188 matches found
FreeBSD : SA-04:10.cvs
The remote host is running a version of FreeBSD which contains a heap overflow in the cvs pserver code. This flaw may be used by an attacker to execute arbitrary code on the remote host, provided that it's running a cvs pserver. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...
PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution
PHPX 3.x - images.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properl...
New "Clean" IE Remote Compromise
tested OS:Win2k3,CN version IE: with MS03-048 installed. OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview By combining several vulnerabilities in Internet Explorer, an attacker can execute his EXE file on victim's system. "Clean" means: there is no old...
Opera 7.22 File Creation and Execution Exploit (Malicious Webserver)
No description provided by source. !/usr/bin/perl Sample code of "Opera 7 Arbitrary File Auto-Saved Vulnerability." This Exploit will run a webserver that will create and execute a batch file on the victim's computer when visiting this malicious server This perl script is a small HTTP server for ...
Exchange XEXCH50 Remote Buffer Overflow
The remote mail server appears to be running a version of the Microsoft Exchange SMTP service that is vulnerable to a flaw in the XEXCH50 extended verb. This flaw can be used to completely crash Exchange 5.5 or to execute arbitrary code on Exchange 2000. This script was written by H D Moore See t...
FTP Desktop 3.5 - FTP 331 Server Response Buffer Overflow
FTP Desktop 3.5 - FTP 331 Server Response Buffer Overflow source: https://www.securityfocus.com/bid/8560/info A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 331 server responses from remote FTP servers. When FTP Desktop...
WU-FTPD 2.6.2 - Remote Command Execution
WU-FTPD 2.6.2 - Remote Command Execution / wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz, . Update: v0.0.2 August 2, I added wu-ftpd-2.6.2, 2.6.0, 2.6.1 finally. v0.0.3 August 3, Brute-Force function addition. v0.0.4 August 4, Added FreeBSD, OpenBSD version...
WU-FTPD 2.6.2 - Off-by-One Remote Command Execution
/ wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz Brute-Force function added. / define VERSION "v0.0.3" include include include include include include define DEBUGNG undef DEBUGNG define NRL 0 define SCS 1 define FAD -1 define MAXBF 16 define BFLSZ 0x100 / 256 /...
SDFingerD 1.1 - Failure To Drop Privileges Privilege Escalation
source: https://www.securityfocus.com/bid/7977/info sdfingerd has been reported prone to a local privilege escalation vulnerability. The issue presents itself because the sdfingerd daemon fails to sufficiently drop group privileges before executing commands that are contained in a users .plan fil...
Maelstrom Server 3.0.x - Argument Buffer Overflow (3)
Maelstrom Server 3.0.x - Argument Buffer Overflow 3 // source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it ...
Apple Mac OSX 10.2.4 - DirectoryService PATH Local Privilege Escalation
Apple Mac OSX 10.2.4 - DirectoryService PATH Local Privilege Escalation / OS X include include include int mainint argc, char argv char ORIGPATH; int temp; if argc 2 if geteuid == 0 printf"euid is root.\n"; setuid0; execl"/bin/bash", "bash", NULL; strcpyORIGPATH, getenv"PATH"; printf"Original pat...
File 3.x - Local Stack Overflow Code Execution (1)
File 3.x - Local Stack Overflow Code Execution 1 // source: https://www.securityfocus.com/bid/7008/info It has been reported that a stack overflow exists in the file program. Although details of this issue are currently unavailable, it is likely that this issue could be exploited to execute code ...
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrar...
Multiple vulnerabilities in Tiny HTTPd
======================================== INetCop Security Advisory 2002-0x82-001 ======================================== Title: Multiple vulnerabilities in Tiny HTTPd. 0x01. Description Tiny HTTP daemon is web server that do simple very. Vulnerability and executable vulnerability that this web...
Hotfoon Dialer 4.0 - Buffer Overflow (PoC)
Hotfoon Dialer 4.0 - Buffer Overflow PoC source: https://www.securityfocus.com/bid/6156/info A buffer overflow vulnerability has been reported for the Hotfoon dialer. The vulnerability exists in a text input field for dialing telephone numbers. Reportedly, Hotfoon4.exe does not adequately perform...
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...
WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via "followup" bug
--== Nerf gr0up: adv 7 ==-- WebBBS remote command execution Vulnerable: WebBBS by Darryl Burgdorf http://awsd.com/scripts/webbbs/. All versions are vulnerable. WebBBS is a Web-based bulletin board. WebBBS stores messages as simple text files. Description: WebBBS script allows command execution on...
Using the backbutton in IE is dangerous
---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Using the backbutton in IE is dangerous. Date: 2002-04-15 Software: At least Internet Explorer 6.0. Tested env: Windows 2000 pro, XP. Rating: Medium because user interaction is needed. Impact: Read cookies/local files and...
Adobe PhotoDeluxe does not adequately restrict Java execution
Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...
Microburst uDirectory 2.0 - Remote Command Execution
source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. !/usr/bin/perl -w management, e-commerce...