Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files from Karol Wiesek

Email addresskarol at wiesek.pl
First Active2002-11-01
Last Active2009-08-07
iDEFENSE Security Advisory 2009-08-04.2
Posted Aug 7, 2009
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDefense Security Advisory 08.04.09 - Local exploitation of an arbitrary file creation vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) Operating System allows attackers to execute arbitrary code with super-user privileges. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.

tags | advisory, arbitrary, local
systems | aix
MD5 | 8147cac303fc662744bbe8d28f399b65
panda.tgz
Posted Jul 10, 2008
Authored by Karol Wiesek | Site karol.wiesek.pl

Two vulnerabilities exist in the update function for Panda Security ActiveScan version 2.0. Remote buffer overflow exploit included.

tags | exploit, remote, overflow, vulnerability
MD5 | c2ba88906e42f6e782f1c20b44340709
lesstif-advisory.pdf
Posted Aug 18, 2006
Authored by Karol Wiesek | Site karol.wiesek.pl

Lesstif local root exploit for Mandrake Linux 2006 that makes use of the mtink binary which is setuid by default.

tags | exploit, local, root
systems | linux, mandrake
MD5 | dab61de17ed00b1aceccf8b0697fe42e
vixie_crontab_readfiles-exploit_and_advisory.txt
Posted Apr 17, 2005
Authored by Karol Wiesek

Vixie crontab allows reading other user's crontabs. Tested on FC3 with vixie-cron-4.1-24_FC3.

tags | exploit
MD5 | 06354dd4c33cfef8fa979d0c4b5b4515
iDEFENSE Security Advisory 2005-02-07.t
Posted Feb 23, 2005
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 02.07.05 - Remote exploitation of a command injection vulnerability in the Squirrelmail S/MIME plugin allows web mail users to execute arbitrary commands with the privileges of the web server.

tags | advisory, remote, web, arbitrary
MD5 | 307bfe8c873d565743535ec655774bf0
nwclient.txt
Posted Dec 11, 2004
Authored by Karol Wiesek

Buffer overflows have been discovered in ncplogin and ncpmap in ncpfs.

tags | advisory, overflow
MD5 | 7afe873a3c2de6c146b55bbaaa492ed3
iDEFENSE Security Advisory 2004-11-15.t
Posted Nov 20, 2004
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 11.15.04 - Multiple vulnerabilities have been found in Fcron 2.0.1 and 2.9.4. Local exploitation of vulnerabilities in the fcronsighup component of Fcron may allow users to view the contents of root owned files, bypass access restrictions, and remove arbitrary files or create arbitrary empty files.

tags | advisory, arbitrary, local, root, vulnerability
advisories | CVE-2004-1030, CVE-2004-1031, CVE-2004-1032, CVE-2004-1033
MD5 | ed312db2703e2ef3d74583afd5c6360e
iDEFENSE Security Advisory 2004-11-08.t
Posted Nov 10, 2004
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 11.08.04 - Remote exploitation of an input validation error in Samba could allow an attacker to consume system resources and potentially cause the target system to crash.

tags | advisory, remote
advisories | CVE-2004-0930
MD5 | eeb9deef0bf252b50f560d80d13a7dda
cpanelChmod.txt
Posted Oct 26, 2004
Authored by Karol Wiesek

cPanel 9.4.1 allows logged in users to change permission of any file to 755.

tags | advisory
MD5 | a1f10723c5e8bdfe91a178a8ea930a00
cpanelChown.txt
Posted Oct 26, 2004
Authored by Karol Wiesek

cPanel 9.4.1 allows logged in users the ability to change ownership of any file to their uid:gid.

tags | advisory
MD5 | aff8db13eba0ffc7582d45dc04418fd2
cpanelBackup.txt
Posted Oct 26, 2004
Authored by Karol Wiesek

cPanel 9.4.1 is susceptible to a classic symbolic link attack.

tags | advisory
MD5 | a297f531d4d9ee531fa3ecbbfca4cc25
samba22x.txt
Posted Oct 7, 2004
Authored by Karol Wiesek | Site samba.org

Samba versions 2.2.11 and below and versions below and equal to 3.0.5 allow a remote attacker that ability to gain access to files that exist outside of the share's defined path. Such files must still be readable by the account used for the connection.

tags | advisory, remote
MD5 | 557f0e83f9827bdf1169f7659e894be9
iDEFENSE Security Advisory 2004-05-12.t
Posted May 13, 2004
Authored by Karol Wiesek, iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 05.12.04: Exploitation of an input validation vulnerability within Opera Software ASA.'s Opera Web Browser could allow remote attackers to create or truncate arbitrary files. The problem specifically exists within the telnet URI handler. Opera does not check for '-' at the beginning of hostname passed through the handler, which lets options pass to the telnet program, allowing file creation or overwriting.

tags | advisory, remote, web, arbitrary
MD5 | 23806cfad7c62fa62b97951faae8296c
iDEFENSE Security Advisory 2003-06-16.t
Posted Jun 17, 2003
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 06.16.03: The pam_wheel module of Linux-PAM uses getlogin() in an insecure manner, thereby allowing attackers to bypass certain restrictions. The pam_wheel module is often used with the su command to allow users belonging to a trusted group to utilize the command without supplying a password. The module utilizes the getlogin() function to determine the name of the currently logged in user. This name is then compared against a list of members of a trusted group as specified in the configuration file. If the trust option is enabled in the pam_wheel configuration file and the use_uid option is disabled, any local user may spoof the username returned by getlogin() and gain access to a super-user account without supplying a password.

tags | exploit, local, spoof
systems | linux
MD5 | ac13337671c6ada04dcb6c4a7dec904e
iDEFENSE Security Advisory 2003-01-21.t
Posted Jan 23, 2003
Authored by Karol Wiesek, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.

tags | advisory, overflow, local, root, vulnerability
systems | linux, mandrake
MD5 | fb32a4acc9576b038a89bcfa8ef7a947
idefense.prometheus.txt
Posted Nov 1, 2002
Authored by David Endler, Karol Wiesek | Site idefense.com

iDEFENSE Security Advisory 10.31.2002b - Prometheus v6.0 and below is a web application framework written in PHP which allows remote attackers to execute arbitrary commands.

tags | remote, web, arbitrary, php
MD5 | f8ac63352b5b5fc5aaa268b12f1318a3
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close