Perl: Insecure temporary file creation

Background Perl is a stable, cross-platform programming language created by Larry Wall. Description Some Perl modules create temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a...

AppServ 2.5.x and Prior Exploit

what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniques that...

[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour

-------------------------------------------------------------------------- Debian Security Advisory DSA 585-1 [email protected] http://www.debian.org/security/ Martin Schulze November 5th, 2004 http://www.debian.org/security/faq -...

DSA-585-1 shadow - programming error

Bulletin has no description...

win xp/2000/2003 Download File and Exec 241 bytes

Exploit for win32 platform in category shellcode ================================================= win xp/2000/2003 Download File and Exec 241 bytes ================================================= / ----------------------------------------------------------------------- downloadurlv31.c -...

linux/x86 connect 120 bytes

Exploit for linux/x86 platform in category shellcode =========================== linux/x86 connect 120 bytes =========================== / Connecting shellcode written by lamagra http://lamagra.seKure.de May 2000 .file "connect" .version "01.01" .text .align 4 start:...

solaris/SPARC portbind port 6789 228 bytes

No description provided by source. / Solaris shellcode - connects /bin/sh to a port Claes M. Nyberg 20020624 [email protected], [email protected] / include string.h / void mainvoid asm" ! Server address xor %l1, %l1, %l1 ! l1 = 0 st %l1, %sp - 12 ! 0 = INADDRANY mov 0x2, %l1 ! AFINET sth...

solaris/SPARC portbind port 6789 228 bytes

solaris/SPARC portbind port 6789 228 bytes. Shellcode exploit for solarissparc platform / Solaris shellcode - connects /bin/sh to a port Claes M. Nyberg 20020624 , / include / void mainvoid asm" ! Server address xor %l1, %l1, %l1 ! l1 = 0 st %l1, %sp - 12 ! 0 INADDRANY mov 0x2, %l1 ! AFINET sth...

bsd/x86 reverse portbind 129 bytes

Exploit for bsd/x86 platform in category shellcode ================================== bsd/x86 reverse portbind 129 bytes ================================== / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on...

Pigeon Server <= 3.02.0143 Denial of Service Exploit

Exploit for unknown platform in category dos / poc ==================================================== Pigeon Server include include ifdef WIN32 include include "winerr.h" define close closesocket else include include include include include include endif define VER "0.1" define PORT 3103 define...

apache -- apr_uri_parse IPv6 address handling vulnerability

The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apruriparse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitab...

linux/x86 execve /bin/sh setreuid(12,12) 50 bytes

Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 execve /bin/sh setreuid12,12 50 bytes ================================================= / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12...

WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc =========================================================== WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit =========================================================== /...

CesarFTP Server - Long Command Denial of Service

/ ----------------------------------------------------------------------- cesarftp.c - Cesar FTP Server Long Command DoS Exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion : [email protected] : http://www.cnhonker.com Date : 2004-08-30...

Titan FTP Server - Long Command Heap Overflow

Titan FTP Server - Long Command Heap Overflow / ----------------------------------------------------------------------- titanftp.c - TiTan FTP Server Long Command Heap Overflow PoC Exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion : lion cnhonker net : www cnhonker com Date :...

CVE-2004-0435

Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MSINVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

No description provided by source. include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8;...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...

SUSE-SA:2002:036: mod_php4

The remote host is missing the patch for the advisory SUSE-SA:2002:036 modphp4. PHP is a well known and widely used web programming language. If a PHP script runs in 'safe mode' several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell...

FreeBSD : SA-04:11.msync

The remote host is running a version of FreeBSD which contains a programming error in the msync2 system call which may let a local user with read access to a given file to forbid any change to this file to be written to disk. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...