Menu

Search for hundreds of thousands of exploits

"NetBSD 1.x - 'TalkD' User Validation"

Author

Exploit author

"Tekno pHReak"

Platform

Exploit platform

netbsd_x86

Release date

Exploit published date

2002-04-03

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
source: https://www.securityfocus.com/bid/4419/info

talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely.

talkd does not perform adequate validation of users making talk requests. As a result, it is possible for an attacker to spoof users during a talk session.

This problem is exploitable remotely or locally and may aid an attacker in social engineering attacks.

A malicious version of the NetBSD talkd component was used to exploit this issue, so it can be assumed that NetBSD is affected by this issue. However, talkd ships as a core component for a number of Linux and Unix variants and is independently maintained by the various distributions, so it is highly probable that many other operating systems are affected by this vulnerability. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/21364.tar.gz
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2017-06-28 "NetBSD - 'Stack Clash' (PoC)" dos netbsd_x86 "Qualys Corporation"
2016-09-15 "NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)" local netbsd_x86 Metasploit
2010-05-18 "NetBSD 5.0 - Hack PATH Environment Overflow (PoC)" dos netbsd_x86 JMIT
2010-05-18 "NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)" dos netbsd_x86 JMIT
2006-12-01 "NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow" dos netbsd_x86 kcope
2002-04-03 "NetBSD 1.x - 'TalkD' User Validation" remote netbsd_x86 "Tekno pHReak"
1998-06-27 "NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File" local netbsd_x86 Gutierrez
Release Date Title Type Platform Author
2002-04-03 "NetBSD 1.x - 'TalkD' User Validation" remote netbsd_x86 "Tekno pHReak"
2002-01-18 "Netopia Timbuktu Pro for Macintosh 6.0.1 - Denial of Service" dos osx "Tekno pHReak" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected