Inews (inn-2.2) local buffer overflow - provides a gid=news shell if /usr/bin/inews is SGID. Includes perl script to find the offset.
b6fc73939a2932fcb984c5650ed44060c75fc8ec9c6504577440ac635fc07b5bWu-Ftpd 2.6.0 remote root exploit. Account is not required, anonymous access is enough. Tested against Redhat 6.2, Suse 6.3 and 6.4, FreeBSD 3.4-STABLE, FreeBSD 3.4-RELEASE, and FreeBSD 4.0-RELEASE. Slightly broken to prevent kids usage.
dbfc37071494eec603b6a8d65a08f55496b09fa218a4e46efacbd9e961e775fdAOL Instant Messenger remote dos exploit. Sending certain filenames to another user causes the remote AIM to crash. Only effective against Windows 2000 Professional, 95/98/98se are safe.
1cad1df77589869a5e59031994e58a15998dede13c76de3e4519117b8416a393This will cause Argosoft Mail Server 1.0.0.2 to page fault if the finger daemon is running.
e01d95a6d4d2b309e2c61d3c09e2f8620c89e655c56fb4ad2cdf23408434bf3fA buffer overflow exists in iMesh 1.02 that allows the execution of arbitrary code. When the iMesh client connects to a server, the server is able to exploit the vulnerability and execute arbitrary code on the system the client is running on.
e17197918b7dfd84c2c0a16f3423027c7159f2121709d674836753908335652aHP1 advisory - /usr/share/lkm/test/testsyscall.c for *BSD is vulnerable to a buffer overflow attack. When testsyscall is running via inetd, remote users can execute arbitrary commands. Includes problem discussion and exploit code.
224706259258908584a204bc34ac7d262798b04010de5d56197521e3123dd95cDelphis Consulting Plc Security Team Advisory DST2K0018 - WebBBS HTTP Server v1.15 under Windows NT contains remotely exploitable buffer overflow vulnerabilities.
383785cd41cf7c6f787ba8c334cf62949e753093990335612bc043a522725befNovell Netware servers running Panda Antivirus allows attackers to run any command on a Netware console. By connecting to tcp port 2001, any Netware command can be executed with the CMD command.
aad9dfec4a844bfbe79f4e408d6d4c826689881644ed1413549f6b849935f2f1The Netscape Professional Services FTP server contains several remote vulnerabilities which are easily exploited. Any file on the system can be downloaded / uploaded, users can overwrite each other files via LDAP, and LDAP passwords can be read remotely.
f5e86ccfbc1b2c198c0392fd914db9654935e689b9c821c6cc048bdbf3fc3fadMailStudio2000 v2.0 and below userreg.cgi exploit - Executes arbitrary commands on remote host as root.mail.
095872ca533dfd3c5443df88fb3daab10038263b301956bf03770b5a5ac72928SetXConf local root exploit for Corel linux v1.0 with xconf utils.
db447881a66d9c741450d6d7e316b1bb4edd263812be29422ab468e0194719f4Majordomo local exploit for Suse 6.0 and 6.3. Tested against Majordomo Wrapper <= v1.94.5.
312f4fcbf45535494f8a44755293ca6e8bc7842547f4c8e7aa00445f3d859041Pine v4.10-21 local buffer overflow - drops a gid=mail shell if /usr/bin/pine is SGID. Tested on Debian slink2.1.
7764b61d5684322567f4c2b7d67debaf0db0e2c30bbcecd3de3c2f2533e14b92Wmnetmon v0.2 buffer overflow exploit for Linux - Provides a euid=0 shell provided /usr/X11R6/bin/wmnetmon is suid root, as it is by default. Includes perl script to try all offsets.
86bef23e564b83a03659996407371bf9b0c8902fe578e15b80db3ca10affd2ebinndx: innd remote 'news' user/group exploit. Tested on innd-2.2.2-3 default installation on RedHat 6.2.
40a254fd6187f80b20f5181e8ee23d738cce908dc6782c0452d8dc9564f32a3fMicrosoft Access Databases are not afforded "Macro execution protection" in the manner of Word/Excel/Powerpoint documents. Attackers can insert trojan VBA code into MS Access documents to execute arbitrary commands on the remote machine.
ee125bfb149060be352ecd18f260d1726c1e1597e5a2002b8d947d29c66cb513Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.
dc0c845f36c1df20329e24792344d24bc446161aac536e31bd3e8e9f4f21f5c7Remote Denial of Service for Mercur 3.2 allows any remote user to shut down the server.
1690ffae3274ca28e04e7f58873add187369c0fbf6c03ecfca0f74620e800cffProof of concept exploit for the "Remote Registry Access Authentication" vulnerability in Windows NT 4.0 which was described in ms00-040 which allows a user of the local network to crash winlogon.exe remotely.
0d522a59742b3cab17ef2324689d032e9e785a15ab459d5668296905d6083e0fSolaris 2.x through v8 contains an exploitable local root buffer overflow vulnerability in ufsrestore. Exploit code included and tested on Solaris 8 sun4u.
9eccd7930a0be561b50a1d53fe6f55348b0d0226d0e0e377512167e9747f432dSplitvt 1.6.3 local root buffer overflow exploit - Tested on Debian. Includes lots of cool dubugging captures from gdb explaining what is going on.
1c165f96640daf61e31a962255839951c5bc33f52d8efa132b5f781b747f5d08Remote vulnerabilities in GSSFTP daemon - A remote attacker can preform denial of service attacks, and local users can get root access. Source distributions which may contain vulnerable code include MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1, while MIT Kerberos 5 releases krb5-1.0.x is not vulnerable.
1a2c3ea6b342adf0bc8373cd79e7c97b12b37dbc7002b216a38079705be27cc1rip.c is a local exploit for the dump package version 0.3-14 and 0.4b13 (restore binary). Tested against linux, gives a UID=0 shell on 2.2.16, GID=0 on 2.2.15 and below.
8d54e411ea387b466577cd77afc89cd9c0b0bdeab57ec369fdba47baf3a580b8S0ftpj Security Advisory SPJ-004-000 - Multiple remote CGI vulnerabilities in MailStudio2000. Users can view any file on the system, as well as execute commands remotely as root. Major search engines can be used to locate vulnerable hosts. Exploit descriptions included.
6550727efc6ec1b93efcd6c291fe46eb0b814d183be7bc7774db23d9d629e939Cold Fusion 4.5.1 remote dos attack - sends a very long password, crashing the server.
0b5a9e596dbd2833a0b03573a26e83f6d337941402dc05d7f9f0a61b76ea5f58
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed