PHP KIT versions 1.6.03 through 1.6.1 suffer from SQL injection and cross site scripting vulnerabilities. Demonstration exploitation included.
c1523a9e55bac436ae0076df04b931392281380687c061e2ed6cbe1a3ce97264
Gmail suffers from multiple vulnerabilities including denial of service and cross site scripting flaws.
698272ceac4aa2ecd656a297da9f9d16d6ecacfd8a250f638aad77532a688a80
It is possible to reset a ZyXEL Prestige 650 HW router without any authentication.
a4d1db6918bceedfe9f7495d7a6ac3ec6560609a00d906f07dc41dc206aaf241
IPB Pro Arcade versions 1.x and 2.x are susceptible to SQL injection attacks. Exploitation included.
f7454942a43b8b3ffbf7722175ca2bf2521b5ec0146a700b1e8b374d7351a54e
PhpBB v1.0.0 - 2.0.10 remote exploit which takes advantage of a bug in admin_cash.php. Opens a back door on a tcp port.
759e1b3c1fd320dbe0d222403ebfadaef07dc4d09e204984eb5cd514f21054bc
Local user input handling vulnerabilities exist in WCI's TC-IDE Embedded Linux prior to v1.54 which allow local users with access to the tools provided with the system to spawn a root console, gaining full control over the running Linux operating system. In corporate environments where this product is being used, such vulnerabilities could cause disastrous effects, all users are encouraged to update to the latest firmware ASAP.
46d3aa11e83ba80562e7262440809b13893d555f6f58bc2ca80b55ac4797533e
Mailtraq Version 2.6.1.1677 remote exploit which allows SYSTEM level access while using the Mailtraq administration console. Requires a Mailtraq admin account.
9363a24390dc5f166823eede37366696be7abfad27c632dc5627567f22951267
Prozilla-1.3.6 remote client side stack overflow exploit, tested against current Gentoo, slackware, Debian, and suse.
9357bc7d80ccdcff080e1d7069304e8f08c1c576c0e7e49b73ae85830397a0c4
Remote command execution exploit for phpBB 2.0.10 that makes use of a flaw in the viewtopic.php code.
aee65c849185b91d9b59593d7e00fe8fd6ad03efd250948a95761326bdf70a7d
Microsoft Internet Explorer (including IE for Windows XP SP2) is reported vulnerable to a file download security warning bypass. This unpatched flaw may be exploited to download a malicious executable file masqueraded as a HTML file. Full exploitation given. Original posted on k-otik.
5cf54bfc3b98194b62e01d674a293f76a8b55e5d1942178a1fcfe020e729bc73
Altiris Deployment Solution 5.6 SP1 (Hotfix E) suffers from a privilege escalation flaw that allows for SYSTEM level access. Step by step exploitation given.
2eeeb547e723092ea08f4321e09bdaa44b9d7db09a51e44e2d576c63d5afa53b
A privilege escalation technique can be used to gain SYSTEM level access while using the Mailtraq administration console. Mailtraq Version 2.6.1.1677 is vulnerable.
754a99a37c23e5ce9586839e1dbef857f90469878efeac14f8dd013ad62fd9e5
SLMail 5.x POP3 remote PASS buffer overflow exploit that binds a shell to port 4444. Tested on Windows 2000 SP4.
e52e26d43fc8281cdd86366385864d1faabe76d496cbf284434a32a5b495a1f4
A buffer overflow exists in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Demonstration exploit included.
1b44dbca0b215e58195b7ccab58ff39ef302fbcfb6e5a9242f59b5d2f444e7c9
An input validation vulnerability in Invision Power Board version 2.x allows a remote user the ability to conduct SQL injection attack.
eb51a14581063ecdb55762f96413e0fed28ee78821e319e6748be503de8978cd
Cscope 15.5 and possibly earlier versions may suffer from a race condition that allows for local compromise. Proof of concept exploits included.
7ae2b4d33100aae1c181383bb5e6a8fb9fb26048a4552dd090b6f87f7443ab82
The Event Calendar module for PHP-Nuke suffers from cross site scripting, path disclosure, SQL injection, and script insertion attacks.
a36efcbb8d52ca32bb59f65773b5a67d142f0908a7cc7268b38847facdb0b68d
TipxD versions 1.1.1 and below suffer from a local format string vulnerability. Proof of concept local exploit included.
bd7c3d962bfd392f9d0af4f86b1f47acbfce58b9232069d15848c54ccdb24870
TWiki Release 01-Feb-2003 and below remote code execution exploit in perl.
0a072dc39641233ff8523728ea4118373e6bd2bb4fa0c66b9edc40ca2e45e42d
GFHost PHP GMail remote command execution exploit that achieves webserver id privileges.
3f16949c103704d441900ba1b74ee6b4743175756fe13c17ced1c7e2e43e7ece
This is a simple tool that searches for the central and local headers contained in a zip file and alters the uncompressed data variable to be 0 in an attempt to trick anti-virus software into not scanning the files inside the zip file.
89007618a7cc506d601e2523249eba67ce6ad4d3cc000482f70f5e18ab449a0d
Eudora 6.2.14 for Windows that was just released is still susceptible to an attachment spoofing vulnerability. Working exploit included.
40feffee7423a8d9403bc9b62c864111246e0808bd8068c7ab5f09b183a516b9
Remote exploit for the IPSwitch-IMail 8.13 stack overflow in the DELETE command. Successful exploitation binds a shell to port 4444.
34486ab358c7f8793e3c20cec33de6a9c6baf7c1e07b04a872a23d2c482b2059
Microsoft Windows Vulnerability in Compressed (zipped) Folders (MS04-034) proof of concept exploit. Tested on Windows XP SP0 Spanish and English. More information available here.
44517de41c7c9de3c636a5828759c01db0889a38ca5ba75dd8fd12a42642db83
Apache v2.0.52 remote denial of service exploit (version two) which sends a lot of spaces, consuming CPU and RAM. More information available here. Versions between 2.0.35 and 2.0.52 may be vulnerable, but only v2.0.50 through 2.0.52 was tested.
6ef0cd246b77f086571410803e9f7d0266154b693ceb51628715ee955cf53ea7