CVE-2007-3245

IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered...

Trojan-static variation dynamic DLL Trojans big secret-vulnerability warning-the black bar safety net

Believe often play the Trojan friends will know some of the Trojan characteristics, will also have their own favorite Trojan, however, many friends still don't know in recent years the rise of“DLL Trojan”. What is the“DLL Trojan”? It is generally the Trojans have what different? One, from the DLL...

TrueCrypt 4.3 - 'setuid' Local Privilege Escalation

$Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service filesystem unavailability or gain privileges by mounting...

TrueCrypt 4.3 - setuid Local Privilege Escalation

TrueCrypt 4.3 - setuid Local Privilege Escalation $Id: raptortruecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $ raptortruecrypt - setuid truecrypt privilege escalation Copyright c 2007 Marco Ivaldi TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service...

Izik : Reverse Engineering with LD_PRELOAD

July, 06 2005г.| Izik Reverse Engineering with LDPRELOAD This paper is about the LDPRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow. Compiling Methods...

[SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness

TITLE: Apple QuickTime Plug-In Local Resource Linking Weakness SECUNIA ADVISORY ID: SA22048 VERIFY ADVISORY: http://secunia.com/advisories/22048/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: pdp has...

estateagent.txt

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Mambo Component - EstateAgent Attack method: Source: Don't allow direct linking defined 'VALIDMOS' or die 'Direct Access to this location is not allowed.' ; requireonce $mainframe-getPath...

Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl() Local Privilege Escalation

Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl Local Privilege Escalation / $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4,...

Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation

/ $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...

Mandrake Linux Security Advisory : sash (MDKSA-2006:070)

Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core CVE-2005-2096. Markus Oberhumber discovered additional ways that a specially crafted compresse...

CVE-2006-0646

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an...

Directory traversal

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an...

CVE-2006-0646

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an...

win32 WinExec Command Parameter 104+ bytes

win32 WinExec Command Parameter 104+ bytes. Shellcode exploit for win32 platform ; ; relocateable dynamic runtime assembly code example using hash lookup ; ; WinExec with ExitThread ; 104 bytes ; ; for testing: ; ; ml /c /coff /Cp wexec2.asm ; link /subsystem:windows /section:.text,w wexec2.obj ;...

elfcd1.txt

!/bin/bash elfcd.sh warning: This code will crash your machine cat elfcd1.c / Linux binfmtelf core dump buffer overflow Copyright c 2005 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING, PRINTING,...

CVE-2004-2431

Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication...

Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3

Dec. 27, 2004 Sviatoslav Sviridov 2.0.52-alt3 - updated alt-configure patch to check for available libldap and link with libldap - applied patches: + httpd-2.0.52-sslauth.patch + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.diff + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.diff +...

SUSE-SA:2003:0010: libmcrypt

The remote host is missing the patch for the advisory SUSE-SA:2003:0010 libmcrypt. Libmcrypt is a data encryption library that is able to load crypto- modules at run-time by using libltdl. Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very...

slackdb.txt

Date: Thu, 16 Jul 1998 09:22:40 +0200 From: Martin Bene Subject: Berkley DB problem in slackware distribution Hi! I recently ran into a potential problem with berkley db 1.85 as distributed with all versions of slackware linux: fixed in slackware 3.5 as of 07.14.98 libdb.so.1.85.4 defines snprint...

Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer

cat psexpl.po psexpl.c include include include define BUFLENGTH 632 define EXTRA 256 int mainint argc, char argv char bufBUFLENGTH + EXTRA; / ps will grok this file for the exploit code / char envp="NLSPATH=/tmp/foo",0; ulong longp; uchar charp; / This will vary depending on your libc / ulong...