7253 matches found
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation // source: https://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - I...
FreeBSD - '/usr/bin/top' Format String
/ freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3. run top, then find "your parted...
FreeBSD - usrbintop Format String
FreeBSD - usrbintop Format String / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" 3...
Debian 2.2 usrbinpileup - Local Privilege Escalation
Debian 2.2 usrbinpileup - Local Privilege Escalation / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09...
Debian 2.2 /usr/bin/pileup - Local Privilege Escalation
/ pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09c, offset: 0, align: 0. How many voices 1 to 9 Starti...
Debian 2.2 /usr/bin/pileup Local Root Exploit
Exploit for linux platform in category local exploits ============================================= Debian 2.2 /usr/bin/pileup Local Root Exploit ============================================= / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by...
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
/ BeroFTPD 1.3.41 Linux x86 remote root exploit by qitest1 - 5/05/2001 BeroFTPD is an ftpd derived from wuftpd sources. This code exploits the format bug of the site exec cmd, well known to be present in wuftpd-2.6.0 and derived daemons. BeroFTPD 1.3.41 is the current version at the moment. JUST...
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
BeroFTPD 1.3.41 Linux x86 - Remote Code Execution / BeroFTPD 1.3.41 Linux x86 remote root exploit by qitest1 - 5/05/2001 BeroFTPD is an ftpd derived from wuftpd sources. This code exploits the format bug of the site exec cmd, well known to be present in wuftpd-2.6.0 and derived daemons. BeroFTPD...
execve of /bin/sh after setreuid0,0
execve of /bin/sh after setreuid0,0. Shellcode exploit for linx86 platform / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM...
execve of /bin/sh after setreuid(0,0)
Exploit for linux/x86 platform in category shellcode ===================================== execve of /bin/sh after setreuid0,0 ===================================== / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001...
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
/ iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position 260 i have 19 bytes of code to jump back to the beginning of the buffer. an...
another format string bug
There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...
Progress Database Server 8.3b - 'prodb' Local Privilege Escalation
/ progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally found by: [email protected] exploit usage: ./prodbx offset...
Progress Database Server 8.3b - prodb Local Privilege Escalation
Progress Database Server 8.3b - prodb Local Privilege Escalation / progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally...
Progress Database Server 8.3b (prodb) Local Root Exploit
Exploit for multiple platform in category local exploits ======================================================== Progress Database Server 8.3b prodb Local Root Exploit ======================================================== / progress database server v8.3b local root compromise. for sco-unix an...
Slackware 7.1 - '/usr/bin/mail' Local Privilege Escalation
/ Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .... / include include define GID "\x03" int mainint argc,...
Slackware 7.1 /usr/bin/mail Local Exploit
Exploit for linux platform in category local exploits ========================================= Slackware 7.1 /usr/bin/mail Local Exploit ========================================= / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for...
IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow
IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit. Others? Yes! By: SkyLaZarT [email protected] .aka. Felipe Cerqueira Homepage: www.BufferOverflow.Org Thankz: cync, oldm and Jans. BufferOverflow.org Te...
IMAP4rev1 12.261/12.264/2000.284 (lsub) Remote Exploit
Exploit for linux platform in category remote exploits ====================================================== IMAP4rev1 12.261/12.264/2000.284 lsub Remote Exploit ====================================================== / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit...
Slackware 7.1 - usrbinmail Local Privilege Escalation
Slackware 7.1 - usrbinmail Local Privilege Escalation / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for default. tested on my box sl 7.1 crazy exploited by kengz. GID.... \x01 = 1 bin \x02 = 2 , \x03 = 3 , ... \x0a = 10 \x0b = 11 .......