GNU PeerCast versions less than or equal to v0.1216 Remote Exploit.
52782b7c57a34d83e13abde55ce91f90e5499e6f8617ad2fe720595a4239b49eApple Mac OS X versions 10.6.3 and below suffer from a chpass BSD insecure temp file creation in /etc vulnerability. A user can create a file with rw perms in /etc as owner and populate it with arbitrary data. This could be utilized to fill the disk or write configuration file information that could be combined with another flaw to elevate local privileges.
7612d1322811886943d0e1ba838ed0c5d2209c568bc240a49eeb336f0af2080cMac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.
280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82fSun VirtualBox versions 3.0.6 and below local root exploit that takes advantage of a popen() meta char shell injection vulnerability.
e2ddedb66eb6b5695c18761f7fb3938a54e20b5be176b2e29ef59c221c7f1e0fCitadel SMTP versions 7.10 and below remote overflow exploit.
17d73e7c5984975be22f519415b7f5914aaaa74629f78f76ee5f4586a019b28dWindows RSH daemon versions 1.8 and below remote buffer overflow exploit.
1c530d10caf782cb1a6270dae0b0e5974153013a57ef1f83b6166717ed3a1918GNU/Linux mbse-bbs versions 0.70.0 and below local root exploit that makes use of a stack overflow.
b9b6c8e90f30995598ab9252882b6e7bfe68361174d80d1b09bb34e24378764cSolaris in.telnetd 8.0 and prior remote exploit. A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This exploit has been tested against Solaris 7 & Solaris 8 (sparc).
8b1b9e7b12ccde64848ee3e68e52d71b897094c36e01d0c6aefb642d65d2014bSGI IRIX 6.5 /usr/sysadm/bin/runpriv local root exploit.
87ee2433cea6d25492bbf29d76ac2dddfffb1036915de7f4e24d87a028286cbeSCO Openserver 5.0.7 termsh exploit. 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguments, namely the [-o oadir] argument. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.
80848a38a842001ba4c5cb1a4aa2616cfde210738c9f9ac3f9e0ec9ee9fa8266SCO Unixware 7.1.3 ptrace local root exploit. SCO Unixware 7.1.3 kernel allows unprivileged users to debug binaries. The condition can be exploited by an attacker when he has execute permissions to a file which has the suid bit set.
5a1bb516b7d517521524776f7946fdb5d76fc8e72a5fbece7674002e32ad2a4eSCO Openserver 5.0.7 Netware Printing utilities exploit. Multiple buffer overflows exist in the handling of command line arguments in SCO Openserver Netware printing utils. EIP is overwritten after 997 bytes are supplied on the command line. The following binaries are installed setgid 'lp' as default and are vulnerable to this attack.
83a9ce0000e4291a949433b76dd8e4502dbf1c5dbe40d16fb8f14962865b2148SCO Openserver 5.0.7 enable exploit. A standard stack-overflow exists in the handling of command line arguments in the 'enable' binary. A user must be configured with the correct permissions to use the "enable" binary. SCO user documentation suggests "You can use the asroot(ADM) command. In order to grant a user the right to enable and disable tty devices". This exploit assumes you have those permissions.
817dbb560a816e2f79b66debcf45beb878184dc4c5bbaa5233467482a065771bExim versions 4.43-r2 and prior host_aton() local root exploit.
aebac98246454607fa35d16a81b2ca598ce612832413121e7c0d3f85eac98cf7Adabas D 13.01 (GNU/Linux & Win32) Multiple Vulns in WebApps including directory traversal and SQL injection.
693290f05e0b0840b9b91832cbcf89d077f7c7515d33a03cc02acc2ec5bf1135GNU/Linux adabas v1301 universal local root exploit. Standard stack overflow in the command line arguments of SUID root(default) clr_kernel & stop bins. The exploit calculates the value to use for return address.
ed833915fb367c22a24bae21eeb3b2964eb4dfac2a260b2bcaab81b34fb8697bCisco VPN Concentrator 3000 FTP remote exploit. A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands.
4a0105294cbe6f0ee0f0bf817086a0b2f875637c7acc2e15634b0a8695cb01d5AEP/Smartgate arbitrary file download exploit. A vulnerability exists in the smartgate SSL server (listens on port 443 by default) which may allow a malicious user to download arbitrary files with the privileges of the smartgate server.
458fcf07885e8ffe5f837843edcf30c3a17eb5e839951995e800bb8570220cd0HP-UX swmodify buffer overflow exploit. HP-UX 'swmodify' contains an exploitable stack overflow in the handling of command line arguements. Specifically the problem occurs due to insufficient bounds checking in the "-S" optional argument. 'swmodify' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
6b1717b21f6b056cf18126c41c392c3e1536cac16fd737bd04e4d45e08ff85deHP-UX swask format string local root exploit. HP-UX 'swask' contains an exploitable format string vulnerability. The 'swask' utility is installed setuid root by default. Specifically the vulnerability is in the handling of the "-s" optional argument which is passed to a format function as verbatim.
3023aa994493e76bd2f6ffff2ce173e8623eb8396ee93dd2faebae1841d15ffeHP-UX libc timezone environment overflow exploit. HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the localtime_r() and related functions. Any suid or sgid program which uses the timezone functions can be used as an attack vector. This exploit uses "su" to obtain root privileges.
34d846e3e0a8d4700592a69b16c25ca882966c58bb1de3a7e74d3cb507960e1aHP-UX swpackage buffer overflow exploit. HP-UX 'swpackage' contains an exploitable stack overflow in the handling of command line arguments. Specifically the problem occurs due to insufficient bounds checking in the "-S" optional argument. 'swpackage' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
02450b690464a6879577282db8258a809e36d37c3095b86ce73f246a5e8dae97INFIGO IS Security Advisory #INFIGO-2006-03-01 - After short research, a high-risk vulnerability was discovered in PeerCast Streaming server v0.1215 and lower. Unauthenticated remote users can send specially crafted request to the HTTP server that will cause stack overflow, what can be easily exploited for remote code execution. The problem is present in URL handling code.
c334b17bc91d38d44fffbe0e633dd84255953f426951b55f9564364c3c5337bdScore is an interactive shellcode that allows a user to work further with an exploited process. Designed for exploitation of Linux systems on x86.
f04cd91c321cff6cb5956c5d32f4877b06ebe3f28072ee5e9bf0708794928df0NetBSD versions 2.1 and below ptrace() local root exploit.
e206abdb40eb38c1a16aff4226d7394d290524b17f83c8baa92a4a7a2137452e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed