A vulnerability exists in Oracle 8.1.5 for UN*X which may allow any user to obtain root privileges. Local root exploit shell script included.
ad79f85a2f2462a71ce9a19c67e37d8eExploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
0f740d5d2650f45cced8bb795dd24f8aNew exploits for November, 1999.
f629b0050c7ae079ed43a145aecd95d9Qpopper 3.0b remote root exploit, tested on tested on BSDI 3.0/4.0.1, FreeBSD 2.2.8/3.3, and Linux.
d28963af593f0c187463198b444dc788Seyon, shipped with FreeBSD 3.3-RELEASE has several vulnerabilities. The problem is that seyon is still installed setgid dialer in FreeBSD, allowing a local user can grant himself priviliges which allow access to anything that requires group dialer, including modem devices.
2f54629d95bd09a9dc0ca3cd68313e0f/usr/vmsys/bin/chkperm and /usr/sbin/arp can be used to read bin-owned files. Tested on Solaris 2.6 and 2.7, sparc edition.
daed3118565a7d11ce2f59ecc2d44bbfQpopper 3.0b remote exploit for x86 Linux (tested on RedHat/2.0.38). Exploits pop_msg buffer overflow to spawn a remote root shell. Vulnerability exists on all platforms running Qpopper 3.0 through version 3.0b20.
03fcbaed1b873b876e1ce3c55727f9a2The version of xmindpath shipped with FreeBSD 3.3 has a local buffer overflow. Exploit gives euid uucp.
e51b20f4ca162513b78b2e6e12b4366bThe version angband shipped with FreeBSD 3.3-RELEASE has a buffer overflow vulnerability. Exploit yields egid of group games.
b05fb48bc757f81e3d7d52d6e652c49dDelegate 5.9.0 remote exploit for FreeBSD 3.2.
f40ac4536d9619d5c6fe23a432e81056gdc exploit for gated-3.5.11 included on Freebsd-3.3 instalation CD yields euid=0(root). By default, only group wheel (or whatever your trusted gated group is) and root can run gdc.
d5e738cbc14458536092a4ecbf038004Netscape Communicator 4.x will allow javascript code in one netscape window to read data from another browser window, even if the two windows are pointed at different domains. Demonstration here.
fe188024ed8a0fd99a1daec34180a06cThere is a vulnerability in Oracle Web Listener where a resource can be accessed when is shouldn't be able to be accessed.
912d8d571296183ce54946db98af4bdcremote root exploit for Smail-3.2 (rpmmail). A vulnerability exists in the rpmmail package distributed on the Red Hat 6.0 Extra Applications CD. The potential compromise for this bug could be remote or local root or simply remote command execution as "nobody" or similar, depending on your system configuration.
5b8f7adbe5154a3dfa2b60abdfdc829dSymantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability. Example included.
eb91520100b44195cf2c486b42fae145The su command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed.
7d654f8aa7afbbaa6837abbc7b25cf08[w00giving '99 #6]: UnixWare 7's Xsco. Due to improper bounds checking, an overflow occurs when a lengthy argument (argv[1]) is passed. Because Xsco runs with superuser privileges, this can be exploited for elevated privileges.
ee32bbd26c4442e9c04c96fc12fdbd60[w00giving '99 #7]: UnixWare 7's xlock. The xlock command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed. Exploit by K2
cf50b9d6d44f9e3d0cea1fc39c18cec9Bindview Security Advisory: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR). Remote users can flood the ARP table and stop the processing of packets.
072c470a7177a9f055cb67eba1a91abdUssrLabs found a Local/Remote DoS Attack in BisonWare FTP Server V3.5. The buffer overflow is caused by a long user name, 2000 characters. Source / Binary for DoS attack here.
8e7b88c4be31f6623cb5265d9376ee13UssrLabs found a buffer overflow in WorldClient Server v2.0.0.0 where they do not use proper bounds checking on WorldClient TCP Port 2000. Denial of service exploit available.
e7cd861e30878a7551f4a0936bcc69a0O'Reilly's WebBoard software has some bugs with interesting possibilities. Vulnerabilities include unauthorized paging and arbitrary content insertion.
57c214f414c3aa6b12f8e56bedb4ab97The Oce 9400 plotter can be used as a telnet proxy in its default configuration.
2d6c33c066385626a16c508cefdc0c1dMultiple remote DoS vulnerabilities have been found in the MDaemon 2.8.5.0 server. Binary / Source for this MDaemon Server v2.8.5.0 Denial of Service here.
6e5f9fa57f03d986e57c7fa7ec0f307dSun Microsystems NetBeans (recently renamed to Forte') Java IDE includes an internal HTTP server to try Java code. When service is enabled for one machine, the HTTP server allows remote access to root and all subdirectories from any machine. Example included.
8f2240eb37f523f769dc94b0a1f1187f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed