340 matches found
Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String
source: https://www.securityfocus.com/bid/2327/info man is the manual page viewing program, available with the Linux Operating System in this implementation. It is freely distributed and openly maintained. A problem with the man command may allow for the elevation of privileges. Due to the handli...
Half Life - rcon Remote Buffer Overflow
Half Life - rcon Remote Buffer Overflow / SDI HalfLife rcon remote exploit for linux x86 portuguese exploit remoto para o buffer overflow do rcon no halflife Tamandua Sekure Labs Sao Paulo - Porto Alegre, Brazil by Thiago Zaninotti c0nd0r Gustavo Scotti csh Proof of concept - There is a remote...
old version of host command vulnearbility
Synopsis -------- Old versions of the 'host' command, contain an exploitable buffer overflow. Sorry if this is already known, it seems an old problem but I failed searching it in the bugtraq archives. Versions -------- The version affected is the following: static char rcsid = "$Id: host.c,v 8.21...
CVE-2000-0730
CVE-2000-0730 describes a vulnerability in the HP-UX 11.0 Affected software: HP-UX operating system (HP-UX 11.0) and its newgrp command. Issue: Local privilege escalation. The root cause is not detailed in the provided documents. Impact: Local users may gain privileges. Exploitation: Not provided...
WFTPD 2.4.1RC11 - MLST Remote Denial of Service
WFTPD 2.4.1RC11 - MLST Remote Denial of Service source: https://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to...
CVE-2000-0414
The CVE-2000-0414 entry describes a local privilege escalation in HP-UX 11.X/10.X caused by a flaw in the shutdown command’s handling of input variables. A local attacker could exploit malformed input to gain elevated privileges. The available sources confirm the affected component (shutdown comm...
NetWin DSMTP (Dmail) ETRN Command Overflow
The remote SMTP server is vulnerable to a buffer overflow when the ETRN command is issued arguments which are too long. A remote attacker could exploit this to crash the SMTP server, or possibly execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...
warftpd exploit?
WarFTPd 1.66 - 1.67 can be crashed due to an un-checked buffer for the CWD command, as this DoS exploit by eth0 from b0f shows. Now, it seems that the ret address can't be overwritten so it is probably a dynamic buffer, and therefore a heap or data overflow... I've seen some heap overflows agains...
CVE-1999-0198
finger .@host on some systems may print information on some user accounts...
Qualcomm qpopper 3.0 - LIST Remote Buffer Overflow
Qualcomm qpopper 3.0 - LIST Remote Buffer Overflow // source: https://www.securityfocus.com/bid/948/info A remotely exploitable buffer-overflow vulnerability affects Qualcomm's 'qpopper' daemon. This issue allows users already in possession of a username and password for a POP account to compromi...
SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 - su(1) Buffer Overflow
// source: https://www.securityfocus.com/bid/826/info Certain versions of Unixware ship with a version of su1 which is vulnerable to a buffer overflow attack. This attack is possible because su1 fails to sanity check user supplied data, in this instance a username supplied on the command line...
irixat.txt
Date: Fri, 3 Jul 1998 22:14:14 +0200 From: "J.A. Gutierrez" Subject: more about 'at' I've tried the trick from NetBSD Security Advisory 1998-004 on an IRIX 6.2 host, and it seems it works too. $ at -f /etc/shadow now + 1 minute - shadow is mailed to user: 'at' is: f 23947 91...
FTP 'CWD ~root' Command Privilege Escalation
The remote FTP server is affected by a flaw that may allow a remote attacker to gain unauthorized privileges. An attacker can exploit this flaw by issuing a specially crafted request to the 'CWD root' command. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10083;...
G. Wilford man 2.3.10 - Symlink
G. Wilford man 2.3.10 - Symlink source: https://www.securityfocus.com/bid/305/info The man command created a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This may allow malicious local users to create arbitrarily named files. zsoelim1 is a utility par...
G. Wilford man 2.3.10 - Symlink
source: https://www.securityfocus.com/bid/305/info The man command created a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This may allow malicious local users to create arbitrarily named files. zsoelim1 is a utility part of the man package which...
BisonWare BisohFTP Server 3.5 - Multiple Vulnerabilities
// source: https://www.securityfocus.com/bid/271/info Multiple vulnerabilities in the BisonWare FTP Server can cause denials of service. The vulnerabilities are: The server fails to close the socket created by a PASV command in multiple PASV commands are executed back to back. This can create a...
CVE-1999-1054
The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command...
id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution
// source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible to remotely bypass authentication. In order for this to be exploited, the attacker would have ...
IBM AIX 4.2.1 - '/usr/bin/portmir' Local Buffer Overflow / Insecure Temporary File Creation
/ source: https://www.securityfocus.com/bid/385/info AIX version 4.2.1 introduced a new command titled 'portmir'. This new program had two notable vulnerabilites. First it contained a buffer overflow which allowed malicious users to obtain root privileges. Secondly it wrote it's log files to a...
SGI IRIX 6.5.4 Solaris 2.5.1 - ps(1) Buffer Overflow
SGI IRIX 6.5.4 Solaris 2.5.1 - ps1 Buffer Overflow source: https://www.securityfocus.com/bid/220/info The ps command prints information about active processes on a system. Due to insufficient bounds checking on arguments supplied to ps, it is possible to overwrite the internal data space of the p...