exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Zen-Parse

Email addresszen-parse at gmx.net
First Active2000-10-19
Last Active2004-08-05
iDEFENSE Security Advisory 2004-08-02.t
Posted Aug 5, 2004
Authored by Zen-Parse, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 08.02.04: Netscape version 7.0, 7.1, and Mozilla 1.6 are susceptible to a SOAPParameter constructor integer overflow vulnerability that can allow for arbitrary code execution running in the context of the user running the browser.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2004-0722
SHA-256 | 88413467e44183e31e567dec2fc2a3d60529654bdf33627a4cbbcf7719b47e98
iDEFENSE Security Advisory 2002-12-23.t
Posted Dec 24, 2002
Authored by Zen-Parse, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.

tags | advisory, overflow, local
systems | unix
SHA-256 | e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577
iDEFENSE Security Advisory 2002-12-19.t
Posted Dec 21, 2002
Authored by Zen-Parse, David Endler, iDefense Labs | Site idefense.com

iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.

tags | advisory, overflow, root
systems | linux, redhat, unix, apple, osx
SHA-256 | 7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8
idefense.apache13.txt
Posted Oct 4, 2002
Authored by Zen-Parse, David Endler | Site idefense.com

iDEFENSE Security Advisory 10.03.2002 - Apache v1.3 before 1.3.27 contains a vulnerability in its shared memory scoreboard which allows attackers who can execute commands under the Apache UID to either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack.

tags | denial of service, local, root
SHA-256 | 1b8f434591124f806dbac5b6052e75154ad5df6e848f041cf4b42f88cb0d8f31
idefense.smrsh.txt
Posted Oct 2, 2002
Authored by Zen-Parse, Pedram Amini, David Endler | Site idefense.com

iDEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.

tags | exploit, shell
SHA-256 | e1968987be598ce21fb8b01554f9dd70ecddae77782675c6591f723f39c2dab1
idefense.gv.txt
Posted Oct 1, 2002
Authored by Zen-Parse, David Endler | Site idefense.com

iDEFENSE Security Advisory 09.26.2002 - A buffer overflow has been found in gv v3.5. Some mail readers use GV to view pdf's. Other programs that utilize derivatives of gv, such as ggv or kghostview, may also be vulnerable in similar ways.

tags | overflow
SHA-256 | 6e40ecf0cfebaaf7f097fc7f92ba1a5e5282232ee987360efc0149e83a106f35
gv-exploit.pdf
Posted Oct 1, 2002
Authored by Zen-Parse | Site idefense.com

Buffer overflow exploit for gv v3.5.8 on linux which creates the file /tmp/itworked when gv opens the PDF. Some mail readers use GV to view pdf's. Tested on Red Hat 7.3.

tags | exploit, overflow
systems | linux, redhat
SHA-256 | 17584573625605cf365839d42b6249b81ab8189d3e8207c905c43574b0b985ef
attn.tar.gz
Posted Jan 19, 2002
Authored by Zen-Parse

Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.

tags | exploit, local, root
systems | linux, redhat
SHA-256 | 68cf6e7dc2b3afc0aa47e66d705351d8b032f2fac0afda3d0b705506d8468181
01-wu261.c
Posted Dec 12, 2001
Authored by Zen-Parse

Wu-Ftpd v2.6.1 and below remote root exploit which takes advantage of the SITE EXEC globbing vulnerability. Includes instructions on finding the offset with gdb.

tags | exploit, remote, root
SHA-256 | f36854f1f5c3e1528c3b6966411d9d8995bb5081ba3c3e750ff7c8507aa3372c
zp-exp-telnetd.c
Posted Oct 20, 2001
Authored by Zen-Parse

Proof of concept netkit-0.17-7 local root exploit. Exploits buffer overflow in the AYT handling of in.telnetd, due to bad logic in the handling of snprintf().

tags | exploit, overflow, local, root, proof of concept
SHA-256 | 07af0ba46d6de20ca342e399bb7aa78397e7c268f742d6e103c05772650f39da
pic-lpr-remote.c
Posted Jul 27, 2001
Authored by Zen-Parse

Pic / LPRng format string remote exploit. Pic is part of the groff package. It is used by troff-to-ps.fpi as uid lp when perl, troff and LPRng are installed. Tested against Redhat 7.0 (groff-1.16-7).

tags | exploit, remote, perl
systems | linux, redhat
SHA-256 | 7f88ccf027b5e0d7c51b9f01279051f34a9d4df2f8d1ae6ccce5a1fbec9db7ff
slackware.man.c
Posted Jul 18, 2001
Authored by Zen-Parse, Josh, Lockdown

Slackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man.

tags | exploit, shell
systems | linux, slackware
SHA-256 | 0fb25cf68a4fba71eceef2ca23db4efbe592af7e1416b2d13051e5e4b6990a46
tstot.c
Posted Jul 12, 2001
Authored by Zen-Parse

Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here.

tags | exploit, remote, overflow, shell
systems | linux, redhat
SHA-256 | 7c5e9b0f582f8b9f8069d43e9559a992dd4b582e20d60a2d78d0443ffbdce520
idcf.c
Posted Jul 12, 2001
Authored by Zen-Parse

Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger.

tags | exploit, remote, root
SHA-256 | 071f4a1a2ce57b1bfa0e3867ce11912d46f52d364d1efbfd8b9ae3b75029765b
redhat.lpr.txt
Posted Oct 21, 2000
Authored by Zen-Parse

Lpr lpr-0.50-4 and below contains vulnerabilities which allow local users to access other accounts, and sometimes root.

tags | exploit, local, root, vulnerability
SHA-256 | 6ab9815eb4979f4f020da0a0b9a0978875d632bc2a0951630c7aef34b390f59a
zen-ntkb.c
Posted Oct 19, 2000
Authored by Zen-Parse

/usr/sbin/userhelper / kbdrate local root exploit - works only at console. Works well for people you know.

tags | exploit, local, root
SHA-256 | f306e4b3197582d95675db9964fb45bc371416bf6ee9795a7888f293e8872bc3
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close