bland.c exploits a bug in Guantlet 5.0 which causes the firewall to hang when an invalid ICMP packet is sent to a machine which is forwarded through the firewall.
09a5c8c71232fd537a6add6c81e27e690a0d7c6674e8c844053c608c81e84ec0
Frontpage Server Extension shtml.exe denial of service attack. Based on an advisory by www.xato.net. Vulnerable systems include Microsoft Windows 95, 98, NT 4.0 and NT 2000.
43d752f3668ac471fb7f9b5cda917b5b2b09dc06934f38381a453cd6dfb342d1
Zgv 3.0 local exploit for Linux.
97a09fdb60023de0734f695a952ce7ceec2f4651602772ae2bbd81286136ebe7
rumple.tgz exploits the recent ld.so unsetenv vulnerability in Caldera Openlinux.
56c493b400141689b410dc981464badb4d7008167d902e6412e0e9cce077ac82
Solaris 2.x locale exploit - exploits /usr/bin/msgfmt and /usr/bin/eject locale format bug for local root access.
88937ded48954c3ed21f78a4d769f8190c43fa9f3802825fa180b88ccb18bec4
The IMP-2.2.0 webmail interface contains a bug in the the library file "horde.lib" which allows commands to be executed under the UID which the webserver runs as. Exploit information included. Patch available here.
5cd37cea6ed0bf632564427031d816598d01b2a66f0f2101fca4af6f7600bec3
Darxite Daemon v0.4 password authentication buffer overflow exploit. Spawns a remote shell.
e3dd3a037dbb8d042f99c43279d3db0d7a79d4196e1044166dd2c8ca7718e9a6
TYPSoft FTP Server 0.78 for Windows 9X and WinNT is vulnerable to a denial of service attack. Sending a long user or pass commands causes the server to hang and increase system resources. Perl exploit included.
6290ed9092ce73d9e92df721518efe218bf3ccf081ac7b79d93e84f30cccd104
Anyportal v0.1 allows remote users to read any file on the webserver by submitting modified forms.
e1ec85ae33fed5f71b59bb5010d7c3248c2ba5c473dd1c55908c4be4e6a1ee39
phpPhotoAlbum v0.99 and below for Windows and Unix allows remote users to read any file on the system with priviledges as the httpd. Fix available here.
1fd5dac557c53d92324e640ef142c13d6504f28411ca172131ea0b05a2852c6e
Secure Reality Pty Ltd. Security Advisory #1 - PHP's handling of uploads permits a remote attacker to manipulate PHP applications into opening arbitrary files on the server with the permission level of the user running the server. Almost any PHP program which provides upload capability is vulnerable.
aeaf6e2aa7063b4ff85dd2c6645bd2a6aa56552e8a26b759f5817c1bbd0a2039
Screen 3.9.5 and below local root exploit for Linux. Tested against SuSE 6.1.
b32cf02872905afa005ea30d36475fca569d44e349e023f5c0478a9e94373d11
GLIBC 2.1 language local root exploit. Includes bypassing Solar Designer Stack Patch. Tested against Debian 2.1/2.2, exploits Glibc and /usr/bin/msgfmt.
7595e563137275d49fd68534ecc6196a233a1a24803e1370fc47ba2aae3be20c
Gopher2.3.1p0 and below has many overflowable functions in the daemon. Most of them overflow with hardcoded data that gets passed along - making it not possible to change any pointers. The "halidate" function contains an exploitable buffer overflow - exploit code for linux included. Note: This is not related to the other vulnerability, authenticate.c, which has since been patched in 2.3.1p0. 2.3.1p0 is vulnerable to this.
c9a967732b2e2119e924d33a9e324290a5f84f712275f52f3cd713c43b128f87
BNC 2.6.4 remote denial of service exploit. Causes all users who are connected to IRC by BNC by exhausting the resources of the BNC server.
2b404efc7917d8d05e17566fbbda6f862e58ad17893ed5aac38f790bba57dbeb
Hyperterminal, the default telnet program on Windows 98, contains a buffer overflow vulnerability. It is possible to exploit via IE using a long telnet: URL.
8b90845eac862f8b4a616ef0ba0cd3928cdcaecbb16e67ea6204413e73f639bd
Auction Weaver 1.02 Lite remote proof of concept exploit. Spawns an xterm by exploiting an insecure open() call.
05490e9058e27b2b15a85eb91906bf90777cd620da83832f56681fe3570761b8
The ICQ Greeting Card service allows HTML commands to be sent to the target user. Any malicious HTML such as file:///c:/con/con can crash the system or exploit other HTML based vulnerabilities.
bc5b109db4538ee867af58c61bf71e039eb3c0c10b62871eae499953483f35fc
Vigilante Advisory #8 - NTMail Configuration Service v5 & v6 denial of service. The web configuration running on TCP port 8000 does not flush incomplete HTTP requests, and thus it is possible to use up all the server ressources within a very short time.
c9fec19beb463e9c88ed288d26e1bc526386517c5982cb2f718dc275c18ea22b
cpmdaemon is a program that runs as a daemon or a cgi which allows changing of passwords. It allows brute force dictionary attacks against user passwords without any logging. Includes exp_cpmdaemon.c proof of concept code.
3483de64828caecd47ac6a0791f690c8028feb0bc3131f6bcd8c612b01b7ba04
WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.
193366b65a5b1cdd836be3470f4aa6808039ca44452fe3c05bb6a2925d08ca56
WFTPD/WFTPD Pro 2.41 RC12 contains a remote denial of service vulnerability which does not require a valid login/password. Perl exploit code included.
2ce2075c4946300317f659cb6ce029291184ad6df10f2c8ceaee2b6620d0efc2
Thatware is a news portal administration tool. The security vulnerabilities in Thatware allows attacker to gain administrative access to the application. Two exploits included. Fix: For a quick fix, simply rename admin.php3 and simply quote all numeric data in SQL statements.
f1837f7f0c5bc17cf29726c8a0e878307e31fc3411e3a8cfb596b751b87fd088