5626 matches found
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation
Microsoft IIS 4.05.0 - SSI Buffer Overrun Privilege Escalation // source: https://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - I...
Debian 2.2 usrbinpileup - Local Privilege Escalation
Debian 2.2 usrbinpileup - Local Privilege Escalation / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by Cody Tubbs loophole of hhp $ ./pileup-xpl pileup-xpl by core 2001 - beep beep root! usage: ./pileup-xpl offset align0..3 Ret-addr: 0xbfffe09...
Debian 2.2 /usr/bin/pileup Local Root Exploit
Exploit for linux platform in category local exploits ============================================= Debian 2.2 /usr/bin/pileup Local Root Exploit ============================================= / pileup-xpl.c - local root exploit by core Friday the 13th, July 2001 based almost entirely on code by...
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
/ iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position 260 i have 19 bytes of code to jump back to the beginning of the buffer. an...
Progress Database Server 8.3b - 'prodb' Local Privilege Escalation
/ progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally found by: [email protected] exploit usage: ./prodbx offset...
IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow
IMAP4rev1 12.26112.2642000.284 - lsub Remote Overflow / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit. Others? Yes! By: SkyLaZarT [email protected] .aka. Felipe Cerqueira Homepage: www.BufferOverflow.Org Thankz: cync, oldm and Jans. BufferOverflow.org Te...
Slackware 7.1 /usr/bin/mail Local Exploit
Exploit for linux platform in category local exploits ========================================= Slackware 7.1 /usr/bin/mail Local Exploit ========================================= / Slackware 7.1 /usr/bin/Mail Exploit give gid=1 bin if /usr/bin/Mail is setgid but it is not setgid, setuid for...
IMAP4rev1 12.261/12.264/2000.284 (lsub) Remote Exploit
Exploit for linux platform in category remote exploits ====================================================== IMAP4rev1 12.261/12.264/2000.284 lsub Remote Exploit ====================================================== / !!! Private !!! imapd IMAP4rev1 v12.261, v12.264 and 2000.284 Remote Exploit...
ISC BIND 8.2.x - TSIG Remote Stack Overflow (4)
ISC BIND 8.2.x - TSIG Remote Stack Overflow 4 / This exploit has been fixed and extensive explanation and clarification added. Cleanup done by: Ian Goldberg Jonathan Wilkins NOTE: the default installation of RedHat 6.2 seems to not be affected due to the compiler options. If BIND is built from...
ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4)
/ This exploit has been fixed and extensive explanation and clarification added. Cleanup done by: Ian Goldberg Jonathan Wilkins NOTE: the default installation of RedHat 6.2 seems to not be affected due to the compiler options. If BIND is built from source then the bug is able to manifest itself. ...
BIND 8.2.x (TSIG) Remote Root Stack Overflow Exploit (4)
Exploit for linux platform in category remote exploits ======================================================== BIND 8.2.x TSIG Remote Root Stack Overflow Exploit 4 ======================================================== / This exploit has been fixed and extensive explanation and clarification...
Tru64 5 - su Env Local Stack Overflow
Tru64 5 - su Env Local Stack Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru6...
Solaris 2.62.7 - usrbinwrite Local Overflow
Solaris 2.62.7 - usrbinwrite Local Overflow include include / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl %esp,%eax"; ch...
IMAP4rev1 10.190 - Authentication Stack Overflow
!/usr/bin/perl Successfully tested on IMAP4rev1 v10.190 Written by: [email protected] / anno 2000 This is nothing new - just wrote it for fun. $shellcode = "\xeb\x35\x5e\x80\x46\x01\x30\x80\x46\x02\x30\x80". "\x46\x03\x30\x80\x46\x05\x30\x80\x46\x06\x30\x89"...
Solaris 78-beta - ARP Local Overflow
Solaris 78-beta - ARP Local Overflow / arp overflow proof of concept by [email protected] shellcode originally written by Cheez Whiz. tested on x86 solaris 7,8beta default should work. if not, arg1 = offset. +- by 100's Copyright Security-Focus.com, 11/2000 / long getesp asm"movl %esp,%eax"...
Solaris 7/8-beta - ARP Local Overflow
/ arp overflow proof of concept by [email protected] shellcode originally written by Cheez Whiz. tested on x86 solaris 7,8beta default should work. if not, arg1 = offset. +- by 100's Copyright Security-Focus.com, 11/2000 / long getesp asm"movl %esp,%eax"; int mainint ac, char av char shell ...
Solaris 7 / 8-beta arp Local Overflow Exploit
Exploit for solaris platform in category local exploits ============================================= Solaris 7 / 8-beta arp Local Overflow Exploit ============================================= / arp overflow proof of concept by email protected shellcode originally written by Cheez Whiz. tested o...
Seyon Exploit / Tested Version 2.1 rev. 4b i586-Linux
Exploit for linux platform in category local exploits ===================================================== Seyon Exploit / Tested Version 2.1 rev. 4b i586-Linux ===================================================== !/usr/bin/perl c Copyright email protected / anno domani 2000 Seyon Exploit /...
HP-UX 11.0 - '/bin/cu' Local Privilege Escalation
/ Copyright c 2001 Zorgon All Rights Reserved The copyright notice above does not evidence any actual or intended publication of such source code. HP-UX /bin/cu exploit. Tested on HP-UX 11.00 [email protected] http://www.nightbird.free.fr / include include include include define LEN 9778 defi...
HP-UX 11.0 /bin/cu Privilege Escalation Exploit
Exploit for hp-ux platform in category local exploits =============================================== HP-UX 11.0 /bin/cu Privilege Escalation Exploit =============================================== / Copyright c 2001 Zorgon All Rights Reserved The copyright notice above does not evidence any actu...