The enq program under AIX has an overflow that exists in the command line argument parsing. This exploit successfully utilizes the vulnerability to escalate privileges to egid=printq. Tested on AIX 4.3.3.
364890572f74686b8e21cb0e6b0164f7Hassan Consulting Shopping Cart Version 1.x remote exploit that will spawn a bash shell with the webserver uid.
0c9b6ff5a2d1c75542b248563046aebaXitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible.
c9e95f053b3bd9e85e7f9aa02c0229e7Packet Storm exploits for the year 2000!
7bedd7e8384f3097d270edc791c35532Packet Storm new exploits for December, 2000.
4a995818afd053d60e8f8e037299dc68Solaris Wu-ftpd wu-2.4(1) remote root exploit which uses the site exec format string vulnerability. Tuned for Solaris Sparc v2.8 w/ inetd.
5b9f482e6eddd637260d2044ba0d82d4Securax Security Advisory #13 - When someone telnets to a unix system, the tty that will be assigned to him will be writable for any user on the system. However, when he is logged in, his tty will not be writable for all users. So if someone would write data to a tty that is currently used by someone who's logging in, that person won't be able to log in. Includes ttywrite.c proof of concept code.
9d37a0bc617a164db82322ac5c30ad09Securax Security Advisory #11 - XFree86 Version 3.3.6 is vulnerable to a remote denial of service attack over tcp port 6000. The server can freeze if sent many characters, requiring a reboot to restore normal operation. Includes Linnuke.c proof of concept code.
546b45528635b7d5d9ef69e7e60982f27350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD.
eea111a6537ebd19799b49265f404dc8Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset.
463ce14557a462163782888e5d86681bExpect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application.
d4683a31e003e1d110fcc9fde5e5c203GnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0.
acd214c6042007d291a1c8f0fa829904Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here.
da8604330b6cf684127712d3e2938053Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2.
13f17ac2fd9c6293682ff867a2aeab1bKwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0.
dd5032ac157db74a06d24a992baca46cFancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1.
bd17ae6dbc38a3a95fecc60e731790d5Securax Security Advisory #12 - Apache 1.3.14 access_log and error_log can be altered somewhat by remote users if the site administrator reads the logs with cat or tail. Includes proof of concept code kosheen.c which attempts to display false values in a remote site's access_log and error_log.
c5379cf5ad7d982e2c0165fc0a40f0c6STonX v0.6.5 and v0.6.7 local root exploit. Tested on Slackware 7.0.
8a1770d7784c6541840ba4ee8c888446Linux xconq v7.4.1 local exploit - Gives a gid=games shell by exploiting the -L parameter. Tested on Slackware.
f418606627aaac0b33630928c6e7278dOpenBSD v2.6 and 2.7 ftpd remote root exploit.
851ecd7cde4ff528736a6f54e5ea9649SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL.
0ddf9677ef65b2ce004d04d7db4613deSolaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.
bdf08aefd1a27a54c4ac57903f9613a6The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection.
24fd66bf696abe31348a262c6e2961dcVoyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root.
f91a7c23eb0d6b0604a0fe4ff5e99b6cOmni httpd v2.07 and below remote denial of service exploit. Combines a shell script from sirius from buffer0vefl0w security with a bugtraq report from Valentin Perelogin.
03d46159c51df91d37b666c06e4d150c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed