zgv - '$HOME' Local Buffer Overflow

/ zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop into a normal unpriviledged shell. Go Figure.... $ cp zgvexploit.c n.c $ cc -o n n.c $ ./n Oak driver: Unknown...

zgv $HOME overflow

Exploit for linux platform in category local exploits ================== zgv $HOME overflow ================== / zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop...

zgv - $HOME Local Buffer Overflow

zgv - $HOME Local Buffer Overflow / zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop into a normal unpriviledged shell. Go Figure.... $ cp zgvexploit.c n.c $ cc ...

CVE-1999-1483

Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable...

Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun

source: https://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment variable containing excessive data...

SGI IRIX 6.4 - rmail Local Privilege Escalation

SGI IRIX 6.4 - rmail Local Privilege Escalation source: https://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed...

SGI IRIX 6.4 - 'rmail' Local Privilege Escalation

source: https://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed with gid mail. rmail is used with uucp. The...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRBCONF...

UNICOS 9MAX 1.3mk 1.5 AIX 4.2 libc 5.2.18 RedHat 4 IRIX 6 Slackware 3 - NLS (2)

UNICOS 9MAX 1.3mk 1.5 AIX 4.2 libc 5.2.18 RedHat 4 IRIX 6 Slackware 3 - NLS 2 / source: https://www.securityfocus.com/bid/711/info Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX include include char shellcode = "\x31\xc0\xb0\x31\xcd\x80\x93\x31\xc0\xb0\x17\xcd\x80\x68\x59\x58\xff\xe1"...

UNICOS 9MAX 1.3mk 1.5 AIX 4.2 libc 5.2.18 RedHat 4 IRIX 6 Slackware 3 - NLS (1)

UNICOS 9MAX 1.3mk 1.5 AIX 4.2 libc 5.2.18 RedHat 4 IRIX 6 Slackware 3 - NLS 1 / source: https://www.securityfocus.com/bid/711/info Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX = 4.2,Linux libc = 5.2.18,RedHat 4.0,IRIX 6.2,Slackware 3.1 Natural Language Service NLS Vulnerability 1 A buffer overflow...

UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2)

/ source: https://www.securityfocus.com/bid/711/info Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX include include char shellcode = "\x31\xc0\xb0\x31\xcd\x80\x93\x31\xc0\xb0\x17\xcd\x80\x68\x59\x58\xff\xe1" "\xff\xd4\x31\xc0\x99\x89\xcf\xb0\x2e\x40\xae\x75\xfd\x89\x39\x89\x51\x04"...

PT-1997-1026 · Rlogin · Rlogin

Name of the Vulnerable Software and Affected Versions: rlogin affected versions not specified Description: The issue concerns a buffer overflow in the rlogin program, which can be triggered using the TERM environmental variable. Recommendations: At the moment, there is no information about a newe...

FreeBSD-SA-97:01.setlocale

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-97:01 Security Advisory Revised: Wed Feb 05 09:58:56 PDT 1997 FreeBSD, Inc. Topic: setlocale bug in all released versions of FreeBSD Category: core Module: libc Announced:...

CVE-1999-1385

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable...

BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/242/info The SUID rlogin program is used to establish remote sessions. A buffer overflow condition has been found in the rlogin program that may allow an unauthorized user to gain root access. The overflow in particular is in the rlogin code that handle...

sudo.bin - NLSPATH Privilege Escalation

sudo.bin - NLSPATH Privilege Escalation include include include include include define PATHSUDO "/usr/bin/sudo.bin" define BUFFERSIZE 1024 define DEFAULTOFFSET 50 ulong getesp asm"movl %esp, %eax"; mainint argc, char argv uchar execshell =...

IBM AIX 3.2.5 - IFS Local Privilege Escalation

IBM AIX 3.2.5 - IFS Local Privilege Escalation source: https://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2...

PT-1990-1010 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified Description: A buffer overflow issue exists in the libmytinfo library of FreeBSD, allowing local users to execute commands by setting a long TERMCAP environmental variable. Recommendations: At the momen...

CVE-2026-53614

Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...