90 matches found
[Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX invscout Local Command Execution Vulnerability
IBM AIX invscout Local Command Execution Vulnerability iDEFENSE Security Advisory 12.20.04 www.idefense.com/application/poi/display?id=171&type=vulnerabilities December 20, 2004 I. BACKGROUND The invscout program is a setuid root application, installed by default under newer versions of IBM AIX,...
OpenFTPd 0.30.1 - message system Remote Shell
/ shouts to mitakeet :D exploit for openftpd format string bug. tested on most current version only. -infamous42md AT hotpop DOT com is real email only tricky part is find a place to stick the shell, as there isn't enough room to send it with the format string. thankfully when using the 'site msg...
CVE-2004-0622
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login aka Loginwindow.app, Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory...
SRT2003-08-01-0126 - cdrtools local root exploit
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
AIX 4.3.3/5.x - Getlvcb Command Line Argument Buffer Overflow (1)
source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow i...
GLIBC locale - Format Strings
/ su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"...
MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration (1)
MySQL 3.20.323.22.x3.23.x - Null Root Password Weak Default Configuration 1 / source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration...
rsync 2.3/2.4/2.5 - Signed Array Index Remote Code Execution
// source: https://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability...
Solaris in.telnetd TTYPROMPT Buffer Overflow
漏洞描述:Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris 10的TELNET服务在处理畸形的认证数据时存在漏洞,远程攻击者可能利用此漏洞绕过认证获得访问。 Solaris...
security alert: speechd from speechio.org
this is my first post in this kin of thing so bare with me. there is a vulnerability in speechd that alllows you to run arbetrary code as the root user or whoever is running speechd hopefully not root!. it will only work if you are using rsynth, that is all i have tested, it may work on festival...