Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

Exploit for macOS platform in category local exploits ============================================================== Mac OS X = 10.4.6 launchd Local Format String Exploit x86 ============================================================== !/usr/bin/perl...

Apple Mac OSX 10.4.x - OpenLDAP Denial of Service

source: https://www.securityfocus.com/bid/18728/info Mac OS X Open Directory Server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to cause a crash in the LDAP server, effectively denying service to legitimate...

Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Description The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone to a buffer-overflow vulnerability. The application fails to do proper boundary checks on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary...

Solaris 2.6/7/8/9 (SPARC) - &#039;ld.so.1&#039; Local Privilege Escalation

/ $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long...

Solaris 789 CDE LibDTHelp - Local Buffer Overflow (2)

Solaris 789 CDE LibDTHelp - Local Buffer Overflow 2 / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary cod...

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)

Exploit for solaris platform in category local exploits ====================================================== Solaris 2.6/7/8/9 ld.so.1 Local Root Exploit sparc ====================================================== / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload....

Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation

Solaris 8/9 passwd1 - 'circ' Stack-Based Buffer Overflow Privilege Escalation. CVE-2004-0360. Local exploit for Solaris platform / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability i...

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi...

TRU64 /usr/bin/passwd overflow

In light of the recent conversations on the non-executable stack I have decided to release some of the information I have been sitting on. alpha.snosoft.com uname -a OSF1 alpha.snosoft.com V5.1 732 alpha alpha.snosoft.com id uid=201dotslash gid=15users groups=0system alpha.snosoft.com ls -al...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require...

Tru64 UNIX 4.0g - &#039;/usr/bin/at&#039; Local Privilege Escalation

/ Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require modification, may require deletion, heh. Note: executablestack...

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit

Exploit for tru64 platform in category local exploits ============================================== Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit ============================================== / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site:...

Tru64 5 - &#039;su&#039; Env Local Stack Overflow

/ Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru64 5A OSF/1 / / By: K2 thx horizon,lamo...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...

Tru64 5 - su Env Local Stack Overflow

Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...

Vulnerability in Solaris ufsrestore

Hi, Reading RFP's great initiative on the disclosure policy http://www.wiretrip.net/rfp/policy.html , here is the scoop on a local root exploit I reported to Sun on May 18th. I received confirmation on the reception, stated I would disclose in three weeks and heard nothing since. I've had better...

digital-unix-4.0-bof.txt

Date: Mon, 25 Jan 1999 12:21:45 -0800 From: Lamont Granquist To: [email protected] Subject: Digital Unix 4.0 exploitable buffer overflows Previously Digital Unix has been relatively immune to buffer overflow attacks due to the lack of an executable stack in the 3.x versions. For the 4.0 versio...

defeat.solaris.nonexec.stack.txt

Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...