7257 matches found
WU-IMAP 2000.287(1-2) - Remote Overflow
WU-IMAP 2000.2871-2 - Remote Overflow / 7350owex- x86/linux WU-IMAP 2000.2871-2 remote exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to thir...
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
source: https://www.securityfocus.com/bid/4956/info A format string vulnerability exists in TrACESroute. The problem exists in the terminator -T function of the program. Due to improper use of the fprintf function, an attacker may be able to supply a malicious format string to the program that...
ymxp.txt
Yahoo! Messenger 5,0,0,1061 Buffer Overflow Exploit for Win XP Pro Intro: Proof of concept code for YM Buffer Overflow as discovered in: http://packetstorm.decepticons.org/advisories/misc/yahoo-im.txt Code flow: Overwrite EIP at 218 Point EIP to a "RET" in the memory "RET" jumps to beginning of...
sniffit-exp1.txt
/ Remote overflow in sniffit.0.3.7.beta tested on slackware 7.1 found/coded by g463 -18th january 2002- The vulnerability is triggered when the option -L is called from the command line with 'normmail' ie : ./sniffit -c ./sampleconfigfile -L normmail It calls a piece of code where the buffer is...
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation // source: https://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - I...
FreeBSD - '/usr/bin/top' Format String
/ freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3. run top, then find "your parted...
FreeBSD - usrbintop Format String
FreeBSD - usrbintop Format String / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3...
Debian 2.2 usrbinpileup - Local Privilege Escalation
Debian 2.2 usrbinpileup - Local Privilege Escalation / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09...
Debian 2.2 /usr/bin/pileup - Local Privilege Escalation
/ pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09c, offset: 0, align: 0. How many voices 1 to 9 Starti...
Debian 2.2 /usr/bin/pileup Local Root Exploit
Exploit for linux platform in category local exploits ============================================= Debian 2.2 /usr/bin/pileup Local Root Exploit ============================================= / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by...
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
/ BeroFTPD 1.3.41 Linux x86 remote root exploit by qitest1 - 5/05/2001 BeroFTPD is an ftpd derived from wuftpd sources. This code exploits the format bug of the site exec cmd, well known to be present in wuftpd-2.6.0 and derived daemons. BeroFTPD 1.3.41 is the current version at the moment. JUST...
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
BeroFTPD 1.3.41 Linux x86 - Remote Code Execution / BeroFTPD 1.3.41 Linux x86 remote root exploit by qitest1 - 5/05/2001 BeroFTPD is an ftpd derived from wuftpd sources. This code exploits the format bug of the site exec cmd, well known to be present in wuftpd-2.6.0 and derived daemons. BeroFTPD...
execve of /bin/sh after setreuid0,0
execve of /bin/sh after setreuid0,0. Shellcode exploit for linx86 platform / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM...
execve of /bin/sh after setreuid(0,0)
Exploit for linux/x86 platform in category shellcode ===================================== execve of /bin/sh after setreuid0,0 ===================================== / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001...
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
/ iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position 260 i have 19 bytes of code to jump back to the beginning of the buffer. an...
another format string bug
There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...
Progress Database Server 8.3b - 'prodb' Local Privilege Escalation
/ progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally found by: [email protected] exploit usage: ./prodbx offset...
Progress Database Server 8.3b - prodb Local Privilege Escalation
Progress Database Server 8.3b - prodb Local Privilege Escalation / progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally...
Progress Database Server 8.3b (prodb) Local Root Exploit
Exploit for multiple platform in category local exploits ======================================================== Progress Database Server 8.3b prodb Local Root Exploit ======================================================== / progress database server v8.3b local root compromise. for sco-unix an...
Slackware 7.1 /usr/bin/mail Local Exploit
Exploit for linux platform in category local exploits ========================================= Slackware 7.1 /usr/bin/mail Local Exploit ========================================= / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for...