Menu

Search for hundreds of thousands of exploits

"Solaris 2.6/7.0 - IN.FTPD CWD 'Username' Enumeration"

Author

Exploit author

"Johnny Cyberpunk"

Platform

Exploit platform

solaris

Release date

Exploit published date

2001-04-11

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
source: https://www.securityfocus.com/bid/2564/info

Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is a versatile operating system designed for use with machines as small as desktop systems and as large as enterprise systems.

A problem with the ftp daemon included with the Solaris Operating Environment could allow remote users to gain access to names of valid user accounts. Prior to logging in, while in.ftpd is still negotiating the session, it is possible to present a request for a change of working directory (CWD) to the ftp daemon. If the account is valid, the daemon will issue a request for login and password. If not, the daemon returns an error message stating that the login name is not valid.

Therefore, it is possible for a remote user to gather the names of local users on a Solaris system with ftp services. This may lead to spamming, or further compromise. 

nc vulnerable.host 21
220 gsmms0 FTP server (SunOS 5.6) ready.
cwd ~netadm
530 Please login with USER and PASS.
cwd ~xyz
530 Please login with USER and PASS.
550 Unknown user name after ~
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-04-21 "Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation" local solaris "Marco Ivaldi"
2019-10-21 "Solaris 11.4 - xscreensaver Privilege Escalation" local solaris "Marco Ivaldi"
2019-10-16 "Solaris xscreensaver 11.4 - Privilege Escalation" local solaris "Marco Ivaldi"
2019-05-20 "Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)" local solaris "Marco Ivaldi"
2019-05-20 "Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation" local solaris "Marco Ivaldi"
2019-05-20 "Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)" local solaris "Marco Ivaldi"
2019-01-14 "xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)" local solaris "Marco Ivaldi"
2018-10-16 "Solaris - RSH Stack Clash Privilege Escalation (Metasploit)" local solaris Metasploit
2018-09-25 "Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)" local solaris Metasploit
2018-09-18 "Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)" local solaris Metasploit
Release Date Title Type Platform Author
2004-04-21 "Microsoft IIS 5.0 - SSL Remote Buffer Overflow (MS04-011)" remote windows "Johnny Cyberpunk"
2004-02-27 "IPSwitch IMail LDAP Daemon/Service - Remote Buffer Overflow" remote windows "Johnny Cyberpunk"
2003-08-25 "Real Server 7/8/9 (Windows / Linux) - Remote Code Execution" remote multiple "Johnny Cyberpunk"
2003-04-30 "RealServer < 8.0.2 (Windows Platforms) - Remote Overflow" remote windows "Johnny Cyberpunk"
2001-04-11 "Solaris 2.6/7.0 - IN.FTPD CWD 'Username' Enumeration" remote solaris "Johnny Cyberpunk" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected