XMail 1.21 (-t Command Line Option) Local Root Buffer Overflow Exploit

No description provided by source. / XMail 1.21 'sendmail' local exploit ret-into-libc Yields uid root || gid mail By qaaz at centrum dot cz, 2005 / include stdio.h include stdlib.h include unistd.h include string.h include signal.h include sys/types.h include sys/wait.h include sys/select.h defi...

XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation

/ XMail 1.21 'sendmail' local exploit ret-into-libc Yields uid root || gid mail By qaaz at centrum dot cz, 2005 / include include include include include include include include define TARGET "/var/MailRoot/bin/sendmail" define NM "nm" define GREP "grep" define MKDIR "mkdir" define TMP "/tmp"...

RHEL 2.1 / 3 : openldap and nss_ldap (RHSA-2005:751)

Updated openldap and nssldap packages that correct a potential password disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol...

xloadimage security update

CentOS Errata and Security Advisory CESA-2005:802 Updated openldap and nssldap packages that correct a potential password disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LD...

nss_ldap, openldap security update

CentOS Errata and Security Advisory CESA-2005:751-01 Updated openldap and nssldap packages that correct a potential password disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of...

compat, nss_ldap, openldap security update

CentOS Errata and Security Advisory CESA-2005:767 Updated openldap and nssldap packages that correct a potential password disclosure issue and possible authentication vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response...

nss_ldap, openldap security update

CentOS Errata and Security Advisory CESA-2005:751 Updated openldap and nssldap packages that correct a potential password disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LD...

Moderate: Red Hat Security Advisory: openldap and nss_ldap security update

Updated openldap and nssldap packages that correct a potential password disclosure issue and possible authentication vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP...

Lantronix Secure Console Server (edituser) Local Root Exploit

Exploit for unknown platform in category local exploits ============================================================= Lantronix Secure Console Server edituser Local Root Exploit ============================================================= !/bin/sh Lantronix Secure Console Server edituser root...

CVE-2002-2002

CVE-2002-2002 : The vulnerability is a buffer overflow in libc of Compaq Tru64 releases 4.0F, 5.0, 5.1 and 5.1A triggered by unusually long environment variables (LANG, LOCPATH). This can allow an attacker to execute arbitrary code. The issue is rooted in the Tru64 libc handling of environment va...

CVE-2005-1887

CVE-2005-1887 affects Sun Solaris 10 libc.so.1/libc and libproject components. Connected documents indicate Solaris 10 SPARC patch 119689-07 and x86 patch 118345-13 address the issue; patches target libc.so.1. The vulnerability is described as allowing local privilege escalation, with local acces...

Sun Solaris libc privilege escalation

No description provided...

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...

Low: Red Hat Security Advisory: glibc security update

Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by applications. Flaws in the catchsegv and glibcbug scrip...

Debian DSA-707-1 : mysql - several vulnerabilities

Several vulnerabilities have been discovered in MySQL, a popular database. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0957 Sergei Golubchik discovered a problem in the access handling for similar named databases. If a user is granted privileges...

HP-UX PHCO_16629 : s700_800 11.00 libc cumulative patch

s700800 11.00 libc cumulative patch : rpc.pcnfsd has an error in its use of the spool directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO16629. The text itself is copyright C Hewlett-Packard...

GLSA-200503-19 : MySQL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-19 MySQL: Multiple vulnerabilities MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges CAN-2005-0709 and CAN-2005-0710. Furthermore MySQL uses predictable filenames when creating...

exp3.pl.txt

!/usr/bin/perl Mysql CREATE FUNCTION libc arbitrary code execution. Author: Stefano Di Paola Vulnerable: Mysql 0; use constant PASS = "USEYOURPASSHERE"; Connect to the database. my $dbh = DBI-connect"DBI:mysql:database=test;host=localhost", "root", PASS ,'RaiseError' = 1; This is the opcode point...

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...