FreeBSD 3.5.1/4.2 ports package local root exploit

No description provided by source. / xklock - FreeBSD 3.5.1 & 4.2 ports package local root exploit The X key lock program contain several exploitable buffer overflows in command line arguments aswell as the 'JNAME' environment variable. xklock is installed setuid root by default. This POC exploit...

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version

No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...

IBM AIX rdist工具本地任意文件覆盖漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的/usr/bin/rdist工具实现上存在漏洞，本地攻击者可能利用此漏洞覆盖任意文件并以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法： 删除setuid root位： chmod 555 /usr/bin/rdist 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： ftp://aix.software.ibm.com/aix/efixes/security/rdistifix.tar.Z...

Solaris 10 libnspr LD_PRELOAD Arbitrary File Creation Local Root Exploit

No description provided by source. !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as include...

HP-UX 11i (swpackage) Stack Overflow Local Root Exploit

No description provided by source. / HP-UX swpackage buffer overflow exploit ======================================= HP-UX 'swpackage' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficent bounds checking in the "-S"...

HP-UX 11i (swmodify) Stack Overflow Local Root Exploit

No description provided by source. / HP-UX swmodify buffer overflow exploit ======================================= HP-UX 'swmodify' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficent bounds checking in the "-S"...

Solaris 10 libnspr constructor Local Root Exploit

No description provided by source. !/bin/sh $Id: raptorlibnspr3,v 1.1 2006/10/24 15:54:57 raptor Exp $ raptorlibnspr3 - Solaris 10 libnspr constructor exploit Copyright c 2006 Marco Ivaldi [email protected] Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as...

HP-UX 11i (swask) Format String Local Root Exploit

No description provided by source. / HP-UX swask format string local root exploit ============================================ HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerability is in the...

X.Org fails to check for setuid failure on Linux systems

Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...

HP-UX 11i (swmodify) Stack Overflow Local Root Exploit

Exploit for hp-ux platform in category local exploits ====================================================== HP-UX 11i swmodify Stack Overflow Local Root Exploit ====================================================== / HP-UX swmodify buffer overflow exploit =======================================...

HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation

/ HP-UX swmodify buffer overflow exploit ======================================= HP-UX 'swmodify' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficent bounds checking in the "-S" optional arguement. 'swmodify' is...

Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)

!/bin/sh $Id: raptorlibnspr3,v 1.1 2006/10/24 15:54:57 raptor Exp $ raptorlibnspr3 - Solaris 10 libnspr constructor exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to...

HP-UX 11i (swask) Format String Local Root Exploit

Exploit for hp-ux platform in category local exploits ================================================== HP-UX 11i swask Format String Local Root Exploit ================================================== / HP-UX swask format string local root exploit ============================================...

Solaris 10 libnspr - Constructor Arbitrary File Creation Privilege Escalation (3)

Solaris 10 libnspr - Constructor Arbitrary File Creation Privilege Escalation 3 !/bin/sh $Id: raptorlibnspr3,v 1.1 2006/10/24 15:54:57 raptor Exp $ raptorlibnspr3 - Solaris 10 libnspr constructor exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version...

HP-UX 11i (swpackage) Stack Overflow Local Root Exploit

Exploit for hp-ux platform in category local exploits ======================================================= HP-UX 11i swpackage Stack Overflow Local Root Exploit ======================================================= / HP-UX swpackage buffer overflow exploit...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)

source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this issue allows an attacker to gain superuser privileges, completely compromising the...

linux/x86 setuid(0) and /bin/sh execve() shellcode 30 bytes

No description provided by source. / $Id: setuid-linux.c,v 1.4 2004/06/02 12:22:30 raptor Exp $ setuid-linux.c - setuid/execve shellcode for Linux/x86 Copyright c 2004 Marco Ivaldi [email protected] Short fully-functional setuid0 and /bin/sh execve shellcode. / / setuid0 8049380: 6a 17 push...

linux/x86 setuid/portbind shellcode 96 bytes

No description provided by source. / $Id: portbind-linux.c,v 1.4 2004/06/02 12:22:30 raptor Exp $ portbind-linux.c - setuid/portbind shellcode for Linux/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on port 31337/tcp based on...

Solaris 10 libnspr - LD_PRELOAD Arbitrary File Creation Privilege Escalation (2)

Solaris 10 libnspr - LDPRELOAD Arbitrary File Creation Privilege Escalation 2 !/bin/sh $Id: raptorlibnspr2,v 1.4 2006/10/16 11:50:48 raptor Exp $ raptorlibnspr2 - Solaris 10 libnspr LDPRELOAD exploit Copyright c 2006 Marco Ivaldi Local exploitation of a design error vulnerability in version 4.6.1...

Debian DSA-1106-1 : ppp - programming error

Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid call has been successful when trying to drop privileges, which may fail with some PAM configurations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...