GNU tar follows symlinks blindly, a problem if you untar as root.
941d4baa8400f1fbed234f9bd2533ce2860e8137e6ad91ba30b49a049594c4f6Redhat rpc.statdx mass exploit - scans for vulnerable hosts and implants a bindshell.
1b45bfc55a0f485af901ce8bd6d9f5e43c1bd304911f3aba1fa66a0b50409fd0Fastgraf's whois.cgi perl script lacks meta character checking, allowing remote users to execute arbitrary commands as uid of the webserver.
5abaa53a2c6a8bbe911a2c4851d96061e1ccfb4c69892c8acb5e5a3ac920d6edGeorgi Guninski security advisory #31 - There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files and executing arbitrary programs. The problem is the WMP ActiveX Control which allows launching javascript URLs in arbitrary already open frames. This allows taking over the frame's DOM. Includes exploit code. Demonstration available here.
11004b7cb48703aa71daec5f42163b6badbcc9bd0443de3f14cd799110e779d8Xgtk.c is a local exploit for any set*id program which use Gtk+ up to v1.2.8. Uses the GTK_MODULES environment variable to trick gtk into executing arbitrary commands contained in a bogus module.
652ab0e912b5f21af7d4b3bde74e70313b92e44a078495bc2cc62e8a774e3b67
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed