iisex.c is a remote command execution exploit for Microsoft IIS 4.0 and 5.0, as discussed in iis-unicode.txt which attempts to provide an interactive cmd.exe shell.
4750ce76fa11a85f6f1ef97478408066fedff3d6adc705ce98126be2563f7cf6
/usr/sbin/userhelper / kbdrate local root exploit - works only at console. Works well for people you know.
f306e4b3197582d95675db9964fb45bc371416bf6ee9795a7888f293e8872bc3
Slackware Linux's ppp-off command uses /tmp insecurely by writing ps output to /tmp/grep.tmp, allowing an unprivileged user to overwrite any file as root.
1e2516ab243a13e088be91f759a25f88ce099f7410487a4e595a22b99aeb688c
The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.
321410a4245baf94d24899baac40728a163cf83df38b90575b4aac920f73f359
Auction Weaver LITE 1.0 - 1.04 contains remote vulnerabilities which allow users to read any file on the filesystem, and delete arbitrary files. Fix available here.
7321c9d080577203ab8456a7016142136aeefd6b6f8b4e04f589c76bd7ab1aa9
Georgi Guninski security advisory #24 - IE 5.5, Outlook, and Outlook Express has a serious security vulnerability which allows remote users to read local files, arbitrary URLs, and local directory structure after viewing a web page or reading HTML message. The problem is that you are allowed to specify an arbitrary codebase for an applet loaded from here.
4c84e6a9bab5f1f849dc508650403150f24b823501e7ecc02ccf5a7182a26dbc
Web Store (cgi-bin/Web_store/web_store.cgi) is vulnerable to a bug which allows remote users to read any file on the webserver. Exploit URL included.
e8d84c70573247b065488f0c2c61893c5a193d20ae5dd8ce1b4b82b6109b1452
Red Hat 6.1/6.2 traceroute local root exploit which exploits the traceroute -g bug, as described in the Red Hat Advisory on Traceroute.
2f2c05c49da7f513c3947676832869a817e0236622068d98971c3738b9639160
rain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.
2b1c446965eae66c719dc5275df8c83c036b0c35b914f77fa9b14f18472713f1
PHP/3.0.12, 3.0.15, and 3.0.16 with apache 1.3.12 remote format string exploit for FreeBSD 3.4, Slackware Linux 4.0, and 7.0.
96da427c5e520f508d5095e2ae72b3ea84315600ce6f8c479d2b052c33f7f03f
Wingate 4.1 Beta A and below allows users with access to read the logs to read any file on the filesystem by encoding the URL with escape codes, bypassing input validation. Includes wgate41a.c, proof of concept code. Fix available here.
d911de7376362eaa57534d66e1363dca6a222e4eac2a3b3c940f8173fb80d190
GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.
0152f01fe95821ca442a86d5040d00c6f94af97c5ed3d54f2c0d85ef0541b8d8
Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840
Kak.hta is a variation of the recent ActiveX Dotslash.
bdb21f8e4b7bfa50a24c006b6d2979c765ccd82a4bdedeee48257dd7ffdee0b2
NSFocus Security Advisory(SA2000-04) - A denial of service flaw has been found in the Microsoft Win9x netbios client. An attacker can modify his host file share service and perform DoS attack against a Win9x client that visits it. Windows 95, 98, and 98se are vulnerable.
9236c974af81c4c844db26363d287b64b22ac6b3a14b0d4342716a88acbe836a
NSFocus Security Advisory(SA2000-05) - Microsoft Windows 9x NETBIOS password verification contains a vulnerability which allows an attacker to use a share only knowing the first byte of the password, which can easily be guessed. This is the flaw described in ms00-072 which affects Windows 95, 98, and 98se.
7aef63a9de0679d5b03e709420e8ddace4d85f1bf4c6394a3d8949d58d90ea2a
NSFOCUS Security Advisory(SA2000-03) - A denial of service vulnerability has been found in the IPX/SPX protocol implementation. When a WIN9x host receives a IPX NMPI packet that has the same source and destination machine name of its own, it will be lead to an infinite loop of sending and receiving packets. This attack will consume a large sum of CPU resource of attacked host, causing it to crash.
ee09333c713c3c147526afc9d6f8cea9c39dd915e503348778b1122d7781a015
FreeBSD 4.X local /usr/bin/systat exploit. Gives a sgid kmem shell by exploiting the .terminfo bug in ncurses.
74912457abcb06d1b3486b0919890ed721d24f2ed15b58307dd60bb46c085361
Synnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a23909da35478f6a2095d6d342fb63d5f4accfbcc2879f4add37f28616e828c3
The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.
cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257
Vigilante Advisory #14 - HP Jetdirect print servers have multiple vulnerabilities which have effects ranging from the service crashing to the printer initiating a firmware upgrade based on random garbage in the memory, and in some cases powercycling won't fix the crash. It requires a new firmware burn by eg. HP to restore the Jetdirect card. The FTP, Telnet, and LPD services contain buffer overflows, and spoofed malformed packets can crash the printer. Fix available here.
bdca6965e5cc27db16052ee9d2ed6315debed77a62a63aa071a0614cac33ff36
PHPix, a Web-based photo album viewer written in PHP has a vulnerability which allows remote users to traverse directories and read any file on the server. Exploit URL included. Fix available here.
e4419820f11faed3b78317f5462ba2159447f498e8b203f34e98a29ecac583bc
The BOA webserver version 0.94.8.2 and below contains a vulnerability which allows remote users to read any file on the system. Exploit URL included. Fix available here.
a859a68ad11a042096b6a7dcc8f53e25349a563780aa31e67195cba709f232e8
Delphis Consulting Plc Security Team Advisory DST2K0040 - QuotaAdvisor 4.1 by WQuinn For Windows NT allows users to list all the files contained on a file system which is on a server with QuotaAdvisor running on it.
207715a553367fd86d35fea578da89546850f009eafcc211cb4a0381746ecbed
Godmessage 3 (Revision 4) is an Active X trojan which automatically uploads a binary to unpatched IE browsers by simply viewing HTML code. Tested against IE 5.0, 5.01, and 5.5 on Windows NT, 2000, and 98. WARNING: Viewing this HTML very well may break your computer if you run Windows!
a7e16b7e8a4025e6d430b19893b0e47492278ae88ad47135008aef0feeeb93cd