Highest Voted 'exploit' Questions - Server Fault Stack Exchange

3

votes

2 answers

Giving other users write access to apache logs can result in root exploit - How does this work?

On http://httpd.apache.org/docs/2.2/logs.html Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root. Do NOT give people write…

asked Dec 20 '11 at 19:18

Gabe Martin-Dempesy

410
6
11

3

votes

2 answers

Securing Webservers

I was reading an article about a recent website (astalavista.com) that was hacked. The perpetrator wrote down how he did it: http://pastebin.com/f751e9f5b What can we learn from this to better secure web servers? One of the things that puzzled me: …

security website exploit hacking

asked Jun 05 '09 at 19:33

Unknown

1,685
6
20
27

3

votes

5 answers

Scanning website for vulnerablities

I have found that the local school's website installed a Perl Calendar - this was years ago, it has not been used for ages, but Google has it indexed (which is how I found it) and it full of Viagra links and the like ... program was by Matt Kruse,…

security exploit vulnerabilities

asked Mar 19 '10 at 15:01

Kristen

187
8

2

votes

2 answers

What happens if you have user collisions between a Linux system and an LDAP server?

I have an (Open)LDAP Server running on a Debian system inside my LAN, and multiple systems running Linux Mint, configured as LDAP Clients. Here is the content of my /etc/nsswitch.conf: passwd: compat ldap group: compat ldap shadow: …

openldap user-accounts exploit

asked Jul 01 '19 at 12:40

Radu Marinescu

47
7

2

votes

2 answers

How to protect my server from CVE-2019-10149 - Exim - patched or unpatched - How to reject mail to RCPT ${run

In reference to the recently publicized Exim vulnerability CVE-2019-10149, I am running supposedly patched Exim v. 4.90_1 (built June 4th, 2019) on Ubuntu 18.04.2 LTS. Although it is supposedly patched, according to Canonical, I'm getting a lot of…

ubuntu exim exploit test vulnerability

asked Jun 13 '19 at 01:37

jdmayfield

281
3
13

2

votes

1 answer

DSquery on AD share leaking company infomation

Today i found DSquery on one of my smb shares at work. I ran it to query users and since my company uses IC numbers as the unique CN, i got to see all my colleagues ICs which is a breach of personal information already. Firstly, is this considered a…

windows active-directory domain-controller exploit vulnerability

asked May 02 '17 at 22:04

jia chen

121
1

2

votes

1 answer

what server functions are affected by the GHOST vulnerability?

CVE-2015-0235, aka "GHOST", is a buffer overflow in glibc. It specifically affects the gethostbyname functions, which are apparently obsolete but still in use. Obviously the best option is to update ASAP, but glibc requires reboot. For some servers,…

exploit glibc

asked Jan 27 '15 at 23:25

Foo Bar

161
8

2

votes

1 answer

What sort of attack URL is this?

I set up a website with my own custom PHP code. It appears that people from places like Ukraine are trying to hack it. They're trying a bunch of odd accesses, seemingly to detect what PHP files I've got. They've discovered that I have PHP files…

php http website exploit attacks

asked Nov 03 '12 at 22:21

Asker

41
1
3

2

votes

2 answers

Is there any risks by using cat to read a value from a untrusted file

I need to get a variable value by reading from user uploaded text file. I am doing from a system's script: resourceVersion=`cat userFile.txt` mkdir $resourceVersion ... Can the content of this file harm the system in any way when I do later use of…

linux security exploit vulnerabilities

asked Jul 22 '12 at 19:59

Johnny Everson

115
1
7

2

votes

1 answer

Applying memory limits to screen sessions

You can set memory usage limits for standard Linux applications in: /etc/security/limits.conf Unfortunately, I previously thought these limits only apply to user applications and not system services. This means that users can by bypass their limits…

linux memory gnu-screen exploit

asked Apr 05 '12 at 17:55

xikkub

149
1
9

2

votes

2 answers

Exploit in translators.html of phpMyAdmin

Is there an exploit in the translators.html file of phpMyAdmin? The reason I ask is I have Bad Behavior installed on a server, and that server has a web app that the main index.php ends up handling 404 requests on it, so requests for this file at…

exploit

asked Mar 01 '12 at 19:09

MiquelFire

23
5

2

votes

2 answers

Simple working example of a Man-in-the-Middle attack?

I'm trying to research and patch a TLS renegotiation exploit which makes a website vulnerable to Man-in-the-Middle attacks. However, I don't understand how the attack occurs exactly and feel like a simple working example would help. How does an…

tls exploit man-in-the-middle

asked Jun 21 '11 at 19:29

Socrates

23
3

2

votes

2 answers

Ubuntu Server hack

I looked at netstat and I noticed that someone besides me is connected to the server by ssh. I looked after this because my user has the only one ssh access. I found this in an ftp user .bash_history file: w uname -a ls -a sudo su wget…

linux ubuntu hacking exploit

asked Feb 28 '11 at 23:09

haxpanel

2

votes

1 answer

What is the EGG environment variable?

A user on our (openSuSE) linux systems attempted to run sudo, and triggered an alert. He has the environment variable EGG set - EGG=UH211åH1ÒH»ÿ/bin/shHÁSH211çH1ÀPWH211æ°;^O^Ej^A_j

linux security shell exploit

asked Feb 17 '11 at 22:26

Randall

329
2
18

2

votes

1 answer

Linux 64b dangerous kernel exploit

Many of you know the recent and dangerous kernel exploit CVE-2010-3081. See /. What is the actual risk for a server? Do we have to patch urgently all systems? Or, since it seems only a local user may gain root access, standalone servers are pretty…

linux kernel exploit

asked Sep 23 '10 at 06:31

Déjà vu

5,546
9
36
55

Prev 1

2

3 4 5 Next

Questions tagged [exploit]