Samba 2.0.x2.2 - Arbitrary File Creation

Samba 2.0.x2.2 - Arbitrary File Creation source: https://www.securityfocus.com/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and...

Oracle 8 Server - TNSLSNR80.EXE Denial of Service

Oracle 8 Server - TNSLSNR80.EXE Denial of Service source: https://www.securityfocus.com/bid/2626/info A denial of service vulnerability exists in Oracle 8. An attacker connecting to port 1526 and sending invalid input will cause the 'TNSLSNR80.EXE' process to consume all available system resource...

glibc-resolve-tr.sh

Charles Stevenson glibc-2.2 and openssh-2.3.0p1 Debian 2.3 , Redhat 7.0 This exploits is for glibc = 2.1.9x. [email protected] Edit this if you have a problem with path ssh=/usr/bin/ssh traceroute=/usr/sbin/traceroute FILE=/etc/shadow File to read echo "$ssh" echo " Checking permisions..." if...

Fastgraf's whois.cgi Remote Command Execution Exploit

Exploit for cgi platform in category remote exploits ===================================================== Fastgraf's whois.cgi Remote Command Execution Exploit ===================================================== !/usr/bin/perl whois.pl - Marco van Berkum - email protected homepage:...

hhp's Expect advisory/exploit/patch.

------------------------------------------------------------------------------- hhp adv-17 Sec-Advisory/Exploit/Patch www.hhp-programming.net ------------------------------------------------------------------------------- Topic: Expect. Versions: 5.31.8 and 5.28.1, maybe others. Date: 12/12/2000...

Pine (Local Message Grabber) - Local Message Read

!/bin/sh Grab local pine messages Usage: ./monpine.sh victim pine must use following settings [email protected] http://hacksware.com x enable-alternate-editor-cmd x enable-alternate-editor-implicitly editor = /usr/bin/vi PID=$1 PICOFILE=printf "/tmp/pico.%.6d" $PID TRASHCAN=/tmp/.trashcan.date|se...

PHF (Linuxx86) - Remote Buffer Overflow

PHF Linuxx86 - Remote Buffer Overflow / | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Fr...

rpc Suid Privledge Exploit

Exploit for linux platform in category local exploits ========================== rpc Suid Privledge Exploit ========================== !/usr/bin/perl -w exploits suid privledges on rcp Not really tested this but hey works on redhat6.2 not werk on freebsd4.1 stable bug discovered by Andrew Griffit...

RedHat 6.2 usrbinrcp - SUID Local Privilege Escalation

RedHat 6.2 usrbinrcp - SUID Local Privilege Escalation !/usr/bin/perl -w exploits suid privledges on rcp Not really tested this but hey works on redhat6.2 not werk on freebsd4.1 stable bug discovered by Andrew Griffiths Exploit written by tlabs greetz to those that know me innit Please set your...

dump 0.4b15 - Local Privilege Escalation

dump 0.4b15 - Local Privilege Escalation !/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember, there's no cure for BSE echo "dump-0.4b15 root exploit" echo "Discovered by Mat " echo...

dump 0.4b15 - Local Privilege Escalation

!/bin/sh Redhat 6.2 dump command executes external program with suid priviledge. Discovered by Mat Written for and by a scriptkid Tasc ;P Remember, there's no cure for BSE echo "dump-0.4b15 root exploit" echo "Discovered by Mat " echo "-------------------------------------" echo DUMP=/sbin/dump i...

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)

!/usr/bin/perl See http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=1806 Very simple PERL script to execute commands on IIS Unicode vulnerable servers Use port number with SSLproxy for testing SSL sites Usage: unicodexecute2 IP:port command Only makes use of "Socket" library New i...

RedHat 6.2 - sbinrestore Local Privilege Escalation

RedHat 6.2 - sbinrestore Local Privilege Escalation !/bin/sh /sbin/restore exploit for rh6.2 I did not find this weakness my self, all i did was writing this script and some more to make it automatic and easy to use. This exploit should work on all redhat 6.2 systems with /sbin/restore not "fucke...

Restore and Dump Local Exploit

Exploit for linux platform in category local exploits ============================== Restore and Dump Local Exploit ============================== !/usr/bin/perl perl exploit of restore and dump redhat linux 6.2 written by tlabs Use at your discretion $EXPORT1="TAPE=garbage:garbage" ;...

Poll It CGI v2.0 exploit

Exploit for cgi platform in category web applications ======================== Poll It CGI v2.0 exploit ======================== !/usr/bin/perl Poll It CGI v2.0 exploit shouts to modjo, p, zen, kd, ab, all the script kiddies. use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print"\n\t+--...

quakeworldex.txt

tested on qwsv-2.30-glibc-i386-unknown-linux2.0 The Quakeworld server unix rcon feature contains a buffer overflow which crashes the server, segfaults and core dumps. There are a bunch of different quakeworld servers out, picking a different one would probably be a good idea. RCONEX by...

News Publisher CGI Vulnerability

Product: News Publisher Versions: Tested v1.05, 1.05a, 1.05b and 1.06 newest OS: Unix and Winnt Vendor: Notified Web Site: www.gwscripts.com The Problem, yet again CGI authors use nested IF statements to decide what action to take upon and incoming request. This time the problem allows ppl to add...

Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow

Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow source: https://www.securityfocus.com/bid/1289/info A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (3)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...

Hi again. Another overflow and TCP/IP stack flaw. Affected: virtually any system running on the top of Netware system with http remote administration including web caching solutions, BorderManager firewall and so on... There's an buffer overflow in remote http, usually on port 8008 or so...