suid

10 exploits Active since Dec 1999
CVE-2000-0693 EXPLOITDB shell WORKING POC
Raptor GFX - Command Injection
pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.
CVE-2000-0695 EXPLOITDB bash WORKING POC
Tech-source Raptor Gfx Pgx32 - Buffer Overflow
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
CVE-1999-0997 EXPLOITDB text WORKING POC
wu-ftp - Command Injection
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVE-2000-0038 EXPLOITDB text WORKING POC
glFtpD - Privilege Escalation
glFtpD includes a default glftpd user account with a default password and a UID of 0.
CVE-2000-0187 EXPLOITDB bash WORKING POC
EZShopper 3.0 - Path Traversal
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2000-0193 EXPLOITDB text WORKING POC
Corel Linux 1.0 - Privilege Escalation
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
CVE-2000-0194 EXPLOITDB text WORKING POC
Corel Linux - Local File Manipulation
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
CVE-2000-0195 EXPLOITDB text WORKING POC
Corel Linux - Privilege Escalation
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
CVE-2001-0022 EXPLOITDB html WORKING POC
simplestguest.cgi - RCE
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
CVE-2000-0432 EXPLOITDB text WORKING POC
Calendar Scripts - Command Injection
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.