The Korn Shell (ksh) uses temp files in an insecure manner. Demonstration included.
46bf095b3af47f5a39cd2ce0d8c077e482095e3d43d2cc6b15980c73f2114313
Infinite InterChange is a Win95/98/NT/2k mail server which has a remote denial of service vulnerability where it can be caused to crash via a malformed post request. This has been fixed in Infinite InterChange v3.61.
559ea8e4a462900c2ff37f454cf8826455a86a72a81384b69ee480184c46eb97
everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included.
01ce9f63078ea884e7545c04bce65a8e11c4e87b1fcbdb0508d60474d1357b4f
Itetris v1.6.2 local root exploit - Exploits a vulnerable system() call.
13a0ac0bf7a88ce8832d4b779b8bebc6e5d04c2c956942c7b7664e4ff6f8a7ac
Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot.
febfc0b34d825bb1fd2b1ea1e96374fa6816966c45c2f8ac101caef72cf4b91b
OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory.
e60d36076da9b2566b60a358f1600945cb7392b7f05305acfc0f2dfa49415169
Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid.
a764a6764b205afa2af181409160d382cd7900bb0e413755bae2fd0a686d98de
Linux Xsoldier local root buffer overflow exploit. Overflows the -display command line option.
b399b42f07b8641525a5352aaf822e9698210c090495c285cd9fc11af3fdf062
LPRng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against the default install of Redhat 7.0 (LPRng-3.6.24-1) and LPRng3.6.22-1 installed on Slackware 7.0.
711ec9e53d55297ca043c724b126975613590c27a195978efaf80054e1390558
Nettoe v1.0.5 denial of service attack - Causes the Nettoe server to use all available CPU cycles and lock the game.
0829ddccf17a5f6cf8784776e011d370671b9df074562df981cf1b37ab918cdd
Pine v4.30 and below allows outgoing mail to be hijacked if the alternate editor is enabled. Exploit script included.
a697070970654ece18a16dfe44b4f7ffcf5b38cb5159bafae4e725f245de46ca
Apcupsd v3.7.2 local denial of service attack. Can kill any running daemon.
98d94708575e0137e9354e702878bc24ca1f6d27866f241f5fccddfd8e165f5b
Hassan Consulting's Shopping Cart Version 1.x (cgi-bin/shop.pl) contains remote vulnerabilities, including directory transversal with file read ability, listing files, and path disclosure. Exploit URL's included.
85283352f70d94548d2b56de0d97bcf80906908ef932baf0b3a815cdc3e97361
Securax Security Advisory #10 - The Watchguard SOHO Firewall is a small personal hardware firewall used for xDSL, ISDN and Cable connections. Local and Remote users can crash the Watchguard SOHO Firewall using multiple get requests to the webserver. Perl exploit included. This attack will not show up in the logfile except for a reboot notice.
8cbd330a7967aec426b0384fc3164e9e13b747e02aa4999c841e1b6a29574a7a
Microsoft Phonebook Server Remote Exploit - Tests for the pbserver.dll buffer overflow.
03ee0782ae94986d7ad6091fa2a68ecd086f76e481828a70e1bbf11319bdf425
CHINANSL Security Advisory(CSA-200012) - Ultraseek Server 3.0 Vulnerability allows malicious users to see the full pathnames of server addons.
a93ef1f7c85039e6f7a88a25020b181c801b9ea32a699a2b5f122ec16a96ce51
Bftpd 1.0.12 contains a remote buffer overflow. Denial of service exploit included.
b53b1d6e97dd2c13613462f15448517d0b51dbb7d806ce05e13b0e2e9494dbfc
Secure Reality Pty Ltd. Security Advisory #7 - MarkVision is a printer administration package from Lexmark. Versions previous to v4.4 contain local root buffer overflow vulnerabilities. Fix available here.
3e763f2a074ead41c407459903496036ba90d70aba5782927022137c103963ec
Secure Reality Pty Ltd. Security Advisory #6 - phpGroupWare is a multi-user web based groupware suite written in PHP. Versions below 0.9.7 under Unix make insecure calls to the include() function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the web server user, usually 'nobody'. Fix available here.
6726f2b4b34f81a4e34dba7e545c1d74926ef384ea62801eb1b9a0aae10a731a
Secure Reality Pty Ltd. Security Advisory #5 - All 3.x versions of MailMan Webmail below v3.0.26 contain remote command execution vulnerabilities. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user which is in most cases 'nobody'. Fix available here.
b4dcc0b0843d1cb7fc27df32abe4794efcdd89522f9d488aea343af2e5078e74
Xlock local format string exploit for Linux/x86. Tested on Slackware 7.1 and Redhat 6.2.
4d145844ebe8a37d22c403be58bb4a6d5b30eb6341926262952994da081a236f
HP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit.
fe3f5dd4d79deb81bc655988c0acc2f21da6e77fad6cfac1b4dcdac71dd5c744
Linux/x86 remote root exploit for ypbind (ypbind-mt). Tested against Red Hat 7, SuSe 6.x, and Debian.
2b24fda89ac2d6cab494fa7e7579f14e73b189f6e164ba521552fab98bd40eb6
PHP 3.0.16/4.0.2 remote root format string overflow exploit for Linux/x86. Tested against Slackware 7.0 and Red Hat 6.0.
4f73e668ad771ff15e243d28868f71c32cd935cf7d2e79ab10e3af4c19ab5ca3
Securax Security Advisory Securax-SA-09 - The Serv-U FTP server for Windows v 2.4a, 2.5h, and 3.0b (all versions tested) have vulnerabilities stemming from improper handling of hex encoded characters in ftp commands. The server will reveal the full path to the ftproot, allow read/write/execute/list access to any other file on the partition, and allow listing of all hidden files. Fix available here.
e6a9f7a08b79162569e6194cad0956887de19d672150ee61fc642ddb1f1d8c63