Efstool Local root exploit for redhat. Requires efstool to be +s for root exploitation. Useful for breaking out from restricted shells. Tested on Redhat 7.1, 7.2, and 7.3.
56fbeadf6c3197a29e31b79d12722accbedb224cb521f2116eb46f376cf8854dChat Local root exploit for redhat. Requires chat to be +s for root exploitation. Useful for breaking out from restricted Shells. Tested on Redhat 7.1, 7.2, and 7.3.
a38709858c17621a4940bea65d88f2f573fdcbf9e2cf26ccd0d9873946196a70/usr/sbin/pwck local root exploit for linux. Affects only +s pwck, remember though its a good way to break free from restricted shells - even to the same UID. Tested on Red Hat 7.1, 7.2, and 7.3.
b75ad70961e03feeb4b123acf7bf9b70259f02d79f6d5b5aa604e838ec59e647BinD: Virtual World Resolver, an IRC Bot. This is linux version for the VW Converter.
20ab2006de5594e3acbc4496a139bd8f7cbb3b84688566b6398bfda0071f2b6bAtstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.
922979add04dd03a99e8b8cf1546f75144cba14cd5ed8c57ec889932256bc0dbSpew_spy.c sends spoofed UDP packets to a Gamespy-enabled game server, causing it to spew packets at a target of the user's choice.
7e4eec1e353c39d1438682695bca9c0100dcc993d6a7c20899a1f81a6fa6ca8eRed Hat Security Advisory RHSA-2003:015-05 - The rm and mv commands from Fileutils 4.1 and below contain race vulnerabilities which allow local users to delete files and directories as the user running mv or cp if the recursive option is used and the user has write access to any part of the directory tree being moved or deleted.
a80cb8fb856398925323c191a299ae9f327213094487b8f51517f9561ce60f3fRed Hat Security Advisory RHSA-2003:035-10 - The pam_xauth module included with the pam package v.75 and below contains a local root vulnerability which can be exploited if root is tricked into su'ing to the attackers account.
ad170f1655423e3feed8d627960d9d2c57d5460e7c4204797296bdff5b821a3cThe Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.
aa3c944b4f85c34c5806f7acbe78d1eaa9f59c0ca2c7249a2f2fc55a1464e328Red Hat Security Advisory RHSA-2003:029-06 - Lynx v2.8.4 contains a CR/LF injection vulnerability which can lead to faked headers being sent to a web server.
e05f3d9f7bdecf8e6fedd79d93868275c3e8c747da2c0507685a694de001e360IBM Security Advisory - IBM AIX v4.3, 5.1, and 5.2 has a local root vulnerability in setuid applications linked with libIM.a. Fix available here.
8d53c13846ee5f97fc58ab0627a476ae048a8340d08ce8b33f3c38ffdbe77412Astaro Linux Firewall Bounce scan. Attempts to grab a banner from a given ip and port.
3ad8ddcd786f787e0b62854cfaf72adbcea82f6d1d34e227d193c2eeb8a5a731Absolute Telnet v2.00 buffer overflow exploit in perl. Creates a fake server for the client to connect to, and sends an overflow string once it connects. Tested against Windows XP, based on an advisory by kain@ircop.dk.
af8d5ae98253a8deeb5f462c4c4313d439dc7c3a4d6ee776926612f86b27c414Yabase v1.5.0 and below remote scanner / exploit tool which takes advantage of a bug in an include named Packages.php.
c4f2966de2f40c8fd232eab6f99e412b3fbb10932ea8de84a7fcfcf3f680f25dThis utility demonstrates a simple udp backdoor which allows for remote program execution on a Unix server.
5b82b2a9f56e51c23e56fff0a2aa422ce7a192f5ef6f22bf47155bb1b3689957IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.
d48b6926c82ffe75c223b8a03b1f5182ccf081eafc0e952920b165ba77191d02Red Hat Security Advisory RHSA-2002:202-33 - Python v2.2.1 and below has a temp file vulnerability in os._execvpe from os.py which allows local users to execute arbitrary code via a symlink attack.
822772e745db7d21b2b9bc4fe2db053ac18299cff1d54f0118e3c00554dd3e0eKaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus 4.0.9.0.
6949810c13d2cba2796d0abbbae6962016128aba3acc695195bdaa032d0e85b3It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.
3c005022589cdd7f5a8b111e3c1376932e2a7aa5e26e42083ce66606bbf95efbComprehensive paper explaining various ways to get around restrictive web proxies which are used by some restrictive countries and corporations.
8d9d766cd21a65b57e4c66bdeab1db1cf15172a76f5abf3a8ffb6b63490001abSmtpscan is a tool to guess which MTA is used by sending several "special" SMTP requests and by comparing error codes returned with those in the fingerprint database. It does not take into account banners and other text information, that cannot be trusted, only error codes. A document describing the fingerprinting method implemented in smtpscan is available here.
da277e5caa8a4c74cf3becc5632d8ac1382c2d36f67af961b7e0f7f31069d39fMicrosoft Security Advisory MS02-071 Version 2.0 - The Windows message WM_TIMER allows local users to execute code with LocalSystem privileges, giving the attacker complete control over the system.
00eb8126d183ba4ca4e54a096a5e82c52b2c665d7641910e0cf9d5577da523e6This program finds the real IP address behind the masked IP address on PTlink version 6.14.2 and other versions of PTlink which has SpoofMethod set to 0 in network.dconf.
a7144b8a89043c345624b82a6de0ef8e811b9635c72393867945e943259c6311SQLBase 8.1.0, the database management system, has a buffer overflow when the EXECUTE string exceeds 700 characters. Possibilities for exploitation include privilege escalation to GuptaSQL uid and a denial of service against the database.
ffa52760c1c161417420ffd38630b1569751d5cb660a82c0add839da2e0fb68aRemote root exploit for Realserver 8 on several Windows platforms.
90292d4e257cdbfdf377651683c109aa8ae179a5a90d51aef9d7f78c2125337f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed