Solaris 8 LDAP_OPTIONS local buffer overflow exploit which takes advantage of a bug in libsldap.so.1.
fbf6de6cb08309b916fc1f7834bc383860b579ea95037740cc187c35f913b224
Oracle application server 4.0.8.2 + Netscape Enterprise 4.0 webserver remote exploit in perl which attempts to execute commands remotely as root. Netscape Enterprise webserver must be configured as external 'web listener' for Oracle. Overflow happens when a long string requested with prefix which has been 'linked' to oas. by default it is /jsp/. Takes advantage of the Oracle Application Server shared library buffer overflow which affects Oracle application server 4.0.8.2 + iWS 4.0/4.1 webserver, running on Sparc/Solaris 2.7.
045f497e451554365c75a888a54888851684db64b10d241f5348b3d6b422abc1
Packet Storm new exploits for May, 2001.
f57f3b5f09f5712f1bd0ed4dd43383a800ec94fcc48e9e6646e82555f0ff4323
Gnupig is an advisory and exploit for the Gnupg v1.0.5 format string vulnerability which creates an encrypted file which executes code when it is decrypted.
ac649f815afe8db3e8e2d13836c1870964dd972e44857e461df7104d04761240
HP/UX local exploit for /opt/OV/bin/ecsd.
2de424af94be9fb6a61cd2c72d940df117c2eeaae50d877ddb06a4652ee9abce
Cool2 is a perl script which checks a list of hosts for IIS servers which are vulnerable to the decode bug and the old unicode bug.
992e799ee26d6aaa457432a5be7c3db3479c2f5ed9f94b41f92878e2fb8ebdd8
Securax Security Advisory #20 - The 1st Up Mail Server version 4.1.6a and below contains a remote denial of service vulnerability. Fix available here.
c9d3d44add8e60cf5afe922404991f19df0341b12c9296a9ea83fa9b2c70ae33
Omnised.pl is an exploit for Omnihttpd v2.08 for Windows 98/me/nt/2000 which lets you dump the source of php perl and other files to a txt file. These files may contain passwords.
9276193adbdd9b969f90b2323644d613d1e30a9bebe9d41fa67790946031064b
X-Chat v1.2.x format string bug exploit. Tested against x-chat v1.2.1 on Slackware 7.1.
b469eda18d6e1805cd4e8a0be2fbb3cb43284ad07087b99b32725d1ff02f9fc4
This little piece of perl code tries to exploit the double decoding BUG on IIS 4 & 5.
33a120d3fdad4e6ced42a48f9ed06541f1a7acdd6e07b660fa045c63cafecb32
The WebAvail LinkMax2 (ASP) allows website visitors to view the LinkMax2 admin login and password. Fix included.
bc49f92d642851afebdaa716c8669034d092c6652034fd4a9c0ddaa830453e4f
DQS package v3.2.7 (/usr/bin/dsh) local root exploit. Tested against SuSE 6.3, 6.4, and 7.0.
dc781082f966e7e84fd45bc05a9af244e12da062b9438a7c4ce05fe3639b7a91
Execiis.c is a remote exploit for Bugtraq ID 2708 - Microsoft IIS CGI filename decode error.
930daed1380743902694409c2275d36ed101487eb3dbd8df8b795068aba598ba
Sensedecode.tgz includes 2 perl scripts which exploit the IIS url decoding bug. Decodecheck.pl checks for hosts that have the "decode" problem, and decodexecute executes code using the decoding problem, with redirection.
d32db266c769e68dd5e55144cdff5aac3d5f570243d3c50560169d168c96b542
NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system commands with IUSER_machinename account privilege. Exploit URL's included.
1f24fde1bac96def60ac10c00a6e82940ada309470835ba73f5d78b25c6f6fec
Acadsoft's webcgi98.exe displays the full path to the binary in an error message.
87a2492754de406640b736c27877e5fea0ea2bf16f000790a41c42110d3365f5
/usr/bin/mailx local buffer overflow exploit. Gives gid=mail shell. Tested against Solaris 8.
8270d776c54245c8f9730bdf87c4de6ee29ce8e325d9e3fb78e6f9951ae96cbc
Cfingerd prior to v1.4.3 remote root exploit for linux/x86. Exploits a format string vulnerability in the syslog() call.
d8bf8ec5db51a03a2a06971d1a62f5b817394a89a0963c7f4adf17a3b5bfdc71
Jill.c (fixed version) is a remote exploit for the IIS 5.0 / Windows 2000 remote .printer overflow. Spawns a reverse cmd shell.
4eaf53b6615baedb4fac1be5c4beb5aa4c9708ae0370a0dd8b34bf8080a4ddbb
Cfingerd prior to v1.4.2 remote root exploit - Takes advantage of the syslog format string bug. Tested on Debian 2.1 and 2.2.
70f413a4d20fd258ec79ede4b34842fe8435ef1209fb32fae0d717b0718d3107
Ronin.c is a FreeBSD-4.2 remote root exploit. Requires user access and a writable home directory without chroot.
d2e33c037790692c389b96a7601e8f1408b6545023a8abce9baf0cbcdda89c20
The G6 FTP server v2.00 freezes if told to create a directory "COM1", "COM2", "COM3" or "COM4".
716e570229564b04ebe6d9eb93f65830929d5d4b253495f360aab2e142e6e52f
Windows 2000 / IIS 5.0 sp0 + sp1 remote exploit. Overflows the Host: header of the isapi .printer extension. The included shellcode creates a file in the root drive of c:\ which contains instructions on how to patch your vulnerable server. Compiles on Windows, linux, and *bsd.
9fff87f325e3b0b2e95b688b5c791f29e66f7277f9fd816703595f63a89b9eeb
Windows 2000 / IIS 5.0 + SP1 Internet Printing Protocol vulnerability test. Causes a memory leak and reports whether or not the remote site is vulnerable, but does not contain shellcode.
7acc303c4980d09fc650229e55553b5c0ada450b62f78168bace6cbcf5152918