corehttp version 0.5.3alpha remote buffer overflow exploit.
e98680cccb577b333592ef8e70b14717becc34ab537a7f4ffc2eb8a498ed7f3eWebdesproxy version 0.0.1 GET request remote buffer overflow exploit.
b4593daeaadd34df5f26b06cb70578506f21879079a0042b9fdaa860e501e97dnotepad++ version 4.1 ruby file processing buffer overflow exploit for win32.
a94c3b69ca7e1bf525c7e26b2d1417c794a90e1191e066b5bf7ec61ad95b93383proxy version 0.5.3g proxy.c logurl() remote buffer overflow exploit for win32. Binds a shell to tcp port 7979.
c01927dc7bdc5ec6906d1be1b4604e4dbc614e0b115fb9d2ad8570e7a9c45c3c3proxy version 0.5.3g proxy.c logurl() remote buffer overflow exploit for Linux. Can spawn a bind shell or launch connect-back code.
6c88fda037ba960a678b91b49e36f8dc08ef0d1a5e49878c3b716503bd53e1ffiDefense Security Advisory 03.02.06 - Local exploitation of a design error in version 10.3.9 of Apple Computer Inc.'s Mac OS X could allow arbitrary files to be overwritten with user supplied contents. iDefense has confirmed the existence of this vulnerability in Mac OS X Version 10.3.9. In addition, the following versions been confirmed by the vendor to be vulnerable: Mac OS X Server Version 10.3.9, Mac OS X Version 10.4.5, Mac OS X Server Version 10.4.5.
e7446b72dec9077789ffe0797d1ef378c8198f6cc646387674d5f7e0a5fc95b1/usr/bin/passwd local root exploit for Mac OS X.
97197ddd5e524ee50e986acb2ca1a3f44536133ef892db8bacad5ac7477cfb1ciDEFENSE Security Advisory 11.11.05 - Remote exploitation of a command injection vulnerability in various vendors' implementations of Lynx could allow attackers to execute arbitrary commands with the privileges of the underlying user. The problem specifically exists within the feature to execute local cgi-bin programs via the lynxcgi: URI handler. The handler is generally intended to be restricted to a specific directory or program(s). However, due to a configuration error on multiple platforms, the default settings allow for arbitrary websites to specify commands to run as the user running Lynx. iDEFENSE has confirmed the existence of this vulnerability in the latest stable release of Lynx, version 2.8.5. It is suspected that earlier versions are also affected.
b4e1e54bc83530521503bfe91f4bca692869b0c1e30589c117f27fa98dc41e55OpenVPN version 2.0.x contain a remotely exploitable format string bug in the processing of its command-line and configuration arguments.
ac9aae219661e250d8c14e1b49f62bdb7c92bc9fd23b145253ed6ab7f2d03578iDEFENSE Security Advisory - Local exploitation of a design error in Adobe Systems, Inc. Version Cue allows local attackers to gain root privileges. Version Cue includes a setuid root application named VCNative which is vulnerable to a symlink attack. The vulnerability specifically exists due to the use of predictable log file names. VCNative uses a format such as VCNative-[pid].log for the filename and stores the file in the current working directory. Attackers can easily predict the created filename and supply user-controlled data via the -host and - port options. A carefully supplied value can cause a crafted log file to be written. Crafted strings written to root-owned files can lead to arbitrary code execution with root privileges.
411dc375de7e880373b5415079f07e6ba80c1cdda2a6b6a1c38e1aa35c6407aciDEFENSE Security Advisory - Local exploitation of a design error in Adobe Systems, Inc. Version Cue allows local attackers to gain root privileges. Version Cue includes a setuid root application named VCNative which contains a design error that allows local attackers to gain root privileges. The vulnerability specifically exists due to an unchecked command line option parameter. The -lib command line option allows users to specify library bundles which allows for the introduction of arbitrary code in the context of a root owned process. The init function in a shared library is executed immediately upon loading. By utilizing the -lib argument to load a malicious library, local attackers can execute arbitrary code with root privileges.
4df7fce995e778869fe2e236a60a050ada95134690b5bfce30b5fc73c86389d1Ethereal versions 0.10.10 and below SMB dissector remote denial of service exploit. Tested on 0.9.4 and 0.10.10.
4bfdc3de77cde29503fcc4e4486eb5b7f814eb9ba623b7c983982dfc0e0ee4faTcpdump v3.8.x/3.9.1 remote infinite loop denial of service exploit which takes advantage of the isis_print() function by sending a GRE packet.
7715283f9e248b04a7f1186a37ab92696fba6aa192da993f47a8e4362a1c6bfaTcpdump v3.8.x and below remote denial of service exploit which causes tcpdump to go into an infinite loop when it processes an evil BGP packet. Works if TCP port 179 is not filtered.
ccc1ba68ec8e05ee151df0dc0455d51be29ffeac87519d101d1ec5c6ec4d29f6Tcpdump v3.8.3 and below remote denial of service exploit which causes tcpdump to go into an infinite loop when it processes an evil LDP packet.
5d2ae4babb02e4a4cdaf59c68d9c308c703d7d0c5ae0c27f8ef1aab1b8401184Tcpdump v3.9.1 and below and Ethereal v0.10.10 and below remote denial of service exploit which takes advantage of a bug in rsvp_print().
55e3698692b58c34879b5f8ed2655d6e63f7b4f6346ba705a052758b7d96a384Local root exploit for /usr/bin/su on Mac OS X that makes use of the buffer overflow vulnerability discovered by iDefense using the CF_CHARSET_PATH environment variable.
3d4f65ef5c5787a4e22d1adaf440941026368d42080a9637123986b999b4dcbfThe Finder utility that Mac OSX uses to launch and manipulate files and applications fails to check for hard linked files before performing changes. This allows an unprivileged user the ability to overwrite files as root. Full exploit included.
607bf00b82581926e1ae755d2297dd135f36f47351d4a9b69559b86cf1ab5d89fkey version 0.0.2 local file accessibility exploit.
dfb6bbb2d3c62d255c655605b6d08045515378ba0ce5439df34cced8c6849b4aX-Chat versions 2.0.8 through 1.8.0 remote exploit that makes use of a buffer overflow in the SOCKS-5 proxy code. Successful exploitation binds a shell to port 7979.
2fee8170f90a051fd47c72f81150fec692e3bf4fac546c3cd394c69c90bc8001mpg123 v0.59r and 0.59s remote client-side heap corruption exploit that makes use of the overflow found in the readstring() function of httpget.c which does not limit the amount of data written to a buffer.
b966ec4b297ac556e11aa1acbd8b25b092385a2aa517c52977bb4f02b7484849Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
b5aacf67e2cc669521c50f42bfbef95f6b53a01cb43f9821666edea091b088aaNetscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
45425b31c5653367a2be481e0a94b8c8246a0daa793a65aa948c6610cf1e0058Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
edf0b8bc95b90258a45286fbaed4493dcce1e54f04943f7e2c6d5056bc37137aNetscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
14b6ef214c3e8d6da1516db0ef399a645466b853e422b3ae13aaffafb7d93911
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed