Menu

Search for hundreds of thousands of exploits

"NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File"

Author

Exploit author

Gutierrez

Platform

Exploit platform

netbsd_x86

Release date

Exploit published date

1998-06-27

Download file

1
2
3
4
5
6
7
8
9
source: https://www.securityfocus.com/bid/331/info

A vulnerability exists in NetBSD version 1.3.2 and lower, and Silicon Graphics Inc's IRIX versions 6.2, 6.3, 6.4, 6.5 and 6.5.1. The at(1) program can be supplied with a -f flag, and an error is access validation can result in the mailing of portions of unreadable files to any user who can run at.

At uses seteuid to set the appropriate user id to run under. However, it incorrectly sets its real and effective uid to 0 prior to opening the filename passed to the -f flag. This allows any user to read any file on the filesystem. 

$ at -f /etc/shadow now + 1 minute

This will mail back a portion of the shadow file to the user.
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2017-06-28 "NetBSD - 'Stack Clash' (PoC)" dos netbsd_x86 "Qualys Corporation"
2016-09-15 "NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)" local netbsd_x86 Metasploit
2010-05-18 "NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)" dos netbsd_x86 JMIT
2010-05-18 "NetBSD 5.0 - Hack PATH Environment Overflow (PoC)" dos netbsd_x86 JMIT
2006-12-01 "NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow" dos netbsd_x86 kcope
2002-04-03 "NetBSD 1.x - 'TalkD' User Validation" remote netbsd_x86 "Tekno pHReak"
1998-06-27 "NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File" local netbsd_x86 Gutierrez
Release Date Title Type Platform Author
1998-06-27 "NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File" local netbsd_x86 Gutierrez 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected