exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow
Posted Feb 21, 2019
Authored by Matteo Malvica

RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 801b86d255328b3fedc995c0bcbbcc29d2ca3f7b6e8522ecf7a4d5babd746c01

Related Files

Ubuntu Security Notice USN-1086-1
Posted Mar 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1086-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175
SHA-256 | 8b47c6ebe7f6860e5fb3da4897e68af88a18eccd3e4d5e77146dc58143df0d3c
Terminal Server Client Denial Of Service
Posted Feb 2, 2011
Authored by D3V!L FucK3r

Terminal Server Client denial of service exploit that creates a malicious .rdp file.

tags | exploit, denial of service
SHA-256 | d857699b16f5ec4c39e143b5884dbd9906f3c40528d651e0211042a4d470a457
Secunia Security Advisory 43120
Posted Feb 2, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in Terminal Server Client (tsclient), which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | ac12b089dc90737dcca51d9af9a18ef8db55ead8185fb24199205ea5184c4e81
Mandriva Linux Security Advisory 2010-161
Posted Aug 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-161 - The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2713
SHA-256 | 5c7a414367f3129cbf38fe91e8a83bb33c301685dd0732c30600871a9afdbbef
Ubuntu Security Notice 962-1
Posted Jul 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 962-1 - Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2713
SHA-256 | 80c4d64b72f9a308db9f8e5b218bb0ad4dff2e8abe8e73d44a908a8521f7dfe1
60 Bytes Phuck3d! Shellcode
Posted Apr 27, 2010
Authored by condis

60 bytes small Linux/x86 shellcode that send "Phuck3d!" to all terminals.

tags | x86, shellcode
systems | linux
SHA-256 | 222bcd93231be03d8446d74896dc2dff4386ef4ba1d7da74f7643266b106a418
Ubuntu Security Notice 900-1
Posted Feb 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2009-1904, CVE-2009-4124, CVE-2009-4492
SHA-256 | 70b75a6c7bfeabf4136e18e897f88132e74cb4a9c3e67e5d0923c49a358f6156
Debian Linux Security Advisory 1994-1
Posted Feb 12, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1994-1 - It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.

tags | advisory, web, denial of service
systems | linux, debian
advisories | CVE-2009-1629
SHA-256 | 01f42fb15d52253fce43542edbfa8cbe981715dacca0392a6536379ca8948e33
Mandriva Linux Security Advisory 2010-017
Posted Jan 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-017 - WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, mandriva
advisories | CVE-2009-4492
SHA-256 | 5b4843eb8fd87e50c463fed2a1697b702750dfd1be042b47462472371bd6e626
Gentoo Linux Security Advisory 201001-9
Posted Jan 14, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-9 - An input sanitation flaw in the WEBrick HTTP server included in Ruby might allow remote attackers to inject arbitrary control characters into terminal sessions. Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instance when handling HTTP logs. Versions less than 1.8.7_p249 are affected.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, gentoo
advisories | CVE-2009-4492
SHA-256 | f50111006fffa62948fd5efaae52f0ed28bc7804c0455af5537768f817e9d1a8
Terminal Server License Bypass
Posted Jan 11, 2010
Authored by Zorzan Urban Pawel | Site pawelzorzan.eu

This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.

tags | registry, bypass
systems | windows
SHA-256 | 9cec54ca3bf48377115aba5d8a681eeb8b070d26a3b7949518b42ec39e09b6cb
SudoSH 3.2.0
Posted Dec 1, 2009
Site sourceforge.net

sudosh3 is an auditing shell and filter based on sudosh2. It aims to improve file management and terminal emulation. Passwords are not recorded.

tags | tool, shell
systems | unix
SHA-256 | 8a1099da9a6115db2cf70112aa48600bd056c868e98ac27e80b07bfab4b7b362
Safari Archive Metadata Command Execution
Posted Oct 28, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.

tags | exploit, shell
advisories | CVE-2006-0848
SHA-256 | 8c4311240e8171f3f9f4e554f0f29aa8dd421640cd7dc1296331a5d14e3d441f
Apple Terminal xterm Resize Escape Sequence Memory Corruption
Posted Jun 3, 2009
Authored by James King | Site tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Terminal. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of 'CSI[4' xterm window resizing escape code. When a very low negative value for (x, y) size is set, an integer overflow occurs resulting in a memory corruption. This can be further leveraged to execute arbitrary code under the context of the logged in user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2009-1717
SHA-256 | 20ae37d091c7aa40b2e3352124f58f68bb08d2f96fd590e14194979db31572c4
Debian Linux Security Advisory 1694-1
Posted Jan 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-2383
SHA-256 | 3e2b711ede10390232555c7428e3ef4ba8fa5b9efd1daa4be578455a531e921a
sniffy-0.1.1.tar.bz2
Posted Nov 4, 2008
Authored by jolsa | Site sniffy.sourceforge.net

The sniffy project can trace/log the data of any pseudo terminal in the system. Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen, and sniffy is able to display/replay this information. It consists of a kernel module able to connect/hook on the pseudo terminal, a program to display the contents of any pseudo terminal on the fly, a daemon process tracing the pseudo terminal content into the file, and a replay program to replay any stored pseudo terminal session.

tags | tool, kernel, sniffer
SHA-256 | 690392cbd14e5cf80472524f7dd7b417a2655b94209dbf746d054c0351cb5892
Mandriva Linux Security Advisory 2008-222
Posted Oct 30, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in Eterm allowed it to open a terminal on :0 if the environment variable was not set or the -display option was not specified, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-1692
SHA-256 | 6135ff2144b6f19a3b7088ce33de499f9ede3466b9efd1cc8e21e78e79cb33a9
Mandriva Linux Security Advisory 2008-221
Posted Oct 30, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-1142
SHA-256 | f5133a98ebeb14790bd38e8f48d1d2aaf8129160a01443ae2933695af3a86e6a
Ubuntu Security Notice 637-1
Posted Aug 27, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2008-2812, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275
SHA-256 | ca0426c0a769cfea0d004df111f7bc27965eadeb0ea4026d54fcf6f94868702f
Mandriva Linux Security Advisory 2008-161
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-1142
SHA-256 | e60f27b0775d9c012b721d0ab173af4f74bc20df9f23fe93dd15ac0af121939f
pshtoolkit_v1.4-src.tgz
Posted Jul 10, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Changes: Support for XP SP 3 for whosthere/iam. New switches.
tags | remote, local
systems | windows
SHA-256 | e7bde2f898cac6acd7178cbc1b56f32a0e4c5273632a401bcd79b11e77d91c0c
Gentoo Linux Security Advisory 200805-3
Posted May 8, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-1142, CVE-2008-1692
SHA-256 | 8e597b0eb583a93f5b20705800370493675a314ae667c8c72e4033be649d542c
Debian Linux Security Advisory 1561-1
Posted Apr 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1561-1 - Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.

tags | advisory
systems | linux, windows, debian
advisories | CVE-2008-1293
SHA-256 | 7c1b5251834a193362f5581177021f87b6d1a3085067f563d362dd16b8fb66c2
pshtoolkit_v1.3-src.tgz
Posted Mar 3, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Changes: Various updates.
tags | remote, local
systems | windows
SHA-256 | 13ef7b8410107d58975fc08d8936ecc0c604229ac2938a11198712cf2d2625ab
pshtoolkit_v1.2_src.tgz
Posted Jan 22, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.

Changes: Various updates.
tags | remote, local
systems | windows
SHA-256 | ca44f24d0aee8b477db09c45fa6771b0c852c2cebf644dd4a756951e9808fddc
Page 2 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close