Eudora for windows has a buffer overflow in versions 6.1, 6.0.3, and 5.2.1. Sample exploitation included.
e1c845825eb5408eef5c7fae221f1e6a0db42ab375456108da90f20b60b04384
PHP-Nuke version 6.x through 7.2 suffer from various SQL injection and cross site scripting vulnerabilities.
ad379be5f5c68b56e0ab441f91d7a6268421e39c8a16990e45fab5dbff03f558
Two stack based buffer overflows exist in Exim 3.35. Both bugs need features enabled and are not in the default configuration. Proof of concept exploitation given.
353e702b40c92a2c6f894d544e776cf46bb65be439d7576759dac932b6645004
MyWeb version 3.3 is susceptible to a buffer overflow attack when a specifically crafted HTTP GET request which contains over 4096 bytes of data is sent to the server.
8c6ae777b6a360a4f96a220dd57b6374108d8a4834630ebc996a37fed98c9050
A security vulnerability exists in South River Technologies' Titan FTP Server. An attacker issuing a LIST command and disconnecting before the LIST command had the time to connect, will cause the program to try and access an invalid socket. This results in the FTP service crashing. Version affected: 3.01 build 163.
fb3ef6076a6e79f2243e64e12aba03fa357bda221b1e27fdd0e0eb401cb48a53
Local root exploit for sendmail versions 8.12.9 and below that makes use of the prescan function vulnerability originally discovered by Michal Zalewski back in September.
6b92118a7fe3130fa6ec45d888da04dc8d72dfd1264fed483ce66005c203ca9d
PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.
721b697fe7688e4f5cd82bffa98fa28968a6f5bafa7c37047140619bc081fa19
Remote exploit that makes use of a file inclusion vulnerability in 4nalbum module version 0.92. To use, you must change the retrieve URL to point to a script that binds a shell to port 1234 of the server.
3a7ac4cceaeef914f10ea4087f7dad06d55ce85def6e4463349e310e545c3d38
autoRST is an automated TCP RST exploit. It uses the Winpcap libraries to sniff for TCP packets on a network and then sends out a forged RST packet after calculating the appropriate sequence number and forging the MAC address. Makes use of the recent vulnerable released by Paul A. Watson.
42cb6ede12e9199900a5e6282342a4505e4a0df06f3b97e39afc1e2143e7b326
Local root exploit for Squirrelmail's chpasswd utility. Tested on GNU/Debian with kernel 2.4.24 and on RH 9.0 shrike with kernel 2.4.20. Original bug found by Matias Neiff.
6157a4eb97ac74cc3337b905b33aa88c26ff87f621b2f36ac1cf440cdd4a4aad
X-Chat versions 2.0.8 through 1.8.0 remote exploit that makes use of a buffer overflow in the SOCKS-5 proxy code. Successful exploitation binds a shell to port 7979.
2fee8170f90a051fd47c72f81150fec692e3bf4fac546c3cd394c69c90bc8001
Serv-U ftpd versions older than 5.0.0.6 suffer from a flaw where a user issuing a long parameter as a value to a LIST command can cause the server to try and read a value that is outside the memory location causing a crash.
a65b66ef8af1cc9495cc9fd0ca5c58f21b69e261b6e0304aa32ec1022fd5e31b
Aldo's web server version 1.5 on Windows is susceptible to path disclosure and pathetic directory traversal attack that allows for remote access to any file on the system.
639a5b9daeec5ce3fedb73bbc100d9733a8a0a3dfedccdc525198e2cf000b64e
Dameware's Mini Remote Control System version 4.2 uses a weak key agreement scheme. The scheme consists of the sharing of pointers into a fixed key lookup table. Both the client and the server have access to a key lookup table (KLT) consisting of 1000 32-bit values.
2a0a8f9b0413c82fcc2ef7d6bb5e5aee1c479ab3b69d3d2982122a9159c3e2fe
SMC broadband routers ship with remote administration enabled by default on port 1900 on the WAN side of the router. Hitting the external IP address on port 1900 and clicking Login allows a malicious attacker to gain full access to the device. Tested against model 7008ABR and 7004VBR.
3eee3cdb3e0331844cad85a831f6ec24d5f5d0c1e6400811a41972102e98b154
SquirrelMail, a PHP based webmail package, has multiple cross-site scripting vulnerabilities. Version 1.4.2 and earlier are affected.
2f2e665712060e5df5c10bd96dd7606949f7106b400202b941123e7e8a1244ca
MS04-011 DsRoleUpgradeDownlevelServer remote exploit. Submitted anonymously.
c345e1ceaf031691148d79a9fafffd9b68fdbe6f2ffeb4b7ad70da3edd68b5fe
Remote exploit for the Lsasrv.dll RPC buffer overflow. To make this exploit work remotely you have to use the sbaaNetapi.dll which modifies the DsRoleUpgradeDownlevelServer API.
c155fee77b812701dd4efb98b8ad352943a5fa4ca64edab679c6ddefca7a2e45
Remote exploit for the Lsasrv.dll RPC buffer overflow. Tested against various Russian and English versions of Windows XP Professional, Windows 2000 Professional, and Windows 2000 Advanced Server.
b67594dc0860e55e0a2dbb1361ffe68073b8564d93f740595e75b36e19a82e49
HSFTP versions 1.11 and below remote exploit that makes use of a format string vulnerability when processing file names.
0f0b1134f526e9e119a43dac0a36550ab2c1495e9c627acdb6f4557b53503898
Cisco Global Exploiter is a tool that demonstrates exploitation of the various Cisco buffer overflow and denial of service vulnerabilities. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".
d9ebaf0cd3d01a7813e46a67bf12eaee98841234ed430e3ca3ae69831f7dfb62
Microsoft Windows LSASS (Local Security Authority Subsystem Service) is prone to a remotely exploitable buffer overrun vulnerability. The specific vulnerable system component is LSASRV.DLL. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise. This exploit produces a shell.
3028a82b21c514fb8370c4391a58a4050e0b3aa2d874a827f1748ed35a4edee8