Tru64 5 - 'su' Env Local Stack Overflow

/ Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru64 5A OSF/1 / / By: K2 thx horizon,lamo...

Tru64 5 (su) Env Local Stack Overflow Exploit

Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...

Tru64 5 - su Env Local Stack Overflow

Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...

Microsoft Outlook 2000 0/98 0/Express 5.5 - Concealed Attachment

source: https://www.securityfocus.com/bid/2260/info Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as...

CVE-2000-1225

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

Проблемы в TrendMicro InterScan VirusWall (shared folder permissons)

При установке создается разделяемая папка, содержащая исполняемые файлы доступная всем пользователям на запись/изменение...

Microsoft IIS 4.0/5.0 - Executable File Parsing

source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed request for an executable file follow...

Microsoft IIS 4.05.0 - Executable File Parsing

Microsoft IIS 4.05.0 - Executable File Parsing source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a special...

mandrake.urpmi.txt

Local Exploit Issue with: /usr/bin/urpmi The urpmi executable perl script root@localhost /root ls -al /usr/bin/urpmi -rwsr-x--- 1 root urpmi 9352 Apr 4 2000 /usr/bin/urpmi This requires an account in the urpmi group. Possibly physical access to the box as well. On Mandrake 7.1 the package urpmi w...

CVE-2000-0879

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services...

CVE-2000-0663

The registry entry for the Windows Shell executable Explorer.exe in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path"...

Microsoft Windows NT 4.02000 - DLL Search Path

Microsoft Windows NT 4.02000 - DLL Search Path source: https://www.securityfocus.com/bid/1699/info When a program executes under Microsoft Windows, it may require additional code stored in DLL library files. These files are dynamically located at run time, and loaded if necessary. A weakness exis...

Дырка в Apache-ssl из Trustix

Из-за ошибки в скрипте инсталляции часть исполняемых файлов устанавливается открытыми на запись...

Дырка в VariCAD 7.0

несколько исполняемых файлов открыты на запись...

Дырка в FlagShip

несколько исполняемых файлов открыто на запись...

Possible vulnerability in HPUX

Hello, Few days ago i read the mail Hackerslab bugpaper HP-UX bdf -t option buffer overflow vul. And decided to see any other possible vulnerabilityies on my ststem. HP-UX 10.20. After a few minutes maybe a little more : ,trying each setuid exe with different options, i finally got results as for...

Advisory: mailman local compromise

Author : Stan Bubrouski Date : August 1, 2000 Package : mailman Versions affected : 2.0beta3 released: 2000-Jun-28 23:25 2.0beta4 released: 2000-Jul-06 21:27 Severity : access to group mailman binaries are installed as which usually mailman. Most directories in a mailman install are mode 2755 as...

Group-writable executable in OpenLDAP

OpenLDAP installs the ud binary in $binpath with mode 775 and default group i.e. either you primary gid or the directories gid. Of course the consequences depend on which group this actually is. This was checked with 1.2.11 latest stable, but probably also exists in earlier versions, since the...

Проблемы с OpenLDAP

исполняемые файлы устанавливаются с разрешениями позволяющие запись для группы...