CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7257 matches found

Exploit DB•added 2000/08/08 12:0 a.m.•30 views

linux/x86 execve /bin/sh toupper evasion 55 bytes

linux/x86 execve /bin/sh toupper evasion 55 bytes. Shellcode exploit for linx86 platform / Linux/x86 toupper evasion, standard execve /bin/sh used eg. in various imapd exploits. Goes through a loop adding 0x20 to the /bin/sh -= 0x20 string ie. yields /bin/sh after addition. / include char c0de = ...

0day.today•added 2000/08/08 12:0 a.m.•17 views

linux/x86 execve /bin/sh toupper() evasion 55 bytes

Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 execve /bin/sh toupper evasion 55 bytes =================================================== / Linux/x86 toupper evasion, standard execve /bin/sh used eg. in various imapd exploits...

0day.today•added 2000/08/07 12:0 a.m.•13 views

linux/x86 add user 70 bytes

Exploit for linux/x86 platform in category shellcode =========================== linux/x86 add user 70 bytes =========================== / Linux/x86 Appends the line "z::0:0:::\n" to /etc/passwd. quite old, could be optimized further / include char c0de = / main: / "\xeb\x29" / jmp callz / / star...

Exploit DB•added 2000/08/07 12:0 a.m.•38 views

linux/x86 add user 70 bytes

linux/x86 add user 70 bytes. Shellcode exploit for linx86 platform / Linux/x86 Appends the line "z::0:0:::\n" to /etc/passwd. quite old, could be optimized further / include char c0de = / main: / "\xeb\x29" / jmp callz / / start: / "\x5e" / popl %esi / "\x29\xc0" / subl %eax, %eax / "\x88\x46\x0b...

securityvulns•added 2000/07/19 12:0 a.m.•35 views

Lots and lots of fun with rpc.statd

Last week was a little quiet, so I thought I'd throw some kindling on the fire. Here's another prime example of a format string bug: our old friend rpc.statd. Attached is an exploit. The offsets are for Linux/PowerPC, Debian 2.2. It isn't functional, though - and it's more than just kiddy-proofed...

securityvulns•added 2000/06/28 12:0 a.m.•18 views

Дырка в dalnet irc server

Переполнение буфера, но недостаточное место для вставки шел-кода...

Exploits0References1Affected Software1

exploitpack•added 2000/05/27 12:0 a.m.•28 views

Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow (2)

Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm 2.5 PL3 exploit Tested Under Linux Slackware 3.6, 4.0, 7.0 By xfer [email protected] ...

Packet Storm•added 2000/05/04 12:0 a.m.•30 views

connect.asm

; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; ; Why? This evades firewalls... ; This is the well documented testing part of the shellcode ; The code isn't relocatable, isn't optimized and contains NULL chars ; ; YES, this is for NASM, I...

securityvulns•added 2000/04/25 12:0 a.m.•26 views

Solaris 7 x86 lpset exploit.

Solaris 7 x86 /usr/bin/lpset overflow, there is a small overflow32 bytes in lpset which will yield root access if properly exploited. There is a sparc version avail for this bug, the bug was discovered by duke some time ago. I am releasing this exploit because of a copy-cat exploit on hack.co.za...

securityvulns•added 2000/04/25 12:0 a.m.•29 views

Solaris 7 x86 lp exploit.

Setuid proggie /usr/bin/lp has an easily exploitable buffer overflow. This exploit is for Solaris 7 x86 version, no sparc exploit is available to my knowledge. later, DiGiT / solaris 2.7 /usr/bin/lp local exploit, i386. discovered by DiGiT. try offset 150-250 if sploit fails greets: !ADM,...

exploitpack•added 2000/04/24 12:0 a.m.•12 views

Solaris 2.67.0 - lpset -r Local Buffer Overflow (2)

Solaris 2.67.0 - lpset -r Local Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1138/info A vulnerability exists in the handling of the -r option to the lpset program, as included in Solaris 7 from Sun Microsystems. The -r option is undocumented. As such, its use in unknown. Howeve...

securityvulns•added 2000/04/17 12:0 a.m.•38 views

XFree86 server overflow - exploit issues

While trying to exploit this overflow, I noticed that the problem lies in lovely strcpy call, which overwrites stack. Unfortunately, any 'offending' non-alphanumeric characters are replaced with '' somewhere before. Uh, most of people will say "it's impossible to write alphanumeric shellcode, so ...

Exploit DB•added 1999/12/01 12:0 a.m.•35 views

FreeBSD 3.3 - 'angband' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/840/info The version angband shipped with FreeBSD 3.3-RELEASE is vulnerable to a local buffer overflow attack. Since it is setgid games, a compromise of files and directories owned by group games is possible. / FreeBSD 3.3 angband exploit yields egid o...

exploitpack•added 1999/11/30 12:0 a.m.•4 views

Qualcomm qpopper 3.03.0 b20 - Remote Buffer Overflow (1)

Qualcomm qpopper 3.03.0 b20 - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/830/info There is a buffer overflow vulnerability present in current 3.x versions of Qualcomm popper daemon. These vulnerabilities are remotely exploitable and since the daemon runs as root, the ho...

Packet Storm•added 1999/11/04 12:0 a.m.•26 views

realown.asm

; The binary is available at http://www.beavuh.org. ; ; This exploits a buffer overflow in RealServers web authentication on ; the administrator port - hence the reason the shellcode is base64 encoded. ; This has been tested on the NT version with a default installation. ; If RealServer is...

Packet Storm•added 1999/09/22 12:0 a.m.•26 views

crond_exploit.txt

Subject: Crond Scooby Snacks for Everyone. To: [email protected] Paul Vixie loves us all so much it's overflowing. For your own private use, standard disclaimer and transfer of responsibility to that of the end user applies. Oh yeah, and I made it semi-self cleaning just because I love yo...

Packet Storm•added 1999/09/22 12:0 a.m.•19 views

libtermcap_xterm_exploit.txt

Subject: libtermcap xterm exploit To: [email protected] / libtermcap xterm exploit by m0f0 1999 it works for xterm/nxterm Tested Slackware 3.5, 3.6 / include define BUFSIZE 5000 define POSRET 2000 define POSSEP 3000 define RETADDR 0xbfffefef define EGG "/tmp/eggtermcap" // shellcode char...

exploitpack•added 1999/09/12 12:0 a.m.•16 views

Solaris 7.0 usrbinmail - -m Local Buffer Overflow

Solaris 7.0 usrbinmail - -m Local Buffer Overflow // source: https://www.securityfocus.com/bid/672/info A buffer overflow vulnerability in the '/usr/bin/mail' program's handling of the '-m' command line argument allows local users to obtain access to the 'mail' group. / Generic Solaris x86 exploi...

Packet Storm•added 1999/08/17 12:0 a.m.•46 views

digital-unix4.0-asm-shell.txt

Date: Tue, 26 Jan 1999 15:18:08 -0500 From: Seth Michael McGann To: [email protected] Subject: Re: Digital Unix 4.0 exploitable buffer overflows On Mon, 25 Jan 1999, Lamont Granquist wrote: Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an...

exploitpack•added 1998/05/05 12:0 a.m.•15 views

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (1)

Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c':...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by