Berlios gpsd, a remake of pygps, suffers from a format string vulnerability that is remotely exploitable.
91f4951eb6348f3788887678a4451b9998f3f8c3cbacfcc1f0fda31e97293782Proof of concept exploit for an old format string vulnerability in setuid versions of top. This vulnerability has popped back up in the Solaris 10 Companion CD.
9842f1e35ea800234ee1ff28c9db6a44ab8417bc36c0166992291eab98417bdfAn old format string vulnerability in setuid versions of top has popped back up in the Solaris 10 Companion CD.
e5eb6c2c021c50cbd277e4a3bf9be9224e71d84c31ce80d8354b58ec76e4fc1cAltiris Carbon Copy Version 6.0.5257 allows for a user to browse to cmd.exe and spawn a shell as SYSTEM.
6ef1b88164c9c818f8c4aa86dabcd881831325a0099d0eb3250d14e927fb9c7dSecure Network Operations Advisory SRT2004-01-17-0227 - The BlackICE PC Protection firewall/IDS versions 3.6.cbz and below allows local users to gain SYSTEM privileges.
e11291b6fe63deb9260c5e4794ff9f5c78a8c4a27a5ad66e8a0b594f3485a735Secure Network Operations Advisory SRT2004-01-17-0425 - Ultr@VNC, the client/server software that allows you to remotely control a computer over any TCP/IP connection, has a faulty ShellExecute() statement that allows a local attacker to gain SYSTEM access.
f28f3ed6c815915416535420f36bf7ce30645cb63ebc9a1df339d53450bf5b4bSecure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.
e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335bSecure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.
4c775c66c82287be41345fd9ecb5d5bd94271ba0bb0a8ddc47b1cecff85dbac8Secure Network Operations Advisory SRT2003-12-04-0723 - Ebola, the AntiVirus scanning daemon system versions 0.1.4 and below, contain a remotely exploitable buffer overflow in their authentication sequence.
ab8ac4be2a73ff8565230c696bef71988ee754456506e8ac690fced1879fa5ebSecure Network Operations Advisory SRT2003-TURKEY-DAY - Administrators using the traceroute detection utility published in Phrack Volume 7, Issue 51 may be leaving themselves exploitable to a format strings issue in detecttr.c.
33e3182819127da3ad076e5420778a32b82010b43f282830765514729f9307f2Secure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781Secure Network Operations Advisory SRT2003-11-11-1151 - Clam AntiVirus versions clamav-0.60 through clamav-0.60p are subject to format string attacks that allow a remote attacker to commit a denial of service and possibly perform remote command execution.
10ef4bf26c1ab47ad1a7b53bc21aae94a7fe570686b961eb6d52b4a3d73035faSecure Network Operations Advisory SRT2003-11-06-0710 - IBM DB2 UDB v7 through v8.1 contains multiple local security flaws including buffer overflows and format string bugs in db2start, db2stop, and db2govd. Fix available here.
024592d4a5147b75bed2225d6e629852eb1d72976b68b04a810ce561e313c67cSecure Network Operations, Inc. Advisory SRT2003-11-02-0115 - The NIPRint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a buffer overflow that can allow a remote user to gain SYSTEM privileges. http://www.secnetops.com.
fb70af3656c58520746abf065985b71d5adb36f13e3adc0125088d0ea0640f8cSecure Network Operations, Inc. Advisory SRT2003-11-02-0218 - The NIPrint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a vulnerability that allows a local user to escalate to SYSTEM privileges. http://www.secnetops.com.
fc2a664387e4787a695b2af87bd843a7baf71489667b12addea670ac90cb1175Secure Network Operations, Inc. Advisory SRT2003-09-11-1200 - In the man-1.5x code, some checks may not be present upon compile time that keep man from not being vulnerable. RedHat 9 is one such installation that ships man setgid and vulnerable to attack if the vendor supplied binary is utilized. http://www.secnetops.com.
743603b784eb340ce003d68fe7310d77a3cf4938a9b7ae14aee5b8377252c813Secure Network Operations, Inc. Advisory SRT2003-08-22-104 - widz, the 802.11 wireless IDS system version 1.5 and below, makes use of untrusted input with a system call. If this utility were to be used in a production environment with any non-root users on the system, they would be able to easily escalate their privileges to root.
0a5bd8db53063144a11c8d343d4ad593cd07df746dc5dac63023d1b8f5b20b2bSecure Network Operations, Inc. Advisory SRT2003-08-11-072 - ViRobot 2.0, the Linux-based antivirus solution, has multitudes of suids that are vulnerable to abuse.
b0f7f0118ddf986cbff764a044a771d9d65a93d009a0b5c98382c9be43058a9bSecure Network Operations, Inc. Advisory SRT2003-08-01-0126 - The cdrtools-2.x package comes with a setuid helper binary that allows non-root users to overwrite root owned files. Instructions for local privilege escalation included.
cbbba6e4ccd3d5a97d50f7d3e328abecc761e8017e481e8e7f64d1a64a99ca49AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
2875baab452b93c7ef7d5f24fbb1d46a9fa65f879a5d43f51352eee63870a710Caldera Security Advisory CSSA-2002-SCO.17 - A buffer overflow found in how the sar can be used to execute shellcode with elevated privileges on Caldera OpenServer 5.0.5 systems.
b2227264615ef07d201eb3e93c99b69dd64badf1fc46ac112f0c1c6cc2510596Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included.
9d5f4ace0d04cf6c840c506cafe1e2d3223f2c0444093380f59b04e3a168c8d5Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well.
1affd95a288c842d09addf3da78a30cb53346dabcd3917f23ac63d00b2e272cfThe Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given.
8515eea65683688bde7181a502762ac58e5f98c78c8520653bfa290922c6ef5e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed