Solaris 5.8 ldap / passwd local root exploit. Tested on SunOS 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-60.
976064b2ea77c1c8c443af7bd3a6b22094d124f55fdf673bb26f5205d6e334a3
lmail local root exploit. Simply run it with the file you want to create/overwrite and the data you wish to place in the file.
ff21e217a7ee6a988dfe12d26ee5f7bdafde7ca74bec3f4eee9cbaa42d1ea328
Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well.
1affd95a288c842d09addf3da78a30cb53346dabcd3917f23ac63d00b2e272cf
Solaris whodo local root exploit. Tested against SunOS 5.5.1, 5.7, and 5.8 for x86.
75132e64c0b577687b4b50af180faba96a00dcb5b64fa8ba8042f7cbbbd10957
Solaris 8 libsldap local root exploit. Tested on an Ultra10 and an Enterprise 3500 with success.
703e2effcab17ca46f0f0820fae8e927c45ac8cfb996d67be8fc666421a7a8f2
Georgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit.
7713d19bc24aa7a9762066afdba62b29c53aa85272d88cc6bfb733c93872c401
Tstot.c is a remote exploit for xloadimage for Red Hat 7.0. Xloadimage is a Netscape 4.77 helper application with a buffer overflow vulnerability. Binds a shell to a port. Fix available here.
7c5e9b0f582f8b9f8069d43e9559a992dd4b582e20d60a2d78d0443ffbdce520
Cayman routers allow remote access by using } as the username.
a17e1c26d5bd70627c96f7b43f1922e3ad836ea6c06226251e575bf5202ffa13
Cfingerd v1.4.3 and below Linux/x86 local root buffer overflow exploit.
5e415ed8282123a93e68f4a857a9f0ce4671a2b5267122c13f0a903a573d4994
IBM db2 for Windows (98/NT/2000) is vulnerable to a simple remote denial of service attack via db2ccs.exe (listening on port 6790) and db2jds.exe (port 6789).
6c5296f9d72c17968922f22da1b6375455027b8746c894c2b6b6df7b0c2ccf53
Cfingerd v1.4.3 and below local root buffer overflow exploit in perl. Exploits <a href="http://www.securityfocus.com/archive/1/192844"this</a> vulnerability.
7b79ae13d85cacf1b8ce314ae39684e5ad6ef29d9488a23ca3c28dde72ba702f
McAffee's MyCIO directory traversal vulnerability - Any machine running McAffee Agent ASaP VirusScan Software is vulnerable to a remote vulnerability which allows any file on the machine to be read. This software incorporates what is known as "Rumor Technology" that facilitates in the transfer of virus definitions between neighboring machines. This agent software runs as a service ("McAfee Agent") under the local system account and uses a light weight HTTP server that listens on TCP port 6515. Exploit URL included.
1345f062edc025c7dde3a594f427338427b307283d4fb5cae989577e8ec98887
Cfingerd v1.4.3 and below remote root exploit. Slightly broken. Exploit redirects fopen() call to popen() and executes code from ~/.nofinger.
071f4a1a2ce57b1bfa0e3867ce11912d46f52d364d1efbfd8b9ae3b75029765b
qDefense Advisory QDAV-2001-7-1 - Multiple CGI Flat File database manipulation vulnerability. Many CGI scripts store data, including passwords, in a flat file database, using special characters as field and row delimiters. An attacker is often able to manipulate these databases by inserting extra delimiter characters.
3adbc5bc17ca8d7fbb204c38878615f26bac047bfa7c0f36cb2770033770699f
Kppp (/usr/local/kde/bin/kppp) v1.1.2 and below local exploit. Tested against x86 and Sparc Linux.
6955c7c52f2070a0081b8194b5b560371868aee5f2f1508b33fcd2c8d10a32f7