CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2022/02/18 12:0 a.m.•128 views

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...

Exploit DB•added 2021/02/02 12:0 a.m.•416 views

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10...

7.4AI score

Exploit DB•added 2020/04/21 12:0 a.m.•246 views

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...

8.8CVSS8.8AI score0.0059EPSS

Exploits5

0day.today•added 2019/05/20 12:0 a.m.•143 views

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (2) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability a...

0.3AI score

0day.today•added 2019/05/20 12:0 a.m.•220 views

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...

0.4AI score

exploitpack•added 2019/05/20 12:0 a.m.•24 views

Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (1)

Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 1 / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerabili...

0.5AI score

Tenable Nessus•added 2019/02/08 12:0 a.m.•128 views

Samba < 2.2.8a Remote Code Execution Vulnerability

The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd a...

10CVSS6.4AI score0.88428EPSS

Exploits23References3

seebug.org•added 2014/07/01 12:0 a.m.•15 views

Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2605/info The Kodak Color Management System configuration tool 'kcmsconfigure' is vulnerable to a buffer overflow that could yield root privileges to an attacker. The bug exists in the KCMSPROFILES environment variable...

seebug.org•added 2014/07/01 12:0 a.m.•21 views

Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (2)

seebug.org•added 2014/07/01 12:0 a.m.•13 views

Inso DynaWeb httpd 3.1/4.0.2/4.1 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to a remotely...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

Samba trans2open Overflow (Solaris SPARC)

No description provided by source. $Id: trans2open.rb 9571 2010-06-21 16:53:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

seebug.org•added 2014/07/01 12:0 a.m.•15 views

Solaris 8 libsldap Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a...

NVD•added 2013/04/17 12:14 p.m.•10 views

CVE-2013-1494

Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel...

4.7CVSS5.5AI score0.0014EPSS

NVD•added 2012/10/17 12:55 a.m.•16 views

CVE-2012-3215

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel...

1.7CVSS5.3AI score0.00058EPSS

NVD•added 2012/10/17 12:55 a.m.•12 views

CVE-2012-3212

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel...

4.7CVSS5.5AI score0.00048EPSS

Cvelist•added 2012/10/17 12:0 a.m.•28 views

CVE-2012-3215

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel...

5.2AI score0.00058EPSS