USN-103-1: Linux kernel vulnerabilities

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents which could contain sensitive data like passwords became visible on the raw device. This is...

security flaw

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...

exp2.php.txt

? / Mysql CREATE FUNCTION func table arbitrary library injection Author: Stefano Di Paola Vulnerable: Mysql = 4.0.23, 4.1.10 Type of Vulnerability: Local/Remote Privileges Escalation - input validation Tested On : Mandrake 10.1 /Debian Sarge Vendor Status: Notified on March 2005 Copyright 2005...

[VulnWatch] Mysql CREATE FUNCTION libc arbitrary code execution.

Mysql CREATE FUNCTION libc arbitrary code execution. Author: Stefano Di Paola Vulnerable: Mysql = 4.0.23, 4.1.10 Type of Vulnerability: Local/Remote - input validation Tested On : Mandrake 10.1 /Debian Sarge Vendor Status: Notified on March 2005 -- Description If an authenticated user has INSERT...

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:040)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : A flaw in the LOAD command could be abused by a local user to load arbitrary shared libraries and as a result execute arbitrary code with the privileges of the user running the postgresql server CVE-2005-0227. A...

security flaw

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

CVE-2005-0244

CVE-2005-0244 affects PostgreSQL 8.0.0 and earlier; local users could bypass the EXECUTE permission check for functions via CREATE AGGREGATE, as described in the CVE entry. Connected advisories show this vulnerability being addressed by multiple vendors, including Red Hat (RHSA-2005:138/141) and ...

os-x/PPC create /tmp/suid 122 bytes

Exploit for os-x/ppc platform in category shellcode =================================== os-x/PPC create /tmp/suid 122 bytes =================================== / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode =...

os-x/PPC create /tmp/suid 122 bytes

No description provided by source. / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd" "\x7f\xe8\x02\xa6\x39\x1f\x01\x71" "\x39\x08\xfe\xf4\x7c\xa8\x29\xae" "\x38\x7f\x01\x68\x38\x63\xfe\xf4"...

os-x/PPC create /tmp/suid 122 bytes

os-x/PPC create /tmp/suid 122 bytes. Shellcode exploit for osxppc platform / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd" "\x7f\xe8\x02\xa6\x39\x1f\x01\x71" "\x39\x08\xfe\xf4\x7c\xa8\x29\xa...

CDRDAO - Local Privilege Escalation

!/bin/sh DIR=pwd echo "" echo "cdrdao local root exploit - gr doesn't protect you this time" echo "Karol Wiêsek " echo "" sleep 2 umask 000 echo -n " Checking if /etc/ld.so.preload doesn't exist ... " if -f /etc/ld.so.preload ; then echo "WRONG" echo "/etc/ld.so.preload exists, write another...

Hafiye 1.0 - Remote Terminal Escape Sequence Injection

Hafiye 1.0 - Remote Terminal Escape Sequence Injection / Remote Exploit for Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Written by Serkan Akpolat Homepage: http://deicide.siyahsapka.org E-mail: deicide siyahsapka org Greets: Virulent, gorny and all other netricians / include inclu...

DEBIAN-CVE-2004-1735

Cross-site scripting XSS vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field...

Windows User Account Activity Create User (via Splunk)

Binary data 710001.prm...

MDaemon IMAP Service CREATE Command Mailbox Name Handling Overflow

Binary data 1094.prm...

CVE-2004-1679

Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ triple dot in the 1 CWD, 2 STOR, or 3 RETR commands...

mailman XSS in create script

From the 2.1.3 release notes: Closed a cross-site scripting exploit in the create cgi script...

DEBIAN-CVE-2003-0323

Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service crash and possibly execute arbitrary code via responses that are not properly fed to the mystrcat function by 1 ctcpbuffer, 2 cannotjoinchannel, 3 statusmakeprintable for Statusbar drawing...

MDaemon IMAP Server CREATE Command Mailbox Name Handling Overflow

According to its banner, the version of MDaemon running on the remote host has a buffer overflow vulnerability in the CREATE command. A remote attacker could exploit this to execute arbitrary code, or cause a denial of service. A crash would prevent other MDaemon services SMTP, POP from running a...

Oracle Net Services CREATE DATABASE LINK Query Overflow

The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query CREATE DATABASE LINK. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable...