Inews (inn-2.2) local buffer overflow - provides a gid=news shell if /usr/bin/inews is SGID. Includes perl script to find the offset.
b6fc73939a2932fcb984c5650ed44060c75fc8ec9c6504577440ac635fc07b5b
Wu-Ftpd 2.6.0 remote root exploit. Account is not required, anonymous access is enough. Tested against Redhat 6.2, Suse 6.3 and 6.4, FreeBSD 3.4-STABLE, FreeBSD 3.4-RELEASE, and FreeBSD 4.0-RELEASE. Slightly broken to prevent kids usage.
dbfc37071494eec603b6a8d65a08f55496b09fa218a4e46efacbd9e961e775fd
AOL Instant Messenger remote dos exploit. Sending certain filenames to another user causes the remote AIM to crash. Only effective against Windows 2000 Professional, 95/98/98se are safe.
1cad1df77589869a5e59031994e58a15998dede13c76de3e4519117b8416a393
This will cause Argosoft Mail Server 1.0.0.2 to page fault if the finger daemon is running.
e01d95a6d4d2b309e2c61d3c09e2f8620c89e655c56fb4ad2cdf23408434bf3f
A buffer overflow exists in iMesh 1.02 that allows the execution of arbitrary code. When the iMesh client connects to a server, the server is able to exploit the vulnerability and execute arbitrary code on the system the client is running on.
e17197918b7dfd84c2c0a16f3423027c7159f2121709d674836753908335652a
HP1 advisory - /usr/share/lkm/test/testsyscall.c for *BSD is vulnerable to a buffer overflow attack. When testsyscall is running via inetd, remote users can execute arbitrary commands. Includes problem discussion and exploit code.
224706259258908584a204bc34ac7d262798b04010de5d56197521e3123dd95c
Delphis Consulting Plc Security Team Advisory DST2K0018 - WebBBS HTTP Server v1.15 under Windows NT contains remotely exploitable buffer overflow vulnerabilities.
383785cd41cf7c6f787ba8c334cf62949e753093990335612bc043a522725bef
Novell Netware servers running Panda Antivirus allows attackers to run any command on a Netware console. By connecting to tcp port 2001, any Netware command can be executed with the CMD command.
aad9dfec4a844bfbe79f4e408d6d4c826689881644ed1413549f6b849935f2f1
The Netscape Professional Services FTP server contains several remote vulnerabilities which are easily exploited. Any file on the system can be downloaded / uploaded, users can overwrite each other files via LDAP, and LDAP passwords can be read remotely.
f5e86ccfbc1b2c198c0392fd914db9654935e689b9c821c6cc048bdbf3fc3fad
MailStudio2000 v2.0 and below userreg.cgi exploit - Executes arbitrary commands on remote host as root.mail.
095872ca533dfd3c5443df88fb3daab10038263b301956bf03770b5a5ac72928
SetXConf local root exploit for Corel linux v1.0 with xconf utils.
db447881a66d9c741450d6d7e316b1bb4edd263812be29422ab468e0194719f4
Majordomo local exploit for Suse 6.0 and 6.3. Tested against Majordomo Wrapper <= v1.94.5.
312f4fcbf45535494f8a44755293ca6e8bc7842547f4c8e7aa00445f3d859041
Pine v4.10-21 local buffer overflow - drops a gid=mail shell if /usr/bin/pine is SGID. Tested on Debian slink2.1.
7764b61d5684322567f4c2b7d67debaf0db0e2c30bbcecd3de3c2f2533e14b92
Wmnetmon v0.2 buffer overflow exploit for Linux - Provides a euid=0 shell provided /usr/X11R6/bin/wmnetmon is suid root, as it is by default. Includes perl script to try all offsets.
86bef23e564b83a03659996407371bf9b0c8902fe578e15b80db3ca10affd2eb
inndx: innd remote 'news' user/group exploit. Tested on innd-2.2.2-3 default installation on RedHat 6.2.
40a254fd6187f80b20f5181e8ee23d738cce908dc6782c0452d8dc9564f32a3f
Microsoft Access Databases are not afforded "Macro execution protection" in the manner of Word/Excel/Powerpoint documents. Attackers can insert trojan VBA code into MS Access documents to execute arbitrary commands on the remote machine.
ee125bfb149060be352ecd18f260d1726c1e1597e5a2002b8d947d29c66cb513
Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.
dc0c845f36c1df20329e24792344d24bc446161aac536e31bd3e8e9f4f21f5c7
Remote Denial of Service for Mercur 3.2 allows any remote user to shut down the server.
1690ffae3274ca28e04e7f58873add187369c0fbf6c03ecfca0f74620e800cff
Proof of concept exploit for the "Remote Registry Access Authentication" vulnerability in Windows NT 4.0 which was described in ms00-040 which allows a user of the local network to crash winlogon.exe remotely.
0d522a59742b3cab17ef2324689d032e9e785a15ab459d5668296905d6083e0f
Solaris 2.x through v8 contains an exploitable local root buffer overflow vulnerability in ufsrestore. Exploit code included and tested on Solaris 8 sun4u.
9eccd7930a0be561b50a1d53fe6f55348b0d0226d0e0e377512167e9747f432d
Splitvt 1.6.3 local root buffer overflow exploit - Tested on Debian. Includes lots of cool dubugging captures from gdb explaining what is going on.
1c165f96640daf61e31a962255839951c5bc33f52d8efa132b5f781b747f5d08
Remote vulnerabilities in GSSFTP daemon - A remote attacker can preform denial of service attacks, and local users can get root access. Source distributions which may contain vulnerable code include MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1, while MIT Kerberos 5 releases krb5-1.0.x is not vulnerable.
1a2c3ea6b342adf0bc8373cd79e7c97b12b37dbc7002b216a38079705be27cc1
rip.c is a local exploit for the dump package version 0.3-14 and 0.4b13 (restore binary). Tested against linux, gives a UID=0 shell on 2.2.16, GID=0 on 2.2.15 and below.
8d54e411ea387b466577cd77afc89cd9c0b0bdeab57ec369fdba47baf3a580b8
S0ftpj Security Advisory SPJ-004-000 - Multiple remote CGI vulnerabilities in MailStudio2000. Users can view any file on the system, as well as execute commands remotely as root. Major search engines can be used to locate vulnerable hosts. Exploit descriptions included.
6550727efc6ec1b93efcd6c291fe46eb0b814d183be7bc7774db23d9d629e939
Cold Fusion 4.5.1 remote dos attack - sends a very long password, crashing the server.
0b5a9e596dbd2833a0b03573a26e83f6d337941402dc05d7f9f0a61b76ea5f58