LBL Traceroute - Local Privilege Escalation

/ MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the corresponding advisory will be made available at: ftp://maxx.via.ecp.fr/traceroot/ This program is free software; you can redistribute it and/or modif...

ISC BIND 8.1 - Host Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1887/info An exploitable buffer overflow vulnerability exists in certain non-current versions of the ISC host command. host can be used to issue an AXFR command to effect a zone transfer for a given domain name. In affected versions of host, if the AXF...

Ntop -w remote exploit

Problem: ntop has a stack-based BOF when it's requested too long filename. 2. Tested Version ntop-1.2a1 I only tested this version. 3. Example 1. first run ntop -w 8080 2. run this script $ printf "GET /perl -e 'print "A"x240'rnrn" |nc localhost 8080 3. the ntop goes seg. fault. $ ntop -w 8080...

[EXPL] Route (/sbin/route) exploit has been released (add parameter)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com Route /sbin/route exploit has been released add parameter ------------------------------------------------------------------------ SUMMARY A security...

half-life.txt

-----BEGIN PGP SIGNED MESSAGE----- Vulnerability Report by Mark Cooper Date Published: 16th October 2000 Advisory ID: N/A Bugtraq ID: 1799 http://www.securityfocus.com/bid/1799 CVE CAN: N/A Title: Half-Life Dedicated Server Vulnerability Class: Buffer Overflow Remotely Exploitable: Yes Locally...

wftpd241-12.txt

================================================================= Blue Panda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12 05/09/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================= Problem: WFTPD will crash if a...

D.o.S Vulnerability in vqServer

DHC Advisory Advisory for vqServer 1.4.49 vqServer is made by vqSoft. Site: http://www.vqsoft.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] /-|=explaination=|- When sending vqServer version 1.4.49 a malformed URL request it will crash the service. This has been verifi...

vqserver.dos.txt

DHC Advisory Advisory for vqServer 1.4.49 vqServer is made by vqSoft. Site: http://www.vqsoft.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] /-|=explaination=|-\ When sending vqServer version 1.4.49 a malformed URL request it will crash the service. This has been...

PHP-Nuke 1.02.5 - Administrative Privileges

PHP-Nuke 1.02.5 - Administrative Privileges source: https://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem...

vqSoft vqServer 1.4.49 - Denial of Service

vqSoft vqServer 1.4.49 - Denial of Service source: https://www.securityfocus.com/bid/1610/info vqServer 1.4.49 is subject to a buffer overflow. If a GET request is sent to the server containing 65 000 characters the server will stop responding. A reboot is required in order to gain normal...

Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow

Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this...

proxy.dos

HTTP Proxies Denial of Service by SectorX of XOR http://xorteam.cjb.net The theory ========== While browsing through my own http proxy code, i noticed an interesting coding mistake - the proxy did not perfrom timeout checking on the remote host the user was connecting to. since every time a user...

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint...

Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - '/usr/bin/fld' Input File Overflow

/ source: https://www.securityfocus.com/bid/1371/info KON Kanji On Console is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable programs, accepts options input from a text file. Through this...

ISC innd 2.x - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1316/info innd 2.2.2 contains a remotely exploitable buffer overflow in code reached when a cancel request is sent to the "control" newsgroup, under the following condition: the cancel request contains a valid Message-ID but the From/Sender fields diff...

Sam Lantinga splitvt 1.6.3 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/1346/info A buffer overflow condition that could be exploited to obtain root exists in splitvt 1.6.3 and earlier. Splitvt is distributed with several Linux distributions. / Local exploit for Debian splitvt 1.6.3-4 - by Syzop Thanks to aleph1 for writin...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (3)

KDE 1.1.2 KApplication configfile - Local Privilege Escalation 3 source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow (2)

Elm Development Group ELM 2.42.5.1 Mail for UNIX - ELM Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm 2.5 PL3 exploit Tested Under Linux Slackware 3.6, 4.0, 7.0 By xfer [email protected] ...

Marty Bochane MDBms 0.9 - xbx Buffer Overflow

Marty Bochane MDBms 0.9 - xbx Buffer Overflow // source: https://www.securityfocus.com/bid/1252/info A vulnerability exists in the MDBMS database, written by Marty Bochane. By supplying a line of sufficient length to the MDBMS server, containing machine executable code, it is possible for a remot...