header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Mediahouse Statistics Server Buffer Overflow

The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code.

Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 Javascript URL Redirection Vulnerability

A malicious web site operator could design a web page that, when visited by an IE5 user, would read a local file from the victim host (or any file on the victim's network to which the victim has access) and send the contents of that file to a designated remote location. Under normal circumstances, javascript received from a non-local 'security zone' is not allowed to perform such actions against files on the local host. In this instance, however, the IE5 browser has been fooled (via http redirect to javascript) into thinking that the Javascript should execute under the security context of the local host's security zone as the javascript was requested from a browser displaying the local file.

OpenLink 3.2 Remote Buffer Overflow Vulnerability

OpenLink 3.2 is vulnerable to a remotely exploitable buffer overflow attack. The problem is in their web configuration utility, and is the result of an unchecked strcpy() call. The consequence is the execution of arbitrary code on the target host (running the configuration utility) with the priviliges of the web software. The exploit code is written in C and is designed to execute the /usr/bin/wall command on the target system.

Sendmail Daemon Mode Vulnerability

Sendmail is often run in daemon mode so that it can 'listen' for incoming mail connections on the standard SMTP networking port, usually port 25. The root user is the only user allowed to start sendmail this way, and sendmail contains code intended to enforce this restriction. Unfortunately, due to a coding error, sendmail can be invoked in daemon mode in a way that bypasses the built-in check. When the check is bypassed, any local user is able to start sendmail in daemon mode. In addition, as of version 8.7, sendmail will restart itself when it receives a SIGHUP signal. It does this restarting operation by re-executing itself using the exec(2) system call. Re-executing is done as the root user. By manipulating the sendmail environment, the user can then have sendmail execute an arbitrary program with root privileges.

Cray UNICOS 9.0/9.2/MAX 1.3/mk 1.5,AIX <= 4.2,Linux libc <= 5.2.18,RedHat 4.0,IRIX 6.2,Slackware 3.1 Natural Language Service (NLS) Vulnerability (2)

A buffer overflow condition affects libraries using the Natural Language Service (NLS). The NLS is the component of UNIX systems that provides facilities for customizing the natural language formatting for the system. It is possible to exploit this vulnerability to attain unauthorized access by supplying carefully crafted arguments to programs that are owned by a privileged user-id and that have setuid or setgid bits set.

libc.so NLS Vulnerability

A buffer overflow condition affects libraries using the Natural Language Service (NLS). The NLS is the component of UNIX systems that provides facilities for customizing the natural language formatting for the system. It is possible to exploit this vulnerability to attain unauthorized access by supplying carefully crafted arguments to programs that are owned by a privileged user-id and that have setuid or setgid bits set.

Buffer Overflow in suidperl

Several buffer overflows were found in the Perl helper application 'suidperl' or 'sperl'. When this program is installed setuid root the overflows may lead to a local root compromise. An exploit code is provided which uses a standard shellcode by Aleph One and trial and error loop to find the magic address.

LPR Argument Overflow Vulnerability

Due to insufficient bounds checking on arguments (in this case -C) which are supplied by users, it is possible to overwrite the internal stack space of the lpr program while it is executing. This can allow an intruder to cause lpr to execute arbitrary commands by supplying a carefully designed argument to lpr. These commands will be run with the privileges of the lpr program. When lpr is installed setuid or setgid, it may allow intruders to gain those privileges.

Recent Exploits: