remote FTP server misuses the function setproctitle and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11391...

DSA-259 qpopper - mail user privilege escalation

Bulletin has no description...

Security bug in CGI::Lite::escape_dangerous_chars&#40;&#41; function

SUBJECT Security bug in CGI::Lite::escapedangerouschars function, part of the CGI::Lite 2.0 package, and earlier revisions thereof. SUMMARY The CGI::Lite::escapedangerouschars function fails to escape the entire set of special characters that may have significance to the underlying shell command...

multiple buffer overflows in xboing

Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...

DEBIAN-CVE-2002-1782

The default configuration of University of Washington IMAP daemon wu-imapd, when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user...

X Font Service Crafted XFS Query Remote Overflow

The remote X Font Service xfs is affected by a buffer overflow. An attacker may use this flaw to gain shell access on the remote host as 'root' or 'nobody'. C Tenable Network Security, Inc. It turns out the initial revision of this script would not crash all versions of the font service...

lightwebug.txt

======================================== INetCop Security Advisory 2002-0x82-002 ======================================== Title: Remote Buffer Overflow vulnerability in Light HTTPd. 0x01. Description Lhttpd that is improved in ghttpd for more convenient and strong webserver, is webserver that off...

libhttpdbug.txt

======================================== INetCop Security Advisory 2002-0x82-003 ======================================== Title: Remote Buffer Overflow vulnerability in Lib HTTPd. 0x01. Description LibHTTPD can be used to add basic web server capabilities to an application or embedded device...

Remote Buffer Overflow vulnerability in Light HTTPd

======================================== INetCop Security Advisory 2002-0x82-002 ======================================== Title: Remote Buffer Overflow vulnerability in Light HTTPd. 0x01. Description Lhttpd that is improved in ghttpd for more convenient and strong webserver, is webserver that off...

Light HTTPd 0.1 - &#039;GET&#039; Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/6162/info Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running, exploitation of this issue may...

virgil.txt

-----BEGIN PGP SIGNED MESSAGE----- - - -------------------------------------------------------------------------- KALIF research group [email protected] October 21st, 2002 Joschka Fischer - - -------------------------------------------------------------------------- - - Overview Software : Virgi...

Multiple OS /bin/login Remote Overflow

The remote implementation of the /bin/login utility, used when authenticating a user via telnet or rsh contains an overflow which allows an attacker to gain a shell on this host, without even sending a shell code. An attacker may use this flaw to log in as any user except root on the remote host....

free-apache.txt

/ Freebsd apache exploit inspirated to me by apache-worm.c published on http://packetstormsecurity.nl.Here is how it works: 1Get blackhole.c from packetstorm and set it on port 30464. Just change it's default port from the source. 2 Copy it in /tmp/.blackhole.c cp blackhole.c /tmp/.blackhole.c 3...