Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.
1dcb3778cf0666564820fc49425c8d2fSNAP Innovation's PrimeBase Database 4.2 employs a poor use of file creation and default file permissions that could allow a local attacker to gain administrative privileges.
dc4d382d3b5eee1b3d74c69cd6de596eFurther information and research in regards to the InterSystems Cache vulnerabilities discussed here. Two new vulnerabilities have been discovered and exploits are included.
d8d2308fa5893bf58ac73513ebf91311iDEFENSE Security Advisory 07.01.03: InterSystems Corp. Cache installs with insecure file and directory permissions, thereby allowing local attackers to gain root access by manipulating items in the main package tree. The vulnerability specifically exists because files and directories are open to all users for read, write, and execute operations.
a64a4be588901be55acb1feceb00d908SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
707baa4e52349edd821816a0181694feSolaris 2.8 patchadd local exploit. Takes advantage of a symlink vulnerability to clobber files with output from patchadd. Tested on Solaris 2.8 Sparc with the current patch cluster applied.
e82cc2d3f9571ccb3e3fc241ddaebb1aSolaris 2.7/2.8 /usr/bin/catman allows local users to clobber root owned files by symlinking temporary files. Includes catman-race.pl and ctman-race2.pl for proof of concept.
bdf08aefd1a27a54c4ac57903f9613a6Voyant Technologies Sonata Conferencing Software v3.x on Solaris 2.x comes with the setuid binary doroot which executes any command as root.
f91a7c23eb0d6b0604a0fe4ff5e99b6cVoyant Technologies Sonata Conferencing vulnerability report - Local and remote vulnerabilities have been found in both the Solaris and OS/2 hosts, including reused default passwords, poor file permissions, a lack of host hardening, account enumeration, and an insecure X console.
d2d7b6261f1ee36d5fcc4915ffb4d8c2PocketC program to dehash the admin password for FlowerFire's Sawmill 5.0.21 log analysis package. This has been written, compiled and tested on my palm IIIxe. Takes a few seconds since the hash is so weak.
98e6242c2dd9ed94e9992739771d78e1Sawmill 5.0.21 is a site log statistics package for UNIX, Windows and MacOS which has remote vulnerabilities. Any file on the system can be read, and password is stored with a weak hash algorithm and can be decrypted using the included C program. This is dangerous because the previous security hole will allow you to read the hash and decrypt the admin password.
95f24e0b8468ed474dad73b0c43d53cf/usr/local/games/xsoldier local root exploit. Tested under Mandrake 7.0.
ab4b2c944957a757a305a53df97f41aeOverflows the -position arg buffer in wmcdplay due to a bad sprintf call.
39c483ebee434226c7d9214e09d580c95 exploits for wmcdplay (A cd player designed for WindowMaker - Release 1.0 Beta1) Tested on Mandrake 7.0.
3cf6ace990d3090acd8dd556a16b0284Overflows the -l arg buffer in wmcdplay due to a bad sprintf call. Tested on Mandrake.
a2c8588ba1ab3eff35b1566532d99a8eWhat you don't know will hurt you - Remote information gathering. This paper outlines two models of information gathering . The first model is "noisy" where the attacker uses all known resources with little reguard for what footprints* might be left on the target. The second is "stealthy". Wherein the attacker uses methods and packages designed to subvert logging facilities on the target.
8c5d2cd4001ad4470133c36a43af996fNetgrep checks a range of hosts for a specific service and grabs the banner. Features the ability to send a string to the port, and the ability to grep through the banner.
81cfb6416e5efd114895fc6a49aa4c32The Oce 9400 plotter can be used as a telnet proxy in its default configuration.
2d6c33c066385626a16c508cefdc0c1dBroad Scan 0.6 something I wrote when I wanted to search my internal network for systems running certain services but didnt want to run a full blown portscanner. This allows you to scan an IP address range for a specific port.
1c44ab6c071b3dfd301d5f429202db36How to build a BSD firewall using ipfilter. Covers everything from kernel config to allowing traffic.
8db290dcfa35c0e52d7b2abaa54ab4e9
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed