3217 matches found
FreeBSD 2.2-4.2,NetBSD 1.2-4.5,OpenBSD 2.x ftpd glob() Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...
linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes
No description provided by source. -------------------ASM---------------------- global start section .text start: ;setuid0 xor ebx,ebx lea eax,ebx+17h cdq int 80h ;execve/bin/sh,0,0 xor ecx,ecx push ecx push 0x68732f6e push 0x69622f2f lea eax,ecx+0Bh mov ebx,esp int 80h...
IMLib2 Home Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating systems and linked with...
Upclient 5.0 b7 Command Line Argument Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application an...
freebsd/x86 setuid(0); execve(ipf -Fa); shellcode 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve//sbin/ipf, //sbin/ipf, -Faa, 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xor eax,...
FreeBSD 3.3,Linux Mandrake 7.0 'xsoldier' Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via ...
Oracle9i Database Default Library Directory Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to...
Linux/x86 Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
No description provided by source. / Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit Date: 30/12/2011 Author: pentesters.ir Tested on: Linux x86 - CentOS 6.0 - 2.6.32-71 Website:...
David Bagley xlock 4.16 User Supplied Format String Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the xlock shipped with a numb...
QNX Photon pkg-installer -s Parameter Overflow
No description provided by source. source: http://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string...
Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes
No description provided by source. / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes...
Linux kernel <= 2.2.18 ptrace/execve Race Condition Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. A problem in the Linux Kernel could...
QNX Photon phrelay-cfg -s Parameter Overflow
No description provided by source. source: http://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string...
QNX Photon input-cfg -s Parameter Overflow
No description provided by source. source: http://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string...
Solaris 7/8 kcms_configure Command-Line Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2558/info The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcmsconfigure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly...
Solaris 2.5/2.6/7.0/8 ufsrestore Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1348/info Solaris is a version of the UNIX Operating System distributed by Sun Microsystems. Solaris ships with a filesystem utility called ufsrestore that is used for archive/backup retrieval. A problem with the utility...
Snes9x 1.3 - Local Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3437/info Snes9x is a free Super Nintendo emulator that runs on a number of platforms. Snes9x is prone to a buffer overflow. This is due to improper bounds checking of rom names. In this case, 4089 characters are required...
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...
Sun Cobalt RaQ 4.0 Predictable Temporary Filename Symbolic Link Attack Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5529/info A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which is used by Apache for authentication...
Red Hat Linux stickiness of /tmp
No description provided by source. from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora...