The enq program under AIX has an overflow that exists in the command line argument parsing. This exploit successfully utilizes the vulnerability to escalate privileges to egid=printq. Tested on AIX 4.3.3.
b9aa6fde8e33084acefb4bf66b450b630fbf86049e406631ffdece9bd065b6e7Hassan Consulting Shopping Cart Version 1.x remote exploit that will spawn a bash shell with the webserver uid.
dea6448742f595a7fb941c5c76e95b1b84e045870de595c28a05c9048dcfd2faXitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible.
963cbf8d5f403c450c746e48d4a87ee002babfa21848572bbe2f6ac1680a715fPacket Storm exploits for the year 2000!
4ae50131fa96b7884e5a06211b6fd3aa3bd9cddb32775d54716fe237e1df0a77Packet Storm new exploits for December, 2000.
22896c58fc1a2ddb91fc7dcfdefbfd61c874798ef8047086e139fbb6014c7a93Solaris Wu-ftpd wu-2.4(1) remote root exploit which uses the site exec format string vulnerability. Tuned for Solaris Sparc v2.8 w/ inetd.
845e79245e95e32f9006adac7db0f41adfb93a2b685b71a7e404e3a30bdafb26Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code.
e75a840488618e3a62e3bda5514108f15199ee99169afe9ae87c7041a15d8156Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code.
d85f44f0f08c172627069fd7c4b1a4471100fdaa8e7642820989936cc36dee3f7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD.
33f1db59facbfa0648cc1b9e7fac8958fdfbe6056b000bfbd7ca175b8b29af23Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset.
45ca5a83e4e3b2935bbcc030e7aa7274b856c0e76c603e32c6c7565d8a05ad2aExpect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application.
8a69e04abc43d9ebdcd6198de5a7b5431ff007a5dca07c47115be8df48b6e33dGnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0.
b91af559b80952154115640a2ad71c7a3af251836cff99bde6dad6259ee95e28Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here.
763a21a0317bfb6f2998e4af7bd10b8c567fd24381ff2cea8e0f004f377ce176Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2.
5ccc4924acae3a7b73ecd24a19febb73d31ccc8e7ed7d704614e4dcbd8d4550aKwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0.
d44863b348783f75efca589a0a0b99b6a150e833cd2e1dd95d32999361050380Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1.
6a6d636b942d55b3a7cd1edceb5b8ba35821afd8196ce14ad6e2f04d65c3d913Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log.
e90beb99adb94acadafbb8f08e10bfc7cc59ecc22dd244a99d29f6720dd48e59STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0.
c751c9ecd87655ab1f2703c193c5080ea84909a0b48d28666ce7f32edbf5b25eLinux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware.
58e72092adb49d8ae668a492bed2721cde6ad0ab1e236ba3ab3787b8b6b8d6f7OpenBSD v2.6 and 2.7 ftpd remote root exploit.
3bce3b748cccc4e919388bcb98fab8e0032f8b36b13107f0b8d2af7e7591fff5SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL.
5428c66fd108f4593af53e80bdb814ea4c560c05eda8deea3e7caaa7e617830eSolaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.
9a29d9929df3618598e1b73b8901c5d5026303418322bac348f2cc5417e8cef6The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection.
c292602620f5df846e547c83d8ca52048ace27d17ccb5b270d8f412c29746e7cVoyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root.
66e1e97f64c7220d0c49571196c3c0b688f31aa0b1d4177776bcaca25289e18fOmni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin.
4d3154c89c3ecd6fc2094b5e325fa6c37806583f8e2045d1e514e145f3c09e7b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed