MySQL CREATE TABLE调用绕过访问限制漏洞

CVE ID: CVE-2008-7247 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 当数据主目录包含有到不同文件系统的符号链接时，MySQL的ql/sqltable.cc允许通过认证的远程攻击者通过以特殊DATA DIRECTORY或INDEX DIRECTORY参数调用CREATE TABLE绕过预期的访问限制，执行各种非授权操作。 MySQL AB MySQL 6.0 MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁： MySQL AB --------...

Oracle ctxsys.drvxtabc.create_tables Evil Cursor Exploit

Exploit for unknown platform in category local exploits ======================================================== Oracle ctxsys.drvxtabc.createtables Evil Cursor Exploit ======================================================== Title: Oracle ctxsys.drvxtabc.createtables Evil Cursor Exploit CVE-ID:...

Privilege escalation

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

CVE-2009-4030

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

CVE-2009-4030

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

CVE-2008-7247

sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...

kernel: O_EXCL creates on NFSv4 are broken

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

Dazzle Blast - Remote File Inclusion

Dazzle Blast - Remote File Inclusion o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Author : NoGe Contact : nogedotcodeatgmaildotcom Blog : http://evilc0de.blogspot.com/ Home : http://antisecurity.org/ o Vulnerable...

CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

!/usr/bin/env python CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC Found By: DrIDE Download: http://www.cuteftp.com/downloads/ Tested On: Windows 7 RC, XP might be more shell friendly Notes: This PoC exploits the "Create New Site" mechanism. Any site type that you pick wi...

MySQL: Format string vulnerability by manipulation with database instances (crash)

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

PowerISO 4.0 Buffer Overflow

!/usr/bin/env python Poweriso 4.0 Local Buffer Overflow PoC Found By: DrIDE Tested On: XPSP3 Usage: Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save Notes: This must have been fixed somewhere between 4.0 and 4.7 ''' EAX 00ADDDC0 ECX 00000000 EDX 00004000 EBX 00000000 ESP...

PowerISO 4.0 Local Buffer Overflow PoC

No description provided by source. !/usr/bin/env python Poweriso 4.0 Local Buffer Overflow PoC Found By: DrIDE Tested On: XPSP3 Usage: Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save Notes: This must have been fixed somewhere between 4.0 and 4.7 ''' EAX 00ADDDC0 ECX 00000000...

Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)

Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...

Kolibri+ Webserver 2 Remote SEH Overwrite

!/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+ Webserver 2 SEH Overwrite Written by...

Enlightenment - Linux Null PTR Dereference Exploit Framework

Exploit for linux platform in category local exploits ============================================================ Enlightenment - Linux Null PTR Dereference Exploit Framework ============================================================ / enlightenment 200909092307 To create your own exploit modu...

CVE-2008-7193

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...

μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

μTorrent uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow PoC !/usr/bin/env python uTorrent Create New Torrent - Paste string into "Source" field - Click "Add File" buff = "\x41" 9000 try: f1 = open"uTorrent.txt","w"; f1.writebuff; f1.close; print "\nuTorrent = 1.8.3 Build 15772...

Infinity 2.0.5 - Arbitrary Create Admin

Infinity 2.0.5 - Arbitrary Create Admin ?php printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Infinity = 2.0.5 Create Admin /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ q POST 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q Owned : |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Infinity 2.0.5 - Arbitrary Create Admin

?php printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Infinity = 2.0.5 Create Admin /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ q POST 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q Owned : |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr...