699 matches found
Xmail 0.50.6 CTRLServer - Arbitrary Commands
Xmail 0.50.6 CTRLServer - Arbitrary Commands // source: https://www.securityfocus.com/bid/2360/info Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget command leads to an overflow, which, properly exploited, can...
Tru64 5 (su) Env Local Stack Overflow Exploit
Exploit for tru64 platform in category local exploits ============================================= Tru64 5 su Env Local Stack Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / T...
IMAP4rev1 10.190 Authentication Stack Overflow Exploit
Exploit for linux platform in category remote exploits ====================================================== IMAP4rev1 10.190 Authentication Stack Overflow Exploit ====================================================== !/usr/bin/perl Successfully tested on IMAP4rev1 v10.190 Written by:...
Solaris 2.5 / 2.5.1 getgrnam() Local Overflow Exploit
Exploit for solaris platform in category local exploits ===================================================== Solaris 2.5 / 2.5.1 getgrnam Local Overflow Exploit ===================================================== include include / getgrnam function overflow. works against Solaris 2.5/2.5.1 SPA...
OpenBSD ftpd 2.6/2.7 - Remote Overflow
/ h0h0h0 0-day k0d3z Exploit by Scrippie, help by dvorak and jimjones greets to sk8 Not fully developt exploit but it works most of the time ; Things to add: - automatic writeable directory finding - syn-scan option to do mass-scanning - worm capabilities? should be done seperatly using the -C...
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...
BSDi SUIDPerl - Local Stack Buffer Overflow
BSDi SUIDPerl - Local Stack Buffer Overflow / BSDisuidperl buffer overflow, by [email protected]. this is that old buffer overflow in suidperl, but i never saw any version of it for BSDi. so, here it is. this gives euid=0. BSDi/3.0 / define PATH "/usr/bin/suidperl" / path to suidperl on BSDi/3.0....
Half Life - rcon Remote Buffer Overflow
Half Life - rcon Remote Buffer Overflow / SDI HalfLife rcon remote exploit for linux x86 portuguese exploit remoto para o buffer overflow do rcon no halflife Tamandua Sekure Labs Sao Paulo - Porto Alegre, Brazil by Thiago Zaninotti c0nd0r Gustavo Scotti csh Proof of concept - There is a remote...
UMN Gopherd 2.x - Halidate Function Buffer Overflow
UMN Gopherd 2.x - Halidate Function Buffer Overflow // source: https://www.securityfocus.com/bid/1591/info It is possible to either execute arbitrary code or crash a remote system running University of Minnesota's Gopher Daemon, depending on the data entered. An unchecked buffer exists in the...
vqSoft vqServer 1.4.49 - Denial of Service
source: https://www.securityfocus.com/bid/1610/info vqServer 1.4.49 is subject to a buffer overflow. If a GET request is sent to the server containing 65 000 characters the server will stop responding. A reboot is required in order to gain normal functionality. !/usr/bin/perl DoS exploit for...
Possible vulnerability in HPUX
Hello, Few days ago i read the mail Hackerslab bugpaper HP-UX bdf -t option buffer overflow vul. And decided to see any other possible vulnerabilityies on my ststem. HP-UX 10.20. After a few minutes maybe a little more : ,trying each setuid exe with different options, i finally got results as for...
Stanley T. Shebs Xconq 7.2.2 - xconq Buffer Overflow
Stanley T. Shebs Xconq 7.2.2 - xconq Buffer Overflow / source: https://www.securityfocus.com/bid/1495/info Xconq is a multiple player strategy game available for many unix platforms. It contains a number of buffer overflow vulnerabilities including the ability to overflow stack buffers with eithe...
lpset.overflow
Here's an overflow exploit that works on a non-exec stack on x86 boxes. It demonstrates how it is possible to thread together several libc calls. I have not seen any other exploits for x86 that have done this.. for the lpset bug in sol7 x86. Tim N. define BASE 0xdff40000 define STACK 0x8047e30...
DoS-CProxyv3.3
Last day I found a vulnerability in CProxy while I was testing it to install in a host server in one office... Here is the test that demonstrate the existence of the bug / Remote Denial of Service for CProxy v3.3 - Service Pack 2 C |TDP| - HaCk-13 TeaM - 2000 This program xploits an overflow...
CProxy v3.3 SP 2 DoS
Last day I found a vulnerability in CProxy while I was testing it to install in a host server in one office... Here is the test that demonstrate the existence of the bug / Remote Denial of Service for CProxy v3.3 - Service Pack 2 C |TDP| - HaCk-13 TeaM - 2000 [email protected] This program xploits a...
XFree86 server overflow - exploit issues
While trying to exploit this overflow, I noticed that the problem lies in lovely strcpy call, which overwrites stack. Unfortunately, any 'offending' non-alphanumeric characters are replaced with '' somewhere before. Uh, most of people will say "it's impossible to write alphanumeric shellcode, so ...
XFree86 server overflow
XFree86 3.3.6 and probably 4.0.0 as well ; - by running X server no matter it's setuid, or called from setuid Xwrapper - works in both cases, seems to me Xwrapper in default RH 6.x distro is rather dumb ; with -xkbmap parameter and over 2100 of 'A's or shellcode, again, it's rather trivial to...
Real Networks RealPlayer 67 - Location Buffer Overflow
Real Networks RealPlayer 67 - Location Buffer Overflow source: https://www.securityfocus.com/bid/1088/info Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause t...
FreeBSD-SA-00:10.orville-write
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:10 Security Advisory FreeBSD, Inc. Topic: orville-write port contains local root compromise. Category: ports Module: orville-write Announced: 2000-03-15 Affects: Ports...
AnalogX SimpleServer:WWW 1.0.1 - GET Buffer Overflow
source: https://www.securityfocus.com/bid/906/info The SimpleServer:WWW personal webserver package from AnalogX can be compromised due to an overflowable buffer. If a GET request longer than 1000 bytes is received, the software will crash and data from the request gets pased to the EIP, meaning...