Ruby on Rails exploit could hijack unpatched servers for botnet

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc, Hackers are exploiting a known and patched vulnerability ...

vixie_crontab_readfiles-exploit_and_advisory.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: vixie-cron Author: Karol Wiêsek Date: Mar 21, 2005 Issue: crontab allows any user to read another users crontabs Description: Crontab is used to create special files used by cron to execute commands at specified dates and times. Details:...

RH 7.0 Crontab exploit - apparently fixed

/ Crontab tmp file race condition http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=37771 Apparently this is fixed. Wonder why it still works. Local exploit Quick and dirty exploit for crontab insecure tmp files Redhat 7.0 - kept up2date with up2date Checked Tue Jun 26 00:15:32 NZST 2001...

HP-UX 11.00/10.20 crontab Overwrite Files Exploit

Exploit for hp-ux platform in category dos / poc ================================================= HP-UX 11.00/10.20 crontab Overwrite Files Exploit ================================================= !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho email protected Usage : ./crontab.sh if -z "$1"...

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...

crontab_exploit.txt

Subject: Vixie Crontab exploit code To: [email protected] Vixie Crontab exploit code begin vixie-ex ---------------------------------------------------------------------- !/bin/sh Vixie crontab exploit Local user can gain root access. Tested redhat linux : 4.2, 5.0, 5.1, 6.0 Tested vixie...