The ht://dig web content search engine for Unix platforms allows for file inclusion from configuration files. An attacker can specify any file for inclusion into a variable, leading to arbitrary file inclusion vulnerabilities.
This script creates a crafted WAV file which leads the application to crash (DoS).
This is a DLL, which gets injected into the server exe. The engine strips bytes >127, '%', and '�' before it overflows, so you will need encoded shellcode and an EIP which doesn't contain any of these characters.
By passing a command line option, an attacker can execute arbitrary commands with group 'kmem' privileges in the ascpu and asmon ports to FreeBSD.
The Windows Autorun feature allows an executable and an icon to be specified for any removable media. However, it can also be abused on fixed and networked drives. Any user with write access to the root of a logical drive can install an executable and specify it in an autorun.inf file. When the drive is accessed later, the code will run with the privileges of the logged-in user, potentially enabling privilege escalation attacks.
The ARCserve agent in SCO Unixware 7 has a vulnerability that allows any user on the system to replace files created by the asagent program in /tmp with symlinks. This can be exploited to create files anywhere on the filesystem owned by root. The contents of the new file are stored in /usr/CYEagent/agent.cfg, which is world writable.
Appending "%00" to the end of a CGI script filename allows a remote client to view the full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. This vulnerability can be exploited by accessing the script through a URL like "http://target/script.cgi%00". The "%00" can be replaced with "%G0", "%W0", "%EW", "%FG", "%UW", or "%VG" to achieve the same results.
When an NT user uses the Recycle Bin for the first time on a given partition, a folder is created in the Recycler folder on that partition with the name of the new folder set to the user's SID. When this happens, appropriate permissions are set to prevent other users from accessing files in that folder. However, if that folder does not yet exist, a local attacker can create it, set arbitrary permissions, and then later access any files deleted by the user. The files themselves will retain their original permissions, but if the attacker gives him/herself Full Access to the user's Recycler folder they can overwrite files with arbitrary content.This vulnerability only applies to NTFS partitions, as there is no local access control on any files on a FAT partition.
The exploit takes advantage of unchecked buffers in the code that handles certain commands in Tiny FTPd. By exploiting these overflows, an attacker can overwrite the stack and execute arbitrary code. This specific exploit uses the STOR overflow to create a registry key and entry that modifies IE's security settings. The exploit then starts IE and loads a webpage that triggers the execution of ActiveX code.
Microsoft's Java Virtual Machine allows a remote Java application to read local file information in two ways. The first method is using the getSystemResourceAsStream() function, which requires specifying the filename and restricts the file to certain paths. The second method is using the getSystemResource() function, which accepts the '../' string in the pathname, allowing access to any file on the same drive as the Java installation.
Services By CQR