1774 matches found
RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Motto from the modprobe manpage: "BUGS: Naah..." ------------------------------------------------ This vulnerability has been found by Sebastian Krahmer some time ago he is posting an advisory right now. Stupid shell command execution within userspace kernel helper application, modprobe, is...
Серьезная дырка в LPR (PostScript shell execution & grog)
При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...
TalentSoft Web+ Application Server (Linux) 4.6 - Example Script File Disclosure
TalentSoft Web+ Application Server Linux 4.6 - Example Script File Disclosure source: https://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping...
Дырка в библиотеке horde
При обработке поля From: не проверяется наличие метасимволов, что позволяет вставить шелл-команды в письмо...
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...
BizDB Search Script Enables Shell Command Execution at the Server
BizDB Search Script Enables Shell Command Execution at the Server Perfecto's Black Watch Labs Security Advisory 00-04 April 7th, 2000 Name: BizDB Search Script Enables Shell Command Execution at the Server Black Watch Labs ID: BWL-00-04 Date Released: April 7th, 2000 Category: ApplicationHTML:...
Great Circle Associates Majordomo 1.94.4 - Local resend
Great Circle Associates Majordomo 1.94.4 - Local resend source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuiding and...
Tony Greenwood WebWho+ 1.1 - Remote Command Execution
Tony Greenwood WebWho+ 1.1 - Remote Command Execution source: https://www.securityfocus.com/bid/892/info WebWho+ is a free cgi script written by Tony Greenwood for executing whois queries via the www. Though it does perform checks for shell escape characters on some parameters, it misses the 'typ...
Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)
source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database objects through IIS. Both are included i...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...
Ray Chan WWW Authorization Gateway 0.1 - Command Execution
Ray Chan WWW Authorization Gateway 0.1 - Command Execution source: https://www.securityfocus.com/bid/152/info A vulnerability exists in the WWW Authorization Gateway program written by Ray Chan. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a...
Xt Library - Local Privilege Escalation
Xt Library - Local Privilege Escalation include include include define DEFAULTOFFSET 0 define BUFFERSIZE 1491 long getespvoid asm"movl %esp,%eax\n"; mainint argc, char argv char buff = NULL; unsigned long addrptr = NULL; char ptr = NULL; char execshell = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b...
SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation
SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash !...
SunOS 4.1.3 - '/etc/crash' SetGID kmem Privilege Escalation
source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash ! sh...