LPPlus is Plus Technologies print management system for unix. Versions prior to 3.3.x contain several serious security holes, some of which undermine the integrity of the printing subsystem, others threaten the security of the system on which the product is installed. Upgrade available here.
248b9234d97b69b1724934b3160bc67bfa94aad7c0d63ca95ae01ac0d7e7a78e
The CNN Unsubscribe Bot can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's member_id.
53bf6534606c7051e8350cb44d7f0223e19984b7353c2376361378fa040f169f
RUS-CERT Advisory - Several Apache authentication modules which use SQL databases have remote vulnerabilities. Any Apache server using database-based authentication with the following modules is vulnerable - AuthPG 1.2b2, mod_auth_mysql 1.9, mod_auth_oracle 0.5.1, mod_auth_pgsql 0.9.5, and mod_auth_pgsql_sys 0.9.4. An attacker can execute arbitrary PostgreSQL or Oracle statements.
37b626339cbc966d6b6560820f49a4175ed1db3dd72933dfe32ab6fca5ac8b1c
BSD Auto-rooter - Runs a trojan on many machines using the telnetd exploit.
b8af488b660ee22c7889830b3c631acb3825c2c328be4bcfda40570fe29df4ab
Solaris 2.8 patchadd local exploit. Takes advantage of a symlink vulnerability to clobber files with output from patchadd. Tested on Solaris 2.8 Sparc with the current patch cluster applied.
a8745334e41a751bc67512da3ab3617e9e543b283f76da7d9a5b2496eef89fec
AOLserver v3.0 and 3.2 remote denial of service bug. Sends a long HTTP request.
090d176d5352846828025a910558d26b49d012fe1aae38fd3838f573072a9a36
Ntop v1.1 for Solaris/x86 contains a remotely exploitable buffer overflow in the http server which defaults to tcp port 8080.
2a782b423c71b7af0e40453edb9508bf1af85c5776966f021fe5b239fb24adbc
Sendmail 8.11.5 and below local root exploit for linux.
efacdaadfe6b380efa743b43242f74d7805c6cd43a210409b5c705d96f7fda97
Sendmail-8.11.x linux x86 local exploit. Takes advantage of a memory access violation when specifying out-of-bounds debug parameters.
285b8eb1dcf722e10d67521b7dbe8143729e3f1b8b721f06519627b02ac9ec4e
BSDI v3.0 / 3.1 local dos exploit which reboots the system by running some shellcode.
5cf654f5299277e035f85f7824cf9e1e7df43880bd232fad9a51dc3364887d23
AIX PowerPC v4.3.x ftpd remote exploit (yyerror() bug).
21e681b624a45369149e2a74941ac08c6c5ee1a231c7ffe7bf5eaaea3a465482
AIX PowerPC v4.1 and 4.2 remote exploit for pdnsd.
3c4f77c712351730d74b742074a6fbd8a7e7efab4cb7e8facca9de615051ef71
AIX PowerPC 4.1, 4.2, and 4.3.x local exploit for /usr/bin/setsenv.
2d35dc0bf91598839390c0d854435c0c71adcde2f75a7ec0896bd07f0810932b
AIX PowerPC 4.2 and 4.3.x local exploit for /usr/sbin/portmir.
ce1f916ba5f1590fe65502089788b1beabd5b899dfb5a0a684a29f96634f66dd
AIX PowerPC 4.1, 4.2, and 4.3.x local /usr/lib/lpd/piobe exploit.
9ffa3ccffe3a0265a0e0734ae8000d79ca04cc1f1d3a80d29e4cb72a69162103
AIX PowerPC 4.1, 4.2, and 4.3 local exploit for /usr/lib/lpd/digest.
16ac023fde37aa1040868b800b4fef840ef632c820918ddabcbc662141523fff
xlock.c - Proof of Concept Code for xlock heap overflow bug. Tested in Solaris 8 x86.
1c930575e877d31d683dec53347c6292c4dd407d310ecdc95493fb79f97dbc03
Mailex.c is a Solaris x86 mail HOME environment variable buffer overflow exploit. Tested on Solaris 8 (x86).
c5728173ffc69c07e6d9ed6807b6774728e20fe89e5d2a5bb97c2b14b9349f7b
Solaris 7/8 kcms_configure command line buffer overflow on both sparc/Intel platforms.
060830798eeb4bfc82866e4a2ef7eba72abfa93248e51af9d583026e70c7d476
FreeBSD 3.3 x86 top format string exploit. Tested against top-3.5beta9.
5d9e92f9fea9c852b99fa4e6c57dcea1c3a6c13ad5613141c3f534d1b65ff298
Windows 2000 + IIS .ida exploit in perl. Binds a shell to port 8008.
1f578d8a0d8d1cb1c20ebe5e5dd8ab212555fe164889760990e9c04a1bfad7be
w3m remote buffer overflow exploit for FreeBSD. Runs as a daemon and waits for w3m to connect. FreeBSD advisory about w3m here.
e30d5cf756ffae77685d87c6188e5ef50c5a9115816fc507d00772618b363043
NSFOCUS Security Advisory SA2001-06 - A buffer overflow vulnerability has been found in ssinc.dll which is triggered when Microsoft IIS 4.0/5.0 when processes server side include files. An attacker could obtain SYSTEM privilege if he can save html on the server. Discussed in ms01-046.
7b2deeebed5062a304ab98f09b24bf0ddac48ccb7244b9f0b55d3767555c67b4
NetWare Enterprise Web Server 5.1 has a couple security problems - When NDS browsing via the web server is enabled, if an attacker can reach that server's port 80 they can enumerate information such as user names, group names, and other system information. In addition, poor handling of GET commands will allow for GroupWise WebAccess servers to display indexes of the directories instead of HTML files.
adf0654a73f370790f57c8f495e47ab5ce8db6242f05e002639e1d51d2ce342f
PHP-Nuke Written by Sequioa Software contains sendmail.php, which allows remote users to execute commands and see files on the web server.
15b60f966f6d41df63275f87611839fefc622ea85815d79655554d3868a7aa03