Serv-U privilege escalation

With SITE EXEC command from local interface it's possible to execute any command with system privileges...

OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow

/ OpenBSD 2.x - 3.3 / / execibcs2coffprepzmagic kernel stack overflow / / note: ibcs2 binary compatibility with SCO and ISC is enabled / / in the default install / / Copyright Feb 26 2003 Sinan "noir" Eren / / noir olympos org | noir uberhax0r net / / greets to brother nahual for making this...

MS Windows XP/2000 RPC Remote (non exec memory) Exploit

No description provided by source. / have you recently bought one of those expensive new windows security products on the market? do you think you now have strong protection? Look again: rpc!exec by ins1der trixterjack yahoo com windows remote return into libc exploit! remote rpc exploit breaking...

MS Windows XP/2000 RPC Remote (non exec memory) Exploit

Exploit for unknown platform in category remote exploits ======================================================= MS Windows XP/2000 RPC Remote non exec memory Exploit ======================================================= / have you recently bought one of those expensive new windows security...

CVE-2003-0398

Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed...

CVE-2003-0398

Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed...

CVE-2003-0398

Affected products: Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled. Vulnerability: remote attackers could execute arbitrary code by providing a crafted text variable to a Vignette Application that is later displayed. Underlying cause/details are not expli...

Mandrake Linux 8.2 - usrmail Local Overflow

Mandrake Linux 8.2 - usrmail Local Overflow !/usr/bin/perl Mandrake 8.2 /usr/mail local exploit Usage: perl d86mail.pl offset Then enter "." dot and press 'Enter' Example: satan@localhost my$ perl d86mail.pl eip: 0xbffffddd .enter Cc: too long to edit sh-2.05$ $shellcode =...

CVE-2002-1117

Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares...

Happy Labor Day from Snosoft

For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these...

Informix SE-7.25 /lib/sqlexec Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Title: Local Vulnerability in Informix SE-7.25 Date: 21-04-2002 Platform: Only tested in Linux but can be exported to others. Impact: Users with exec perm over /lib/sqlexec can obtain euid=0 Author: Juan Manuel Pascual Escriba [email protected] Status: Vendor...

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...

More SWF vulnerabilities?

Vulnerable systems: unpatched "standalone Flash players" Macromedia Shockwave Flash player versions before January 2002? Fix: "In response to the discovery of the virus, in January Macromedia released an update to its standalone Flash player that causes the player to ignore the "exec" action."...

FreeBSD-SA-02:08.exec

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:08 Security Advisory FreeBSD, Inc. Topic: race condition during exec may allow local root compromise Category: core Module: kernel Announced: 2002-01-24 Credits: Logan...

Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation

source: https://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec implementation that may allow for modification of setuid process memory via ptrace. The vulnerability is due to the fact that it is possible for a traced process to exec a setuid image if the tracing...

Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-009 ================================= Topic: Race condition between sugid-exec and ptrace2 Version: All official releases up to and including 1.5 Severity: Local user may gain superuser privileges Fixed: NetBSD-current: June 15, 200...

Проблемы с обработчиками сигналов в FreeBSD (signal handlers)

При выполнении exec не все обработчики сигналов очищаются, что позволяет встроить свой код в suid-приложение...

CVE-2000-0573

Summary (CVE-2000-0573) The vulnerability affects Wu-ftpd prior to 2.6.1, where the lreply/SITE EXEC (and SITE INDEX) path does not sanitize an untrusted format string. This allows remote attackers to execute arbitrary code (reported as root access) by sending crafted SITE EXEC/INDEX commands. Pu...

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)

source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because ...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...