3217 matches found
QNX Photon phlocale -s Parameter Overflow
No description provided by source. source: http://www.securityfocus.com/bid/11164/info Reportedly QNX Photon MicroGUI is affected by multiple buffer overflow vulnerabilities in MicroGUI utilities. These issues are due to a failure of the affected applications to validate user-supplied string...
Solaris 2.6/7.0/8 netpr Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as...
solaris/x86 setuid(0), execve(/bin/cat, /etc/shadow), exit(0) 59 bytes
No description provided by source. / ; sm4x 2008 ; /bin/cat /etc/shadow ; 59 bytes ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; port to SunOS to pwn a b0x - thank god for that default unix CRYPTDEFAULT!!!! ; this is what happens when ur work takes away root pirv on a SunOS box :-/ global...
IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
S.u.S.E. Linux 6.3/6.4 Gnomelib Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1155/info A vulnerability exists in the handling of the DISPLAY variable, in versions of Gnomelib shipped with S.u.S.E. Linux, version 6.3. By supplying a long buffer containing machine executable code in the DISPLAY...
Matt Kimball and Roger Wolff mtr 0.28/0.41,Turbolinux 3.5 b2/4.2/4.4/6.0 mtr Vulnerability.2
No description provided by source. source: http://www.securityfocus.com/bid/1038/info A potential vulnerability exists in the 'mtr' program, by Matt Kimball and Roger Wolff. Versions prior to 0.42 incorrectly dropped privileges on all Unix variants except HPUX. By calling a seteuidgetuid call, th...
Linux/ARM - setuid(0) & execve("/bin/sh","/bin/sh",0) - 38 bytes
No description provided by source. / Title: Linux/ARM - setuid0 & execve/bin/sh,/bin/sh,0 - 38 bytes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/...
QNX 6.x 'ptrace()' Arbitrary Process Modification Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4919/info The QNX implementation of 'ptrace' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit...
Monit <= 4.2 - Remote Root Buffer Overflow Exploit
No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...
CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrda...
Solaris 8 libsldap Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a...
Linux/SuperH - sh4 - setuid(0) - chmod("/etc/shadow", 0666) - exit(0) - 43 bytes
No description provided by source. / Title: Linux/SuperH - sh4 - setuid0 - chmod/etc/shadow, 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalwan http://shell-storm.org seteuid: mov 23, r3 xor r4, r4 trapa 2 chmod: mov...
Century Software Term For Linux 6.27.869 Command Line Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/4174/info Term is a commercially available software package for Unix and Linux operating systems. It is distributed and maintained by Century Software. Under some circumstances, it may be possible for a local user to...
Fred N. van Kempen dip 3.3.7 - Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c': sprintfbuf, %s/LCK..%s,...
linux/x86 setuid(0) + execve("/bin/sh", ["/bin/sh", NULL]) 31 bytes
No description provided by source. / Linux/x86 setuid0 + execve/bin/sh, /bin/sh, NULL - 31 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x31\xd2 // xor %edx, %edx \x6a\x0b // push $0xb \x58 // pop %eax \x52 //...
QNX RTOS 4.25 monitor Arbitrary File Modification Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line...
Samba Pre-2.0.5 Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/536/info There were a number of vulnerabilities in the Samba package pre-2.0.5. The first is a possible denial of service in nmbd the netbios name service daemon, which resulted in nmbd spinning until killed. The second...
QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager...
Solaris 10 (libnspr) - Arbitrary File Creation Local Root Exploit
No description provided by source. !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:12 raptor Exp $ raptorlibnspr - Solaris 10 libnspr oldschool local root Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as includ...
Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit
No description provided by source. / CVE-2013-2094 exploit x8664 Linux 3.8.9 by sorbo [email protected] June 2013 Based on sd's exploit. Supports more targets. / define GNUSOURCE include string.h include stdio.h include unistd.h include stdlib.h include stdint.h include sys/syscall.h include...