exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 133 RSS Feed

Files from Larry W. Cashdollar

Real NameLarry W. Cashdollar
Email addressprivate
Websitevapid.dhs.org
First Active1999-11-14
Last Active2020-07-15
View User Profile
Sun Update Manager /tmp Clobber
Posted Jul 20, 2012
Authored by Larry W. Cashdollar

The Sun Update Manager suffers from a /tmp clobbering vulnerability.

tags | exploit
SHA-256 | 9ed3d1ea271454d9da6b06fca58387916ec1c5bb71e3b0bd7e332c3cde7b3960
Basilic 1.5.14 diff.php Arbitrary Command Execution
Posted Jul 6, 2012
Authored by Larry W. Cashdollar, sinn3r, juan vasquez | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

tags | exploit, arbitrary, php
SHA-256 | 80e3ce82a2d97fa36f0665883aecc56cc126a901567bd0c4251832c7ded7ffe7
Safari On iOS Denial Of Service
Posted Jun 8, 2012
Authored by Larry W. Cashdollar

Proof of concept crash exploit for Safari on iOS that leverage a denial of service vulnerability.

tags | exploit, denial of service, proof of concept
systems | apple
SHA-256 | b7aed7d45d2d8c141f4d038fb1e6bb148bd5d8c687b4740e140f2b04997e86d9
Oracle Exadata Infiniband Switch Default Logins / Poor Configuration
Posted Mar 15, 2012
Authored by Larry W. Cashdollar

Oracle Exadata Infiniband Switch suffers from default logins and a world readable shadow file.

tags | exploit
SHA-256 | 7e5478fdcf18712f433486ced03cd8f6db6de63a872fcfdbfc813aea0e823206
Mambo CMS 4.6.5 Denial Of Service / Disclosure
Posted Jan 8, 2012
Authored by Larry W. Cashdollar

Mambo CMS version 4.6.5 suffers from denial of service, poor permission use and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
SHA-256 | 726b0757aee41d55186a299fbe523c06e0d0e6dd07c151e1821f7b9f1fcbbbba
bzexe /tmp Race Condition
Posted Nov 6, 2011
Authored by Larry W. Cashdollar

bzexe suffers from a /tmp race condition that allows for local root compromise.

tags | exploit, local, root
advisories | CVE-2011-4089
SHA-256 | 6e68fae43ebf644c85b61c5d338cdd51e5d73299d4c2a58f508e21a2c155b364
Perl Cache-Cache-1.06 /tmp Insecure File Permissions
Posted Apr 5, 2010
Authored by Larry W. Cashdollar | Site vapid.dhs.org

Perl Cache-Cache version 1.06 suffers from an insecure permission vulnerability.

tags | advisory, perl
SHA-256 | 37ffab0c7b687666bcf779dfc51ce9d345e58e91e512e603ede4b5e82c37b6b5
Solaris Update Manager / Sun Patch Cluster Symlink Attack
Posted Mar 25, 2010
Authored by Larry W. Cashdollar | Site vapid.dhs.org

Solaris Update manager and Sun Patch Cluster suffer from a symlink vulnerability.

tags | exploit
systems | solaris
SHA-256 | 2c5e6fb72b5483c114e659a98e04e40c8239612c494aab80a6f8827baed220f6
patchlink-pwn.txt
Posted Jan 26, 2008
Authored by Larry W. Cashdollar | Site vapid.dhs.org

The PatchLink Update Unix Client suffers from multiple file clobbering vulnerabilities allowing for privilege escalation.

tags | exploit, vulnerability
systems | unix
SHA-256 | 9edd2c3dea0e2f04c171d8980ce2fe3f0ec1fc649d996bba22558f6b5207870c
Informix-ids.txt
Posted Oct 4, 2006
Authored by Larry W. Cashdollar | Site vapid.dhs.org

IBM Informix (IDS) V10.0 suffers from several flaws that could allow an attacker to overwrite any file on the system or inject commands into the installer scripts.

tags | advisory
SHA-256 | e299b03aa62557f2b9a2a6bba84f0efdb77c22a8264d634d77e8361c2c039429
thttpd-htpasswd.txt
Posted Mar 8, 2006
Authored by Larry W. Cashdollar | Site vapid.dhs.org

The htpasswd program shipped with thttpd-2.25b can be tricked into executing arbitrary programs.

tags | advisory, arbitrary
SHA-256 | abdda0f4558def730529de9345400a2e8dcfde31ef1b3602b6dde851b696f909
1333htpasswd.txt
Posted Oct 29, 2004
Authored by Larry W. Cashdollar | Site vapid.ath.cx

It appears that the new Apache release 1.3.33 still is susceptible to a local buffer overflow discovered in htpasswd under release 1.3.31.

tags | advisory, overflow, local
SHA-256 | e6a9149037f4b1d66672b62767ea68f40b7ee59f1984ddb9aa2e324192efe4ef
iDEFENSE Security Advisory 2004-03-19.t
Posted Mar 19, 2004
Authored by Larry W. Cashdollar, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 03.19.04: Exploitation of default file permissions in Borland Interbase can allow local attackers to gain database administrative privileges. The vulnerability specifically exists due to insecure permissions on the admin.ib user database file. Local attackers can add or modify existing accounts to gain administrative privileges.

