CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged loc...

clipboard bug.txt

The clipboard in QNX is world readable and writable. Although the folder containing the file is not readable for normal users the filename convention is predictable, see "clipboard bug.jpg" bash-2.05a$ ls -l /var/clipboard/muh/00000000/TTSHEOAA552983 -rw-rw-rw- 1 root root 78 Jan 04 16:27...

Multiple Mac OS X security privilege escalation

Few suid application binaries are user-writable...

CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to 1 users/include/domakeprofile.inc.php and 2 users/include/copy.inc.php...

CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to 1 users/include/domakeprofile.inc.php and 2 users/include/copy.inc.php...

ftpd-ldpreload.pl.txt

FTP server GNU inetutils 1.4.2 Remote Root Exploit This program remotely exploits the most recent versions of GNU inetutils ftpd on linux systems. Requirements: 1. There MUST be a chroot'ed environment for the logged in user 2. Directory etc must be writeable by the logged in user duh! The exploi...

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution 926121 Published: December 12, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum...

CVE-2006-6470

The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is...

Infecting Elf Binaries to Gain Local Root Exploit

No description provided by source. gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use ...

Debian DSA-999-1 : lurker - several vulnerabilities

Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1062 Lurker's mechanism for specifying configuration files was...

elf-infection.txt

gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use at your own risk Coded by...

.ELF Binaries - Local Privilege Escalation

.ELF Binaries - Local Privilege Escalation gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local...

MyReview 1.9.4 (email) Remote SQL Injection / Code Execution Exploit

No description provided by source. MyReview 1.9.4 SQL Injection exploit http://myreview.lri.fr/ in functions.php starting from line 382 ............ function GetMember $email, $db, $mode="array" $query = "SELECT FROM PCMember WHERE email = '$email'" ; result = $db-execRequete $query;...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

php local buffer underflow could lead to arbitary code execution

Affected versions: php 5.1.4 and older, 4.4.3 and possibly older Cause: when php-s sscanf functions format argument contains argument swap and extra arguments are given like. sscanf'foo ','$1s',$bar then it reads an pointer to pointer to zval structure past the end of argument array by one. Php...

[UNIX] Liblesstif Local Root (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Serv-U FTP site chmod buffer overflow

Added: 07/17/2006 CVE: CVE-2004-2111 BID: 9675 OSVDB: 3713 Background Serv-U is an FTP server for Windows platforms. Problem An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long fil...

Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit

No description provided by source. !/usr/bin/env python rocksumountdirty.py: Rocks release =4.1 local root exploit quick and nasty version of the exploit. make sure the . is writable and you clean up afterwards. ; coded by: [email protected] http://xavsec.blogspot.com x=import'os';c=x.getcwd...