Progress Database 9.1 - Environment Variable Privilege Escalation

// source: https://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress utilities checks the user's PATH environment variable when includin...

Multiple bugs in XFree86

User's directory in search path for shared libraries for suid applications, shared memory acces via MIT-SHM...

Solaris/SPARC 2.7 lpset exploit (well not likely !)

Hi, lpset seems to use strcat to pass the argument for -r flag /usr/lib/print/lib/../../../../tmp/foo and appends .so to the end. in this case /tmp/foo.so is going to be dlopen but there is a special case /usr/lib/print/lib directory has to exist. xploit shell script is attached. $ uname -a SunOS...

SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/884/info SCO Openserver and SGI IRIX 6.2 confirmed, possibly others are vulnerable to several buffer overflows in various shared libraries related to the X window system. This means that all programs which link to these libraries could be vulnerable to...