292 matches found
[Full-disclosure] Bluez hcid popen() explained.
kflistsatdigitalmunitiondotcom After the release of TheftOfLinkKey.txt I had several people mention that they did not quite understand why I consider the recently reported bluez vulnerability to be quite trivial. In this document I will attempt to outline an exploitable scenario for hcid using th...
CVE-1999-1580
CVE-1999-1580 affects SunOS sendmail 5.59–5.65. The bug arises from using popen to process a forwarding host argument, enabling local users to gain root privileges by manipulating the IFS variable and passing crafted values to the -oR option. This creates a local privilege escalation vector. Publ...
CVE-1999-1580
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...
CVE-1999-1580
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...
USN-99-1: PHP4 vulnerabilities
Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...
CVE-1999-1468
CVE-1999-1468 affects rdist in various UNIX systems. The vulnerability arises when rdist uses popen to invoke sendmail, enabling local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. The provided sources confirm the component and the privileged escalation v...
CVE-2002-0652
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen function, such as exportfs...
sendmail.php.txt
Sequoiasoft's sendmail php script dangerous - By jwilkins PHP-Nuke Written by Sequioa Software, this script allows execution of arbitrary code by a malicious user. Written by Sequioa Software, this script allows execution of arbitrary code by a malicious user. Essentially, popen executes a shell...
2dopewars_exploits.txt
two security holes i found for local use in dopewars1.4.7-current. dopewars is setgid=games. by: [email protected]. LOCAL VULNERABILITY 1: insecure popen call, a shell script can handle this. -- dopewars.sh start -- !/bin/sh dopewars.sh1.4.7: shell script by [email protected]. gives...
PHP 3.0.13 - Safe_mode Failure
PHP 3.0.13 - Safemode Failure source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developer...
PHP 3.0.13 - 'Safe_mode' Failure
source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generat...
IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation
source: https://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives egid=mail. Apr. 1994 Setup needed...