exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files

OpenSMTPD 6.6.1 Local Privilege Escalation
Posted Feb 11, 2020
Authored by Marco Ivaldi

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell meta-characters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

tags | exploit, remote, arbitrary, shell, root
systems | openbsd
advisories | CVE-2020-7247
SHA-256 | f42f9b3d984851bedec7966cba6c70991ad906a48462064b1ae90325c6aa112b

Related Files

Zyxel zysh Format String Proof Of Concept
Posted Feb 9, 2024
Authored by Marco Ivaldi

Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

tags | exploit, overflow, local, proof of concept
advisories | CVE-2022-26531
SHA-256 | 274400da6832cf3ae8c1a6277041c603d352c6bf51a08f409168fc36a69f146c
Solaris 10 dtprintinfo Local Privilege Escalation
Posted Jan 20, 2023
Authored by Marco Ivaldi | Site raw.githubusercontent.com

Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors().

tags | exploit, overflow, local, root
systems | solaris
SHA-256 | 8fed0e704e1d7fbb2603ba2f25e66d64bafc8105967e5ce69f807ea920fafcb1
Raptor WAF 0.62
Posted Mar 8, 2021
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Patch fix to the improving documentation.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 34a59934180dc4ec202e6e77747f7e92b07457fb6a80ea09fb608137ac914095
Solaris 10 1/13 dtprintinfo Local Privilege Escalation
Posted Feb 2, 2021
Authored by Marco Ivaldi

This archive contains five proof of concept exploits that leverage a dtprintinfo vulnerability in Solaris 10 1/13. It contains three exploits for SPARC and two for Intel.

tags | exploit, proof of concept
systems | solaris
SHA-256 | 10f71ccdb906e501c54f2745a839efada98f12e952d73ba38a22ad24bd4b5f3e
Raptor WAF 0.61
Posted Oct 13, 2020
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Fixed memory error handler.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 0a7304f718d69a449db303760bf7828fbc60565ec5725a46d02733fc0191ed21
SunOS 5.10 Generic_147148-26 Local Privilege Escalation
Posted Jan 15, 2020
Authored by Marco Ivaldi

SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
SHA-256 | aa916b476c438bad08b7aea8b01a918e991d3830378d96635e1586a0f7f2b220
Solaris 11.4 xscreensaver Privilege Escalation
Posted Oct 16, 2019
Authored by Marco Ivaldi

Solaris version 11.4 xscreensaver local privilege escalation exploit.

tags | exploit, local
systems | solaris
SHA-256 | 3fa7ecaa53e22bbbf5fa735cf10b22a008a02e7bd17c04bcfd1abb124cb3e6f8
Exim 4.91 Local Privilege Escalation
Posted Jun 17, 2019
Authored by Marco Ivaldi

Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-10149
SHA-256 | f66d7f3a31ac18712c80085004dbe2a60269462f0ed94217c0afa6f03a4f8107
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
Posted May 17, 2019
Authored by Marco Ivaldi

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2019-2832
SHA-256 | 061ca4997bee326476bbf713f5e74683ca863ebc4120b082849a1add69987dfe
Raptor WAF 0.6
Posted Apr 14, 2019
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Fixed error handlers. Improved and fixed all socket connections.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 80fb69bd26cf7d8895d8f7c1f088a02b1182321ded9c054d2e2b9523ced723d1
Raptor WAF 0.5
Posted Jun 26, 2018
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Added support for PCRE.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 447b1f123430d2d4378832b337fca556aa9a009f7c6863f5382f9844a50bcc42
Raptor WAF 0.4
Posted Dec 7, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Various updates.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 39030481d50134c2c14624899787ca277f1583f87c984029cec27e80922fade0
Raptor WAF 0.3
Posted Oct 29, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Various updates.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | e124a10f5e1cc12f366263958aeaf678bc45ef125e7d80430afc2808ac8cf4a5
Raptor WAF 0.2
Posted Aug 9, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Various updates.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | 923cdb6e5ca88b6f0ebaca62f650819c0d9b6ac5c4bdc58835f40a6a364af04c
Raptor WAF 0.01
Posted May 31, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | a37959fdaf2f95ce8625c170bf8f4582b5b3e15970f56150eb45599ccfb0bf90
raptor_orafile.sql.txt
Posted Dec 22, 2006
Authored by Marco Ivaldi

Oracle 9i and 10g file system access via utl_file exploit.

tags | exploit
SHA-256 | 6a855c171229fa36b67fcac3d0b5386b14c748ade5343c12a88b8cf49a41e5f0
raptor_oraextproc.sql.txt
Posted Dec 22, 2006
Authored by Marco Ivaldi

This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user. All versions of Oracle 9i are susceptible. Oracle 10g versions prior to 10.1.0.3 are susceptible.

tags | exploit, arbitrary
advisories | CVE-2004-1364
SHA-256 | a20687baa07c822bd25b99c3cf83c52490637e73c8ad269208f88421d3667d01
raptor_libnspr
Posted Oct 20, 2006
Authored by Marco Ivaldi | Site 0xdeadbeef.info

raptor_libnspr - Solaris 10 libnspr oldschool local root exploit. Exploits the design error vulnerability in NSPR.

tags | exploit, local, root
systems | solaris
advisories | CVE-2006-4842
SHA-256 | 4534f08fb4e5ebcc7329d2d59c1fbdfb5145398877594c9b4e82b067b081c76b
raptor_xkb.c
Posted Sep 14, 2006
Authored by Marco Ivaldi

X11R6 versions 6.4 and below XKEYBOARD local buffer overflow exploit for Solaris on Sparc.

tags | exploit, overflow, local
systems | solaris
SHA-256 | c2b1bf576267c476946a40ae73c3f1ddc2d7a2211f2ff67c23fc4653239b466a
Linux 2.6.17.4 logrotate prctl() Local Root
Posted Jul 18, 2006
Authored by Marco Ivaldi

Linux kernel versions 2.6.13 through 2.6.17.4 logrotate prctl() local root exploit.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2006-2451
SHA-256 | 995ad370e696f5f1c0bc629b380daafcd59b60857f273db6b436e78d3a465c8e
Linux 2.6.x suid_dumpable Local Root
Posted Jul 13, 2006
Authored by Marco Ivaldi

The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and POSSIBLY gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2006-2451
SHA-256 | 43b35a03fd56d46107a22c6dd5e1fbf42c693fadd0596f7aaa5fee6249b7f76f
raptor_udf.c
Posted Dec 31, 2004
Authored by Marco Ivaldi | Site 0xdeadbeef.info

Local root exploit that makes use of the dynamic library for do_system() in MySQL UDF. Tested on MySQL 4.0.17.

tags | exploit, local, root
SHA-256 | 95a7207a7051562030ac705492537b56b8b7240a2c9e35e9973ec9e34e4a0c48
raptor_rlogin.c
Posted Dec 31, 2004
Authored by Marco Ivaldi | Site 0xdeadbeef.info

Remote root exploit for rlogin on Solaris/SPARC 2.5.1/2.6/7/8. This remote root exploit uses the (old) System V based /bin/login vulnerability via the rlogin attack vector, returning into the .bss section to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).

tags | exploit, remote, root
systems | solaris
advisories | CVE-2001-0797
SHA-256 | bfeb19101920045f9d6f6904868ad67701158aa7b9bc94f200fad68320b7c937
raptor_passwd.c
Posted Dec 31, 2004
Authored by Marco Ivaldi | Site 0xdeadbeef.info

Local root exploit for a vulnerability in the passwd circ() function under Solaris/SPARC 8/9. This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).

tags | exploit, local, root
systems | solaris
advisories | CVE-2004-0360
SHA-256 | a6e61ccf2c4234b32ebb45aaf4f04d6bf8eaca49b1b7f4a8c10f9a63208bbd20
raptor_libdthelp2.c
Posted Dec 31, 2004
Authored by Marco Ivaldi | Site 0xdeadbeef.info

Local root exploit for a buffer overflow in CDE libDtHelp library that allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature. Works against Solaris/SPARC 7/8/9. This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system).

tags | exploit, overflow, arbitrary, local, root
systems | solaris
advisories | CVE-2003-0834
SHA-256 | b8436092faaf18ae6c0392c009430729a21181ff6e47eb8696bfd081a924f23b
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close