/usr/lib/lp/bin/netpr local root exploit for solaris 2.7 sparc.
42804a60ccee0ff38e2034c12bae9526b37922c428d2be90116c6db81bd4a297
/usr/bin/lpstat local root exploit for solaris 2.7 sparc.
f574f9583c394a7e90cfff07d655736647312a0b4ecd08dfe92a8e17e9beb260
/usr/bin/lpset local root exploit for solaris 2.6 2.7 sparc.
3b6603f8b7294c980bf0bd6f0b70f0cdc92723df77ad98f6b6d1dd444e42215f
/bin/rdist local root exploit for solaris 2.4 2.5 2.5.1 sparc.
a3ef4e63ccd0ad817015b9f1034af3264d195ccd7ef708467eba1015a48f313e
/usr/lib/fs/ufs/ufsrestore local root exploit for solaris 2.5 2.5.1 2.6 sparc.
80467df9fca55b2f287adf6301e0f2398b11ef06b61616b6dc7f7caa4a2c78f0
/usr/openwin/bin/xsun local root exploit for solaris 2.6 2.7 sparc.
88c632fa3e55f9fc3d54eaae97573694c5c6322ebe5ccbab3ff94cc1b40fe54f
libc.so getopt() local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
3dd191705466a68f47701499f678fba580ad6bcfe6753bfebbc3b90a8bc511ea
libxt.so local root exploit for Solaris 2.4 2.5 2.5.1 sparc.
55abfd1c75e24c49bf488d00d73ad585ab162c84d3da7591e2d4a5b2c2c89645
/bin/passwd local root exploit for Solaris 2.5 / 2.5.1.
b12610ad2a8bcaab4c18eb86db41a0a628cf2cedbb337b7175c1aa6cd35d96de
/usr/dt/bin/dtprintinfo local root exploit for Solaris 2.6 / 2.7.
12fdb49dd2478724c987e7bdd270169964f613321f4174e0f2c6c4ebf2fbe8f4
Windows 2000 telnet server denial of service exploit.
4b4ac82588b827afa52230a5621bf5b7eff2d4b62e97dd799a095d1aa6e8cf1f
awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
7ad7a060484ff8053e615253a0723a73a32a083f94fe5194af600dcb8126a5e4
CIMcheck2.pl is an updated version of the CIMcheck.pl exploit checker for the Compaq Insight Manager root dot dot bug. Updates include: Fixed Errors and Better Input features. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file.
e61a8564d2ced7114295c1a3afdbb9445be64ee4696516061c8a0e67388605de
This script is an exploit that is an addendum to ID 170 in the Bugtraq database. ID 170 lists several Oracle setuid executables but does not offer any exploit information. This code exploits the cmctl command by violating its trust in the integrity of the ORACLE_HOME and ORA_HOME environment variables. When the command "cmctl start cmadmin" is executed, it looks under the ORACLE_HOME\bin directory and attempts to execute cmadmin. The ORACLE_HOME variable can be modified to create a change in the path of execution.
baabf3683d5e3e05e4139396752c7d9eb51dcf6e6f61509565b5d8a451188910
DoS exploit vulnerability test script. Affected: vqServer 1.4.49. There is a DoS possible in vqServer 1.4.49 if the remote host gets a GET command with approx 65000 chars in it.
7a038f9c1d82043dbb38f1bf6f9f86650e691e4dc79a2af2c543f50c111502ea
Client Agent 6.62 for Unix Vulnerability, Tested on a Debian 2.2.14, Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Client Agent is used with ARCserveIT, the safe software. It must be installed on all the workstations. A global configuration file agent.cfg keep every sub-agents installed on your system. This file is in /usr/CYEagent, and receive the information from the sub-agent when the script /opt/uagent/uagensetup is run.
1daaedd6f40ccb604880096f68d1f14543064744d2f5c8d9d8a384929bef9ccd
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
4b922cd0b6565086e642ee2ff57903babce23e38618ab193b67f145f89db55fd
Product: Account Manager, Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE, OS: Unix and Winnt, Vendor: Notified, http://www.cgiscriptcenter.com/, The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password with one of their own making.
da34cff8b8f0d5966a4b6803ba977cef75551738f799ae94a3f2632310f2b83e
HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
cf8fada37f8c1613e87c090555684cc0f5c51d3e63815104a2e3e47aeb5420ca
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
02f9d096afa81c2dcbbf3f8bb5609cd6012765d85d04dbbebd34e50597b3e154
CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
5544d2db9c8dc0786db03c0333204f82c3ce81f66faa47a4e2eca3e446cb972a
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.
0816d0752bc9ca5d7c49022abbc5dabc570e44109e381d1ba13966b6b2106a36
This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
c26bee1cd2d462edde38575ca8ae2a80b30398e106409a54ccc6ef6a98fdf6e8
A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.
89bcdeb0f24a910c4dcaa633ef6aa1a288acd34b4f9b1497078ed75916af2589
The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given.
8515eea65683688bde7181a502762ac58e5f98c78c8520653bfa290922c6ef5e