tags | advisory, local
SHA-256 | b71f1e19f5d04a562354ac69ff0c4e4809b8054067ce74ebf7ae83fa5306c438
primebaseLWC.txt
Posted Nov 25, 2003
Authored by Larry W. Cashdollar | Site vapid.dhs.org

Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.

tags | advisory, local
SHA-256 | 43002c694b892879a9fefb2c4763eaa0435c8018f79e132da7c50c1395f81a57
primebase.txt
Posted Oct 3, 2003
Authored by Larry W. Cashdollar | Site vapid.dhs.org

SNAP Innovation's PrimeBase Database 4.2 employs a poor use of file creation and default file permissions that could allow a local attacker to gain administrative privileges.

tags | advisory, local
SHA-256 | 126d4fc6faa462a7f475dbaf8949f35c75b0233ca041cf7689ed0d082e73ec95
intersystems2.txt
Posted Aug 26, 2003
Authored by Larry W. Cashdollar

Further information and research in regards to the InterSystems Cache vulnerabilities discussed here. Two new vulnerabilities have been discovered and exploits are included.

tags | exploit, vulnerability
SHA-256 | 728fbb24e98602c5fe921cab33d49eb861a834a80b0d955bc059096191267f54
intersystems.txt
Posted Jul 3, 2003
Authored by Larry W. Cashdollar | Site idefense.com

iDEFENSE Security Advisory 07.01.03: InterSystems Corp. Cache installs with insecure file and directory permissions, thereby allowing local attackers to gain root access by manipulating items in the main package tree. The vulnerability specifically exists because files and directories are open to all users for read, write, and execute operations.

tags | exploit, local, root
SHA-256 | a94ec4e715dbd55bc4d0dfb19dc4102c0d75702736bfe3b8af0e08165f59aa3a
VapidSAP.txt
Posted Apr 24, 2003
Authored by Larry W. Cashdollar | Site vapid.dhs.org

SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.

tags | exploit, local, root
SHA-256 | 133ef0c808730e0896b10d01e7b0daaaf775415dcf0f90ca80ffebe268a51845
patchadd.pl
Posted Aug 28, 2001
Authored by Larry W. Cashdollar

Solaris 2.8 patchadd local exploit. Takes advantage of a symlink vulnerability to clobber files with output from patchadd. Tested on Solaris 2.8 Sparc with the current patch cluster applied.

tags | exploit, local
systems | solaris
SHA-256 | a8745334e41a751bc67512da3ab3617e9e543b283f76da7d9a5b2496eef89fec
catman-race.txt
Posted Dec 23, 2000
Authored by Larry W. Cashdollar | Site vapid.betteros.org

Solaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.

tags | exploit, local, root, proof of concept
systems | solaris
SHA-256 | 9a29d9929df3618598e1b73b8901c5d5026303418322bac348f2cc5417e8cef6
sonata-teleconf-2.txt
Posted Dec 22, 2000
Authored by Larry W. Cashdollar | Site vapid.betteros.org

Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root.

tags | exploit, root
systems | solaris
SHA-256 | 66e1e97f64c7220d0c49571196c3c0b688f31aa0b1d4177776bcaca25289e18f
sonata.teleconf.txt
Posted Nov 16, 2000
Authored by Larry W. Cashdollar | Site vapid.dhs.org

Voyant Technologies Sonata Conferencing vulnerability report - Local and remote vulnerabilities have been found in both the Solaris and OS/2 hosts, including reused default passwords, poor file permissions, a lack of host hardening, account enumeration, and an insecure X console.

tags | exploit, remote, local, vulnerability
systems | solaris
SHA-256 | a8e729c47d2cec5776df25793904a78c510a9d33109cf09b1c50ec0743406e0e
dhashsawmill-pilot.c
Posted Aug 30, 2000
Authored by Larry W. Cashdollar | Site vapid.dhs.org

PocketC program to dehash the admin password for FlowerFire's Sawmill 5.0.21 log analysis package. This has been written, compiled and tested on my palm IIIxe. Takes a few seconds since the hash is so weak.

SHA-256 | 0aa155e7517924fa800b7c6c2d61993936bdde7128b24b1b64a1311803519fd9
sawmill-5.0.21.txt
Posted Jun 29, 2000
Authored by Larry W. Cashdollar | Site vapid.betteros.org

Sawmill 5.0.21 is a site log statistics package for UNIX, Windows and MacOS which has remote vulnerabilities. Any file on the system can be read, and password is stored with a weak hash algorithm and can be decrypted using the included C program. This is dangerous because the previous security hole will allow you to read the hash and decrypt the admin password.

tags | exploit, remote, vulnerability
systems | windows, unix
SHA-256 | 2c2c58f021857e688f36ad471178bf0306d758fc5829abf90f77a22c58174057
xsol-x.c
Posted May 19, 2000
Authored by Larry W. Cashdollar | Site vapid.dhs.org

/usr/local/games/xsoldier local root exploit. Tested under Mandrake 7.0.

tags | exploit, local, root
systems | linux, mandrake
SHA-256 | 2efbf7e734506a09a852e6b3154a6163a11aff489a05f01d6c99f70a70026d5b
Page 5 of 6
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close