ChiTeX, the utility used to put Chinese Big5 codes in TeX/LaTeX documents, contains two setuid root binaries that execute cat without using an explicit path allowing an attacker to easily gain root privileges.
1c2236c651538e4aaaa0b8f89bbc85cd212f6cf79eed7e9609ddef1998071e56AlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
2875baab452b93c7ef7d5f24fbb1d46a9fa65f879a5d43f51352eee63870a710This exploit abuses a local buffer overflow in the Cisco VPN 5000 Linux client v5.1.5 close_tunnel binary to spawn a root shell.
34bafeee302ca398ef823196ebb28939ffd4c7fc879cf8d54ed08151f5f4034eRemote format string exploit for the nn news reader v6.6.4 and below. The vulnerability resides in the code that handles NNTP server responses.
bd02d3ca74768f8d26a7e158028072e79242e1adb157d1507c85bafb371c854eSlrnpull '-d' buffer overflow exploit. Executes shellcode with group 'news' privileges. Tested to work on an Intel Red Hat 6.2 installation .
eccfcdb6d3ad013958b3649b816be1230bf50ad9509fddc11a59fc1c14880407NN v6.6.3 and below remote format string exploit for FreeBSD. Malicious server owners can use this vulnerability to execute code on systems that are connected with affected clients. Fix available here.
196d39f26cc27f3b7ab41de171afbed92adacc402a4519d9444770b26a2bf244Mnews v1.22 remote FreeBSD buffer overflow exploit. Included shellcode prints a message to stdout.
01ef7c9e912a48e3c415c9f36a6240e9e0a115bf00bebc74b5585b7817ddb949Safemode Security Advisory SRT2002-04-31-1159 - Several local and remote overflows have been found in the Mnews package v1.22 and below.
34e50c77bf1364ae80884b5a9c0e02f0f32770926beb9492611db880bf70ab98Local exploit for the Sendmail 8.12.3 and below flock denial of service vulnerability.
bbaf654cf0fc0e59bbd9e31ec8803d66b440dda134c4511d4ff41af8c42ac323This is Intel shellcode that does an execve of /bin/sh and works on OpenBSD, NetBSD, FreeBSD and Linux. More information can be found here.
f4c43ae66ec56a546fd302bf5e8a101723bcc899e973aec9b3341bacc7c05e60Linux and FreeBSD shellcode which reboots the machine. Info on Multi-OS shellcode here.
e1a494bd987d475eca05396c759a60fa126d13be3a265afb1c815b4af37d5f8dLinux and FreeBSD Multi-OS shellcode - Spawns a shell. Info on Multi-OS shellcode here.
f908d0ac122c0c91f770cc286f83c1f2923e465ea98e1a505778e013d8bd9559Remote FreeBSD cURL exploit for versions 6.1 - 7.3. More info available here.
cb3b41070a035495a6c0d2f9b4a6cfc27b235c73e132f73706c9a2910cdd0597Remote linux cURL exploit for versions 6.1 - 7.3. More info available here.
dad91fe61044ca9a5d49c69ade363fac8dad8e28d8281dc3943fb2ce21ed8fb8This is encoded FreeBSD shellcode that binds /bin/sh to port 43690 (0xAAAA). The aim of encoding the shellcode is to obfuscate certain bytes in order to bypass IDS detection and buffer filtering.
2672b98674cb4160ab29441ce7c4968ab49217ed9f2745731e4f65410a58ff5cFreeBSD/Linux exploit for a buffer overflow in the snes9x Nintendo emulator. The linux shellcode works also on FreeBSD since snes9x runs on those systems with linux emulation.
db628cc64cef1685a7de38aff3d19885b177d6ead58e67ec5e2be496541d0bc2Linux x86 shellcode that does an execve of /bin/sh. This shellcode contains no slashes so it can bypass certain application filters and was originally written for a snes9x buffer overflow.
4ef2d0f1cd24777b5709b44238b964e296e95e992d81fd668b2dcd7eb70e8405Linux x86 shellcode that does a sync(),sync() and then reboot(). Exit() was added in case the previous syscalls fail.
2a81a00a01fb93b1d0701c442911f09ffe9075a1f32d755a4eefdd63a9c2d8e1Linux x86 shellcode that does a rename() of /bin/motd to /bin/owned.txt.
c08087a9d2b40464bf48bb83e0210b95af5595e13cc818be21c128b45db326abLinux x86 shellcode that does a reboot().
a60f971b1b2c77391e3e9d43a47e554227ec63b5cc99a417cf70f5e18f451dc1Linux x86 shellcode that does an execve of /bin/sh /tmp/p00p.
a63c3eefd42c563f8c4553b56dde2155a919427d878f9e92c32def321f5074c9Linux x86 shellcode that does an execve() of /sbin/iptables -F in order to flush activated firewall rules.
3ce24c6dbb6a4441745c8a1f8f94109161f80d7f25a9e6b22f721f5a034324f1Linux x86 shell code that does an execve of /sbin/ipchains -F.
cb1122033c6453ca6dd2cd7f3f957f12101d952a92e4069803880036c606f53fLinux x86 shellcode that uses execve and echo >> to create a passwordless root account.
476110f24a8fc0d9904743658a7ce6ad2d312ef90df05c1145c481107d84bbd9Linux/x86 shell code that creates the directory 'hacked' (perm 755) using the mkdir() syscall and then does an exit().
a47f49596e69b77ee0502080bd57ac9b793baacb34f6573d5f3f9cc5492e6a0e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed