ChiTeX, the utility used to put Chinese Big5 codes in TeX/LaTeX documents, contains two setuid root binaries that execute cat without using an explicit path allowing an attacker to easily gain root privileges.
f107ca1f74294149bd0cffe342b40ffeAlsaPlayer contains a buffer overflow that can be used for privileges elevation when this program is setuid. Tested on Red Hat 7.3 linux with alsaplayer-devel-0.99.71-1 . The overflow has been fixed in AlsaPlayer 0.99.71.
d3864c1d3454e61a8246fa4e1966ac8fThis exploit abuses a local buffer overflow in the Cisco VPN 5000 Linux client v5.1.5 close_tunnel binary to spawn a root shell.
7943a0a865858b090e32ef6d43864ca5Remote format string exploit for the nn news reader v6.6.4 and below. The vulnerability resides in the code that handles NNTP server responses.
cfa6fafc1e015c01220be42e3967e449Slrnpull '-d' buffer overflow exploit. Executes shellcode with group 'news' privileges. Tested to work on an Intel Red Hat 6.2 installation .
ddc9cde518d7a4282d6cb3248b448e48NN v6.6.3 and below remote format string exploit for FreeBSD. Malicious server owners can use this vulnerability to execute code on systems that are connected with affected clients. Fix available here.
78ff1b9819b8ec20612941f3cc93c67dMnews v1.22 remote FreeBSD buffer overflow exploit. Included shellcode prints a message to stdout.
af0bb3ff22ad5e1a333a167f65b448d8Safemode Security Advisory SRT2002-04-31-1159 - Several local and remote overflows have been found in the Mnews package v1.22 and below.
e3f34495c60d769a191a7a1f9a1bb544Local exploit for the Sendmail 8.12.3 and below flock denial of service vulnerability.
7cee23161ef73a980d225d0f55c73258This is Intel shellcode that does an execve of /bin/sh and works on OpenBSD, NetBSD, FreeBSD and Linux. More information can be found here.
a28a0e24b57adf4c96fab1c2f7fa0d72Linux and FreeBSD shellcode which reboots the machine. Info on Multi-OS shellcode here.
62e95ced7e94a55f604ad74c03c8cb47Linux and FreeBSD Multi-OS shellcode - Spawns a shell. Info on Multi-OS shellcode here.
a6da0f1272df3fcc1ab2a835d735d1dfRemote FreeBSD cURL exploit for versions 6.1 - 7.3. More info available here.
4049de1a59e4a9420e508eaab09daeb4Remote linux cURL exploit for versions 6.1 - 7.3. More info available here.
6f87b51db3d1aed1909d7807b92ba901This is encoded FreeBSD shellcode that binds /bin/sh to port 43690 (0xAAAA). The aim of encoding the shellcode is to obfuscate certain bytes in order to bypass IDS detection and buffer filtering.
1341bac2969a1a4f2fc5d4b384b1dbb3FreeBSD/Linux exploit for a buffer overflow in the snes9x Nintendo emulator. The linux shellcode works also on FreeBSD since snes9x runs on those systems with linux emulation.
ee8cdfcecd1260803c8ee253d0ae841fLinux x86 shellcode that does an execve of /bin/sh. This shellcode contains no slashes so it can bypass certain application filters and was originally written for a snes9x buffer overflow.
659b82a01b0065d6f401ecd5b04648a7Linux x86 shellcode that does a sync(),sync() and then reboot(). Exit() was added in case the previous syscalls fail.
0a26ad1e2875d80365feda5c94b4e552Linux x86 shellcode that does a rename() of /bin/motd to /bin/owned.txt.
5499694acd0e057779e2d16da4eca17aLinux x86 shellcode that does a reboot().
8886ed4f3f790a3b137bbdfe4747ca19Linux x86 shellcode that does an execve of /bin/sh /tmp/p00p.
b2968a28b71d272fefa7ea42f4985cb0Linux x86 shellcode that does an execve() of /sbin/iptables -F in order to flush activated firewall rules.
2350c4a496f943a61195c8b3902815a3Linux x86 shell code that does an execve of /sbin/ipchains -F.
5a35863112db6d06b1386db03e00e770Linux x86 shellcode that uses execve and echo >> to create a passwordless root account.
859ba00e8e5653952967ef43baabb02cLinux/x86 shell code that creates the directory 'hacked' (perm 755) using the mkdir() syscall and then does an exit().
8659140eb00bbef978fa1d3f6c64fad6
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed