Due to a flaw in the NtImpersonateClientOfPort Windows NT 4 system call, any local user on a machine is able to impersonate any other user on the machine, including LocalSystem. We have written a demonstration exploit which allows any user to spawn a cmd.exe window as LocalSystem. All Windows NT 4.0 systems up to and including SP6a are vulnerable.
1ff0cb5ad962f1a532acb051aa8b1243c8f84d3274a8fd975eedf2cc9d380959
Microsoft has released a patch for a security vulnerability in Windows NT which allows a user logged onto a Windows NT 4.0 machine from the keyboard to become an administrator on the machine. Microsoft FAQ about this issue here.
80b57dd0c49ff28e5d18314be12dc372f60ba413b1d8e135bbfcc646f1333b9a
RESTRICTING A RESTRICTED FTP - How to exploit common misconfigurations in wu-ftpd that allows usersi who may not have permission to login to execute arbitrary code on the FTP server.
43bd58be0b34b0860a305a158d415d0aef434ee84693ddc0a6bfd1b1a8a0472a
A practical vulnerability analysis (How The PcWeek crack was done).
5b0caddba18fc1cf57f100b5941b4cf7285e86c8efa5b46556d32dbe02b0543a
The IRIX setuid root binary midikeys can be used to read any file on the system using its gui interface. It can also be used to edit anyfile on the system.
03bb247d0172ed1737bba3d4e4230b04f38a9de92fd5b0752da235aba0b587e5
The 'recover' command in Solstice Backup (Sun's relabeled version of Legato Networker) on a Unix machine authorized to perform restore operations from the backup server can be used to by a normal user to restore any file accessible to the machine in a readable-to-them state (although it cannot be used to overwrite system files). This can be used to get your own copy of /etc/shadow for password cracking purposes.
2e259a1a7a110ea91a7f43f1a77dca658c78b5957225555efa344780d52d02ba
Vi uses /tmp insecurely on OpenBSD, FreeBSD and Debian. This has been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and 4.0-CURRENT (04.01.2000).
0a66d13e1b0672071fa86fd276e6f2033173b2a6646c37fc1fe6802cb098a9db
httptype reads a list of http hosts and optionally the port number for each of these. It queries each host, displaying the type of HTTP server running on that host, if any. It reads the http_proxy and no_proxy environment variables to determine whether to use a proxy or not. These options may also be specified through the command line.
7d5ca069e33181e1eb9cdaae0c48c8aced3d431278dedcaa9fa460b650f0cbb8