4079 matches found
BSD bmon <= 1.2.1_2 Local Exploit
No description provided by source. !/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon 1.2.12 installed. when bmon is executed with the -n parameter it popens netcat but fail to provide an absoluth path. some bsds are configured with acls that...
BSD bmon 1.2.1_2 - Local acls Bypass
BSD bmon 1.2.12 - Local acls Bypass !/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell wit...
BSD bmon <= 1.2.1_2 Local Exploit
Exploit for bsd platform in category local exploits ================================= BSD bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell with stdout redirected to stderr. cat ./netsta...
BSD bmon 1.2.1_2 - Local acls Bypass
!/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell with stdout redirected to stderr. cat...
IIS NNTP Service XPAT Command Vulnerabilities
Advisory ID Internal CORE-2004-0802 Core Security Advisory https://www.coresecurity.com Date Published: 2004-10-12 Last Update: 2004-10-12 Advisory ID: CORE-2004-0802 Bugtraq ID: Not assigned CVE Name: CAN-2004-0574 Title: IIS NNTP Service XPAT Command Vulnerabilities Class: Boundary error...
Debian DSA-325-1 : eldav - insecure temporary file
eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Debian DSA-041-1 : joe - local exploit
Christer Oberg of Wkit Security AB found a problem in joe Joe's Own Editor. joe will look for a configuration file in three locations: The current directory, the users homedirectory $HOME and in /etc/joe. Since the configuration file can define commands joe will run for example to check spelling...
Debian DSA-024-1 : cron - local insecure crontab handling
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so it can't be used to get access to /etc/shadow or something. crontab files are not especially secure...
Zinf Audio Player 2.2.1 - Local Buffer Overflow
/ -------------------------------Advisory---------------------------------- Luigi Auriemma I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version of Zinf. In short, Zinf is an audio player for Linux and Windows:...
Zinf Audio Player 2.2.1 - Local Buffer Overflow
Zinf Audio Player 2.2.1 - Local Buffer Overflow / -------------------------------Advisory---------------------------------- Luigi Auriemma I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version of Zinf. In short, Zi...
GNU Sharutils <= 4.2.1 Local Format String PoC Exploit
No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...
CVE-2004-0907
CVE-2004-0907 affects Linux installs of Mozilla Firefox (pre-Preview Release), Mozilla (pre-1.7.3), and Thunderbird (pre-0.8). The root cause is insecure permissions on files created during the installation tarball extraction, which could let local users overwrite files and execute arbitrary code...
PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload
The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...
htpasswd Apache 1.3.31 Local Exploit
Exploit for linux platform in category local exploits ==================================== htpasswd Apache 1.3.31 Local Exploit ==================================== !/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo -...
MySQL < 4.0.21 mysqlhotcopy Insecure Temporary File Creation
You are running a version of MySQL which is older than version 4.0.21. Mysqlhotcopy is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker could potentially...
XV 3.x - .BMP Parsing Local Buffer Overflow
XV 3.x - .BMP Parsing Local Buffer Overflow / xv exploit for the bmp parsing buffer overflow infamous42md AT hotpop DOT com PEOPLE STOP EMAILING MY BUGTRAQ ADDRESS AND USE THIS ONE!! n00batlocalho.outernet gcc -Wall xvbmpslap.c n00batlocalho.outernet ./a.out Usage: ./a.out align...
Sendmail < 8.11.6 Local Overflow
Binary data 2018.prm...
IPD (Integrity Protection Driver) Local Exploit
Exploit for unknown platform in category local exploits =============================================== IPD Integrity Protection Driver Local Exploit =============================================== / ipd-dos.c Copyright c 2002-2004 By Next Generation Security S.L. All rights reserved Compiles wit...
AOL Instant Messenger AIM - Away Message Local Overflow
AOL Instant Messenger AIM - Away Message Local Overflow / subject: local PoC exploit for AIM 5.5.3595 vendor: http://www.aim.com cve: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0636 credits: Matt Murphy date: 10 August 2004 notes: exploits localy if an argument is supplied,...
AOL Instant Messenger AIM "Away" Message Local Exploit
Exploit for unknown platform in category local exploits ====================================================== AOL Instant Messenger AIM "Away" Message Local Exploit ====================================================== / subject: local PoC exploit for AIM 5.5.3595 vendor: http://www.aim.com cve...