ARPUS/Ce Local Overflow Exploit (setuid) (perl)

Exploit for linux platform in category local exploits =============================================== ARPUS/Ce Local Overflow Exploit setuid perl =============================================== !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright...

[SA15054] WebAPP E-Cart Module Shell Command Injection Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: WebAPP E-Cart Module Shell Command Injection...

[SA14384] TWiki ImageGalleryPlugin Shell Command Injection

TITLE: TWiki ImageGalleryPlugin Shell Command Injection SECUNIA ADVISORY ID: SA14384 VERIFY ADVISORY: http://secunia.com/advisories/14384/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ImageGalleryPlugin 1.x TWiki plugin http://secunia.com/product/4707/...

TWiki ImageGalleryPlugin Shell Command Injection

According to its version number, the instance of TWiki running on the remote host is affected by a shell command injection vulnerability in the ImageGalleryPlugin component. In addition, the wording of a 'robustness' patch released by the vendor indicates this version may be affected by other inp...

GLSA-200411-33 : TWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200411-33 TWiki: Arbitrary command execution The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string. Impact :...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

FreeBSD : twiki -- arbitrary shell command execution (196)

The following package needs to be updated: twiki %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgb4af3ede36e911d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

twiki -- arbitrary shell command execution

Hans Ulrich Niedermann reports: The TWiki search function uses a user supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...

When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.

PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...

os-x/PPC create /tmp/suid 122 bytes

No description provided by source. / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd" "\x7f\xe8\x02\xa6\x39\x1f\x01\x71" "\x39\x08\xfe\xf4\x7c\xa8\x29\xae" "\x38\x7f\x01\x68\x38\x63\xfe\xf4"...

linux/x86 connect 120 bytes

No description provided by source. / Connecting shellcode written by lamagra [email protected] http://lamagra.seKure.de May 2000 .file "connect" .version "01.01" .text .align 4 start: socketAFINET,SOCKSTREAM,IPPROTOIP; movl %esp,%ebp xorl %edx,%edx movb $102,%edx movl %edx,%eax 102 = socketcall...

os-x/PPC setuid(0) + execve /bin/sh 88 bytes

No description provided by source. / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does setuid0; execve/bin/sh; exit0; See ASM below. 88 Bytes. / char shellcode = "\x7c\x63\x1a\x79\x40\x82\xff\xfd" "\x7d\x68\x02\xa6\x3b\xeb\x01\x70" "\x39\x40\x01\x70\x39\x1f\xfe\xdf" "\x7c\x68\x19\xae\x38\x0a\xfe\xa7...

linux/x86 execve /bin/sh setreuid(12,12) 50 bytes

Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 execve /bin/sh setreuid12,12 50 bytes ================================================= / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12...

SUSE-SA:2002:036: mod_php4

The remote host is missing the patch for the advisory SUSE-SA:2002:036 modphp4. PHP is a well known and widely used web programming language. If a PHP script runs in 'safe mode' several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell...

PHP for Windows shell characters filtration protection bypass

escapeshellcmd/escapeshellarg do not work under Windows...

Microsoft Windows XP - explorer.exe Remote Denial of Service

Microsoft Windows XP - explorer.exe Remote Denial of Service source: https://www.securityfocus.com/bid/9924/info Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly...

CVE-2002-1393

Removed by vendor...

SCAN Associates Advisory: Molly 0.5 - Remote Command Execution

Molly 0.5 - Remote Command Execution Discovered By guejez of scan-associates.net About Molly: ------------------ quote from Molly homepage "Molly is a small, simple IRC bot that I use for intra-office communication. She will handle lunch menus, stock quotes, take polls and stuff like that." /quot...

Dispair 0.10.2 - Remote Command Execution

Dispair 0.10.2 - Remote Command Execution source: https://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands o...

Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues

Advisory name: SSI & CSS execution in Mewsoft Auction, PHP Classifieds and eFax.com Application: Mewsoft Auction Perl script, PHP Classifieds PHP, eFax.com ASP Date: 14.6.2002 Impact: remote user can execute shell commands & cross site scripting =====================================...