Solaris locale Format Strings (noexec stack) Exploit

Exploit for solaris platform in category local exploits ==================================================== Solaris locale Format Strings noexec stack Exploit ==================================================== / exploit for locale subsystem format strings bug In Solaris with noexec stack. Test...

Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow

/ exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e 's/^.lib\0-9a-zA-Z\.so./-l\1/' usages: ./ex -h Thanks for Ivan Arce who found this bug...

Solaris 2.67.0 - locale Format Strings noexec stack Overflow

Solaris 2.67.0 - locale Format Strings noexec stack Overflow / exploit for locale subsystem format strings bug In Solaris with noexec stack. Tested in Solaris 2.6/7.0 If it wont work, try adjust retloc offset. e.g. ./ex -o -4 $gcc -o ex ex.c ldd /usr/bin/passwd|sed -e...

BFTPd - vsprintf() Format Strings

BFTPd - vsprintf Format Strings / Copyright c 2000 - Security.is The following material may be freely redistributed, provided that the code or the disclaimer have not been partly removed, altered or modified in any way. The material is the property of security.is. You are allowed to adopt the...

CVE-2000-0867

Kernel logging daemon klogd in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages...

CVE-2000-0857

The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname...

Дырки в nap (format string)

Ошибки форматной строки позволяют DoS-атаку, а потенциально - выполнить код...

David Bagley xlock 4.16 - User Supplied Format String (2)

David Bagley xlock 4.16 - User Supplied Format String 2 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...

CVE-2000-0857

The CVE concerns muh 2.05d IRC server where the logging capability does not properly cleanse user-injected format strings. Root cause: improper handling of format strings in nicknames, enabling remote attackers to cause a denial of service and potentially execute arbitrary commands through a malf...

CVE-2000-0666

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges...

CVE-2000-0763

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option...

CVE-2000-0763

CVE-2000-0763 concerns xlockmore and xlockf, where improper cleansing of user-supplied format strings can enable local users to gain root privileges through the -d option. The NVD entry confirms the impact as local privilege escalation with complete confidentiality, integrity, and availability im...

CVE-2000-0751

The CVE-2000-0751 issue concerns mopd (Maintenance Operations Protocol loader daemon) that fails to properly cleanse user-supplied format strings, enabling remote attackers to execute arbitrary commands. The vulnerability is described as a format-string vulnerability in mopd, with potential for a...

AOL Instant Messenger DoS

AOL Instant Messenger version 4.1.2010 others? appears to be vulnerable to a DoS attack when handling file transfers with filenames containing s. The problem I encountered is that trying to send a file to crash my victim's client would cause my client to crash first, defeating the purpose. To get...

Format strings: bug #1: BSD-lpr

Hi, INTRO ----- Welcome to a short series of security bugs, all involving mistakes with "user supplied format strings". This class of bug is very popular on Bugtraq at the moment, so what an ideal time for a few examples. BSD-lpr ------- If we look into lpr/lpd/printjob.c, we can find the followi...

David Bagley xlock 4.16 - User Supplied Format String (1)

David Bagley xlock 4.16 - User Supplied Format String 1 // source: https://www.securityfocus.com/bid/1585/info A vulnerability exists in versions of the xlockmore program, originally written by David Bagley. It is believed to affect all versions of xlock derived from xlockmore. This includes the...

IRIX 6.5.x - '/usr/sbin/dmplay' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program handles the DISPLAY variable for th...

CVE-2000-0574

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function sometimes called by setproctitle, which allows remote attackers to cause a denial of service or execute arbitrary commands...

CVE-2000-0583

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives...

Уязвимость в NTLMv1

Используется операция побитового илсключаещего или XOR с битовой последовательностью. Пароль передается как Unicode-строка, при этом используется большое количество нулевых байт в известных позициях, что позволяет обнаружить последовательность и извлечь пароль в случае перехвата пакета...