Slackware 7.1 - '/usr/bin/mail' Local Privilege Escalation

/ Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .... / include include define GID "\x03" int mainint argc,...

IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow

IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit. Others? Yes! By: SkyLaZarT [email protected] .aka. Felipe Cerqueira Homepage: www.BufferOverflow.Org Thankz: cync, oldm and Jans. BufferOverflow.org Te...

IMAP4rev1 12.261/12.264/2000.284 (lsub) Remote Exploit

Exploit for linux platform in category remote exploits ====================================================== IMAP4rev1 12.261/12.264/2000.284 lsub Remote Exploit ====================================================== / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit...

Slackware 7.1 - usrbinmail Local Privilege Escalation

Slackware 7.1 - usrbinmail Local Privilege Escalation / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .......

BIND 8.2.x (TSIG) Remote Root Stack Overflow Exploit (4)

Exploit for linux platform in category remote exploits ======================================================== BIND 8.2.x TSIG Remote Root Stack Overflow Exploit 4 ======================================================== / This exploit has been fixed and extensive explanation and clarification...

ISC BIND 8.2.x - TSIG Remote Stack Overflow (4)

ISC BIND 8.2.x - TSIG Remote Stack Overflow 4 / This exploit has been fixed and extensive explanation and clarification added. Cleanup done by: Ian Goldberg Jonathan Wilkins NOTE: the default installation of RedHat 6.2 seems to not be affected due to the compiler options. If BIND is built from...

Tru64 UNIX 4.0g - '/usr/bin/at' Local Privilege Escalation

/ Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require modification, may require deletion, heh. Note: executablestack...

ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4)

/ This exploit has been fixed and extensive explanation and clarification added. Cleanup done by: Ian Goldberg Jonathan Wilkins NOTE: the default installation of RedHat 6.2 seems to not be affected due to the compiler options. If BIND is built from source then the bug is able to manifest itself. ...

ISC BIND 8.2.x - TSIG Remote Stack Overflow (1)

ISC BIND 8.2.x - TSIG Remote Stack Overflow 1 / tsig0wn.c Copyright Field Marshal August Wilhelm Anton Count Neithardt von Gneisenau [email protected] The author is not and will not be held responsible for the action of other people using this code. provided for informational purposes only sin...

BIND 8.2.x (TSIG) Remote Root Stack Overflow Exploit

Exploit for linux platform in category remote exploits ==================================================== BIND 8.2.x TSIG Remote Root Stack Overflow Exploit ==================================================== / tsig0wn.c Copyright Field Marshal August Wilhelm Anton Count Neithardt von Gneisena...

Elm 2.5.3 - Alternative-Folder Buffer Overflow

Elm 2.5.3 - Alternative-Folder Buffer Overflow // source: https://www.securityfocus.com/bid/2403/info There is a buffer overflow in elm 2.5 PL3. This overflow is accessible by passing a long string to the -f Alternative-Folder command-line option. This vulnerability may not be restricted to this...

ISC Bind 4 nslookupComplain() Buffer Overflow Vulnerability

Description BIND is a server program that implements the domain name service protocol. It is in extremely wide use on the Internet, in use by most of the DNS servers. Version 4 of BIND contains a stack overflow that may be exploitable to remote attackers. The vulnerability is due to unsafe use of...

Tru64 5 - 'su' Env Local Stack Overflow

/ Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru64 5A OSF/1 / / By: K2 thx horizon,lamo...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...

Tru64 5 - su Env Local Stack Overflow

Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...

Solaris 2.62.7 - usrbinwrite Local Overflow

Solaris 2.62.7 - usrbinwrite Local Overflow include include / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl %esp,%eax"; ch...

jaZip 0.32-2 Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ========================================== jaZip 0.32-2 Local Buffer Overflow Exploit ========================================== !/usr/bin/perl jaZip Exploit / Tested version: jaZip-0.32-2 / anno 2000 || http://teleh0r.cjb.net/ Vulnerable:...

Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow

include include / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl %esp,%eax"; char shell =...

jaZip 0.32-2 - Local Buffer Overflow

jaZip 0.32-2 - Local Buffer Overflow !/usr/bin/perl jaZip Exploit / Tested version: jaZip-0.32-2 / anno 2000 || http://teleh0r.cjb.net/ Vulnerable: Turbolinux 6.0 teleh0r@localhost teleh0r$ rpm -q jaZip jaZip-0.32-2 teleh0r@localhost teleh0r$ ./jazip-exploit.pl Address: 0xbffff7ac bash $shellcode...

jaZip 0.32-2 - Local Buffer Overflow

!/usr/bin/perl jaZip Exploit / Tested version: jaZip-0.32-2 / anno 2000 || http://teleh0r.cjb.net/ Vulnerable: Turbolinux 6.0 teleh0r@localhost teleh0r$ rpm -q jaZip jaZip-0.32-2 teleh0r@localhost teleh0r$ ./jazip-exploit.pl Address: 0xbffff7ac bash $shellcode = Shellcode by: Taeho Oh "\xeb\x1f"....