38 matches found
大汉jget、source尚存在SQL注入漏洞
简要描述: 这两个测试的版本应该已经升级到U2了。应该再修复得细一点…… 详细说明: 厂商可以自己结合' or '%'=' 之类的来测试。很简单,如果全部用户回显出来了,那就是有注入了。 漏洞证明: http://www.gansu.gov.cn/source/objectbox/selectxuserlist.jsp?fnKeywords=test&perm=&cPage=1&tiao= http://www.gansu.gov.cn/jget/objectbox/selectxuserlist.jsp?fnKeywords=wanghui&perm=&cPage=1&tiao=...
Rocket U2 UniData < 7.3 unidata72 RPC Interface Call Parsing Arbitrary Command Execution
Binary data unidatacommandexecution.nbin...
CVE-2003-0578
ccidir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files...
CVE-2003-0580
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument...
CVE-2003-0578
IBM U2 UniVerse 10.0.0.9 and earlier are affected by CVE-2003-0578 through the cci_dir component, which can create hard links and unlink files as root. This allows local users to gain privileges by deleting and overwriting arbitrary files. Affected software: IBM U2 UniVerse (version 10.0.0.9 and ...
CVE-2003-0578
ccidir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files...
CVE-2003-0579
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user...
CVE-2003-0580
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument...
CVE-2003-0580
CVE-2003-0580 : A buffer overflow in uvadmsh affects IBM U2 UniVerse 10.0.0.9 and earlier, allowing the local uvadm user to execute arbitrary code via a long -uv.install command line argument. The vulnerability is caused by overflowing a buffer when handling the -uv.install parameter, with the do...
CVE-2003-0579
CVE-2003-0579 affects IBM U2 UniVerse before or at version 10.0.0.9, where uvadmsh trusts a user-supplied -uv.install command line option to locate and run uv.install. The flaw lets a local attacker cause execution of uv.install by supplying a pathname under the attacker’s control, enabling privi...
IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow (PoC)
IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow PoC source: https://www.securityfocus.com/bid/8206/info It has been reported that the uvrestore binary does not perform bounds checking when parsing command-line arguments. Because this binary is installed with suid root privileges by default,...
[Full-Disclosure] SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
[Full-Disclosure] SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
[Full-Disclosure] SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
[Full-Disclosure] SRT2003-07-07-0913 - Abnormal suid behavior in several applications
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
Multiple U2 Universe bugs
Problems with creating hard links, buffer overflow, changing files ownership, etc...
Buffer overflow in IBM U2 UniVerse ODBC
No description provided...
TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC
Systems Affecteds: All UniVerse versions with UV/ODBC Explanation: Trying to make an invalid query the client crashes and make the server slow with 5sec to 2min lag what could crash the server. Expoit: Make a query accessing UV/ODBC I've used CrystalReports all versions and make a valid/invalid...