Berlios gpsd, a remake of pygps, suffers from a format string vulnerability that is remotely exploitable.
91f4951eb6348f3788887678a4451b9998f3f8c3cbacfcc1f0fda31e97293782
Proof of concept exploit for an old format string vulnerability in setuid versions of top. This vulnerability has popped back up in the Solaris 10 Companion CD.
9842f1e35ea800234ee1ff28c9db6a44ab8417bc36c0166992291eab98417bdf
An old format string vulnerability in setuid versions of top has popped back up in the Solaris 10 Companion CD.
e5eb6c2c021c50cbd277e4a3bf9be9224e71d84c31ce80d8354b58ec76e4fc1c
Altiris Carbon Copy Version 6.0.5257 allows for a user to browse to cmd.exe and spawn a shell as SYSTEM.
6ef1b88164c9c818f8c4aa86dabcd881831325a0099d0eb3250d14e927fb9c7d
Secure Network Operations Advisory SRT2004-01-17-0227 - The BlackICE PC Protection firewall/IDS versions 3.6.cbz and below allows local users to gain SYSTEM privileges.
e11291b6fe63deb9260c5e4794ff9f5c78a8c4a27a5ad66e8a0b594f3485a735
Secure Network Operations Advisory SRT2004-01-17-0425 - Ultr@VNC, the client/server software that allows you to remotely control a computer over any TCP/IP connection, has a faulty ShellExecute() statement that allows a local attacker to gain SYSTEM access.
f28f3ed6c815915416535420f36bf7ce30645cb63ebc9a1df339d53450bf5b4b
Secure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.
e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335b
Secure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.
4c775c66c82287be41345fd9ecb5d5bd94271ba0bb0a8ddc47b1cecff85dbac8
Secure Network Operations Advisory SRT2003-12-04-0723 - Ebola, the AntiVirus scanning daemon system versions 0.1.4 and below, contain a remotely exploitable buffer overflow in their authentication sequence.
ab8ac4be2a73ff8565230c696bef71988ee754456506e8ac690fced1879fa5eb
Secure Network Operations Advisory SRT2003-TURKEY-DAY - Administrators using the traceroute detection utility published in Phrack Volume 7, Issue 51 may be leaving themselves exploitable to a format strings issue in detecttr.c.
33e3182819127da3ad076e5420778a32b82010b43f282830765514729f9307f2
Secure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781
Secure Network Operations Advisory SRT2003-11-11-1151 - Clam AntiVirus versions clamav-0.60 through clamav-0.60p are subject to format string attacks that allow a remote attacker to commit a denial of service and possibly perform remote command execution.
10ef4bf26c1ab47ad1a7b53bc21aae94a7fe570686b961eb6d52b4a3d73035fa
Secure Network Operations Advisory SRT2003-11-06-0710 - IBM DB2 UDB v7 through v8.1 contains multiple local security flaws including buffer overflows and format string bugs in db2start, db2stop, and db2govd. Fix available here.
024592d4a5147b75bed2225d6e629852eb1d72976b68b04a810ce561e313c67c
Secure Network Operations, Inc. Advisory SRT2003-11-02-0115 - The NIPRint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a buffer overflow that can allow a remote user to gain SYSTEM privileges. http://www.secnetops.com.
fb70af3656c58520746abf065985b71d5adb36f13e3adc0125088d0ea0640f8c
Secure Network Operations, Inc. Advisory SRT2003-11-02-0218 - The NIPrint LPD-LPR Print Server versions 4.10 and below on the Win32 platform are susceptible to a vulnerability that allows a local user to escalate to SYSTEM privileges. http://www.secnetops.com.
fc2a664387e4787a695b2af87bd843a7baf71489667b12addea670ac90cb1175
Secure Network Operations, Inc. Advisory SRT2003-09-11-1200 - In the man-1.5x code, some checks may not be present upon compile time that keep man from not being vulnerable. RedHat 9 is one such installation that ships man setgid and vulnerable to attack if the vendor supplied binary is utilized. http://www.secnetops.com.
743603b784eb340ce003d68fe7310d77a3cf4938a9b7ae14aee5b8377252c813
Secure Network Operations, Inc. Advisory SRT2003-08-22-104 - widz, the 802.11 wireless IDS system version 1.5 and below, makes use of untrusted input with a system call. If this utility were to be used in a production environment with any non-root users on the system, they would be able to easily escalate their privileges to root.
0a5bd8db53063144a11c8d343d4ad593cd07df746dc5dac63023d1b8f5b20b2b
Secure Network Operations, Inc. Advisory SRT2003-08-11-072 - ViRobot 2.0, the Linux-based antivirus solution, has multitudes of suids that are vulnerable to abuse.
b0f7f0118ddf986cbff764a044a771d9d65a93d009a0b5c98382c9be43058a9b
Secure Network Operations, Inc. Advisory SRT2003-08-01-0126 - The cdrtools-2.x package comes with a setuid helper binary that allows non-root users to overwrite root owned files. Instructions for local privilege escalation included.
cbbba6e4ccd3d5a97d50f7d3e328abecc761e8017e481e8e7f64d1a64a99ca49
AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
2875baab452b93c7ef7d5f24fbb1d46a9fa65f879a5d43f51352eee63870a710
Caldera Security Advisory CSSA-2002-SCO.17 - A buffer overflow found in how the sar can be used to execute shellcode with elevated privileges on Caldera OpenServer 5.0.5 systems.
b2227264615ef07d201eb3e93c99b69dd64badf1fc46ac112f0c1c6cc2510596
Tarantella 3.01 ttawebtop.cgi "show files" exploit. '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retrieve files from remote sever, which should not be accessible normally. Exploit URL included.
9d5f4ace0d04cf6c840c506cafe1e2d3223f2c0444093380f59b04e3a168c8d5
Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well.
1affd95a288c842d09addf3da78a30cb53346dabcd3917f23ac63d00b2e272cf
The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given.
8515eea65683688bde7181a502762ac58e5f98c78c8520653bfa290922c6ef5e