1619 matches found
apache-linux.txt
/ LINUX X86 APACHE REMOTE EXPLOIT!!!!!!!!! This is the unpublished source for apache OpenSSL handshake exploit. We obtained this exploit by modifying a circulating apache worm, created by contem@efnet BY nebunu compile: gcc -o apache-ex apache.ex.c -lcrypto run: ./apache-ex do not use hostname! u...
AWOL helperfunction.php includedir Parameter Remote File Inclusion
The remote host is running AWOL, an open source PHP application. It is possible to make the remote host include php files hosted on a third party server using the '$include' variable in AWOL. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the...
UoW IMAPd Server 10.23412.264 - Remote Buffer Overflow
UoW IMAPd Server 10.23412.264 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1110/info A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible t...
UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/1110/info A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine. Executing the list comma...
OpenSSH < 3.4 Multiple Remote Overflows
According to its banner, the remote host appears to be running OpenSSH version 3.4 or older. Such versions are reportedly affected by multiple flaws. An attacker may exploit these vulnerabilities to gain a shell on the remote system. Note that several distributions patched this hole without...
Restricted shell bypass
It's possible to et normall shell access...
GNOME libgtop Daemon Remote Format String
It seems that libgtop is/was running on this port and is vulnerable to a format string attack which may allow an attacker to gain a shell on this host with the privileges of 'nobody'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10812; scriptversion"1.20";...
Получение shell-доступа через OpenSSH (protection bypass)
Учетная запись имеющая ограничение на доступ может получить шелл используя проблемы в реализации подсистемы sftp...
OpenSSH: sftp & bypassing keypair auth restrictions
OpenSSH: sftp-server & bypassing keypair auth restrictions Summary: If you 1 are using keypairs and /.ssh/authorizedkeys2 to enable remote execution of commands via OpenSSH's sshd and 2 have sshd configured to provide sftp service via the sftp-server subsystem, then clients who have access with...
Проблема с login в HP (shell access)
Пользователи с ограниченным шелом могут выполнять команды...
cobalt.webmail.txt
I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...
Cobalt Cube Webmail directory traversal
I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the...
Слабые разрешения в Slackware (shells weak permissions)
/etc/shells открыт на запись...
PKCrew TIAtunnel 0.9 alpha2 - Authentication Mechanism Buffer Overflow
// source: https://www.securityfocus.com/bid/2831/info TIAtunnel is a freely available IRC session bouncing software package. It is distributed by the pkcrew. A problem in the software package makes it possible for a remote user to gain a local shell. Due to a buffer overflow in the authenticatio...
Solaris rpc.yppasswdd username Remote Overflow
The remote RPC service 100009 yppasswdd is vulnerable to a buffer overflow which allows any user to obtain a root shell on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10684; scriptversion"1.37"; scriptcvsdate"Date: 2018/11/15 20:50:22";...
Sendmail 8.11.x (Linuxi386) - Local Privilege Escalation
Sendmail 8.11.x Linuxi386 - Local Privilege Escalation / sendmail 8.11.x exploit i386-Linux by [email protected] sd@ircnet This code exploits well-known local-root bug in sendmail 8.11.x, 8.12.x may be vulnerable too, but I didn't test it. It gives instant root shell with +s sendmail 8.11.x, x 6 We're usi...
BFTPd 1.0.12 Remote Exploit
Exploit for linux platform in category remote exploits =========================== BFTPd 1.0.12 Remote Exploit =========================== / Creates a filname to exploit the bug in bftpd 1.0.12 Create the file, cwd in the shell directory and nlist the file directory. Coded by korty / include...
Solaris sadmind - Remote Buffer Overflow
Solaris sadmind - Remote Buffer Overflow /\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz / include include include include include char shellsparc = "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff" "\x90\x03\xe0\x5c\x92\x22\x20\x10\x94\x1b\xc0\x0f"...
RedHat 6.2 /usr/bin/rcp - 'SUID' Local Privilege Escalation
!/usr/bin/perl -w exploits suid privledges on rcp Not really tested this but hey works on redhat6.2 not werk on freebsd4.1 stable bug discovered by Andrew Griffiths Exploit written by tlabs greetz to those that know me innit Please set your rcpfile this can be found by doing ls -alF which rcp hav...
GnomeHack 1.0.5 - Local Buffer Overflow
GnomeHack 1.0.5 - Local Buffer Overflow / linux/debiangnomehackv1.0.5 buffer overflow, by: [email protected]. this will give you an egid=60games shell if gnomehack is sgid=2755 games on debian/2.2, which has gnomehack. this can also be applied to nethack syntax: ./debgnomehack offset alignment...