Files from Suid ≈ Packet Storm

Channel: Files from Suid ≈ Packet Storm

ftp.conversions.txt

December 20, 1999, 1:52 pm

There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid ftp only acccount on a system may execute arbitrary commands (including binaries supplied...

View Article

002.txt

December 24, 1999, 3:31 am

SUID Advisory #2 - Exploit for ascend router bugs as per NAI advisory.

View Article

001_addendum.txt

December 24, 1999, 3:37 am

SUID Advisory #1 Addendum - Insecure FTP server conventions can lead to remote binary execution on a remote ftp server. Anonymous users or users with valid ftp access only accounts may also execute...

View Article

003.txt

December 24, 1999, 3:51 am

SUID Advisory #3 - multiple vulnerabilities with glftpd 1.17.2 and below. glFtpD has several problems which can lead to a remote attacker attaining root on your machine.

View Article

003_wp.txt

December 24, 1999, 3:51 am

Example attack transcript against glftpd. This attack was performed against a default install with a single user account added.

View Article

004.txt

February 17, 2000, 3:42 am

SUID Advisory #4 - BNBFORM.CGI. Any local user can create / append to / truncate any file owned by the web server user (nobody/apache/whatever).

View Article

005.txt

February 17, 2000, 3:48 pm

SUID Advisory #5 - DCFORMS98.CGI Advisory - Anyone can create / truncate any file owned by the web server user.

View Article

006.txt

February 25, 2000, 3:37 am

SUID Advisory #6 - form.cgi and message.cgi. Anyone can execute any command on the remote system with the priveleges of the web server.

View Article

007.txt

February 25, 2000, 2:59 pm

SUID Advisory #7 - Corel xconf utils local root (among others) vulnerability - Local users can take advantage of lack of input validation and the lack of privilege dropping to gain root access, read...

View Article

008.txt

February 25, 2000, 3:03 pm

SUID Advisory #8 - Corel Linux 1.0 dosemu distribution configuration. Local users can take advantage of a packaging and configuration error (which has been known and documented for a long time) to...

View Article

010.txt

February 28, 2000, 1:08 pm

SUID Advisory #10 - EZ Shopper 3.0 remote exploit. Anyone can execute any command on the remote system with the priveleges of the web server, and read any file on the remote system.

View Article

setxconf.sh

March 1, 2000, 3:52 pm

Corel xconf utils local root (among others) vulnerability.

View Article

dosemu.sh

March 1, 2000, 3:53 pm

Corel Linux dosemu config error. Local root compromise.

View Article

011.txt

May 16, 2000, 1:58 pm

SUID Advisory #11 - Matt Kruse Calandar Script. Remote users can execute arbitrary commands on the web server with the priviledge level of the httpd process.

View Article

calendar.pl.vuln

May 17, 2000, 3:23 pm

Remote users can execute arbitrary commands on the web server with the priviledge level of the httpd process.

View Article

setxconfxploit.c

June 18, 2000, 11:49 pm

SetXConf local root exploit for Corel linux v1.0 with xconf utils.

View Article

012.txt

August 2, 2000, 12:44 pm

Pgxconfig is a Raptor graphics card configuration tool for Solaris which has multiple local vulnerabilities. The environment is not sanitized and root privileges are not dropped, allowing commands to...

View Article