/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 sparc.
42804a60ccee0ff38e2034c12bae9526b37922c428d2be90116c6db81bd4a297/usr/bin/lpstat local root exploit for solaris 2.7 sparc.
f574f9583c394a7e90cfff07d655736647312a0b4ecd08dfe92a8e17e9beb260/usr/bin/lpset local root exploit for solaris 2.6 2.7 sparc.
3b6603f8b7294c980bf0bd6f0b70f0cdc92723df77ad98f6b6d1dd444e42215f/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc.
a3ef4e63ccd0ad817015b9f1034af3264d195ccd7ef708467eba1015a48f313e/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc.
80467df9fca55b2f287adf6301e0f2398b11ef06b61616b6dc7f7caa4a2c78f0/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 sparc.
88c632fa3e55f9fc3d54eaae97573694c5c6322ebe5ccbab3ff94cc1b40fe54flibc.so getopt() local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
3dd191705466a68f47701499f678fba580ad6bcfe6753bfebbc3b90a8bc511ealibxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
55abfd1c75e24c49bf488d00d73ad585ab162c84d3da7591e2d4a5b2c2c89645/bin/passwd local root exploit for Solaris 2.5 / 2.5.1.
b12610ad2a8bcaab4c18eb86db41a0a628cf2cedbb337b7175c1aa6cd35d96de/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7.
12fdb49dd2478724c987e7bdd270169964f613321f4174e0f2c6c4ebf2fbe8f4Windows 2000 telnet server denial of service exploit.
4b4ac82588b827afa52230a5621bf5b7eff2d4b62e97dd799a095d1aa6e8cf1fawcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
7ad7a060484ff8053e615253a0723a73a32a083f94fe5194af600dcb8126a5e4CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
e61a8564d2ced7114295c1a3afdbb9445be64ee4696516061c8a0e67388605deThis script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution.
baabf3683d5e3e05e4139396752c7d9eb51dcf6e6f61509565b5d8a451188910DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it.
7a038f9c1d82043dbb38f1bf6f9f86650e691e4dc79a2af2c543f50c111502eaClient Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run.
1daaedd6f40ccb604880096f68d1f14543064744d2f5c8d9d8a384929bef9ccdRapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
4b922cd0b6565086e642ee2ff57903babce23e38618ab193b67f145f89db55fdProduct: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making.
da34cff8b8f0d5966a4b6803ba977cef75551738f799ae94a3f2632310f2b83eHWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
cf8fada37f8c1613e87c090555684cc0f5c51d3e63815104a2e3e47aeb5420caCIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
02f9d096afa81c2dcbbf3f8bb5609cd6012765d85d04dbbebd34e50597b3e154CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
5544d2db9c8dc0786db03c0333204f82c3ce81f66faa47a4e2eca3e446cb972a-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.
0816d0752bc9ca5d7c49022abbc5dabc570e44109e381d1ba13966b6b2106a36This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
c26bee1cd2d462edde38575ca8ae2a80b30398e106409a54ccc6ef6a98fdf6e8A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.
89bcdeb0f24a910c4dcaa633ef6aa1a288acd34b4f9b1497078ed75916af2589The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given.
8515eea65683688bde7181a502762ac58e5f98c78c8520653bfa290922c6ef5e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed