Creation of insecure temp files by Midnight Commander 4.x open security hole allowing potential for execution of embedded code.
af587ee0a8b48a3695fabc6df7f104627bb94f165780e07ccc3d96f67390a45f
Microsoft Outlook 98 allows remote attacker to "spoof" Reply-To address in emails, resulting in possible confidential data and trust compromises.
5337307d8002aae868ac4bf343f2003602def301af84a9b7e9f7449f808399aa
Microsoft Internet Explorer 5.0 contains security vulnerabilities that allow remote attacker to retrieve local files and "spoof windows". Exploit code examples included.
bd4c8f6d2ab242dd7ea8bc94e911f8584c013fe6a484c1d01a244a66ad069f48
Yet another privacy hole in Microsoft Internet Explorer 5.0, this time a "feature" that inadvertantly informs web masters when a visitor using MSIE 5.0 bookmarks their site.
46fb6d21fb9834f50874fbf40ff7e8ad554b3d212cb612f10f067942bd5b3b42
Microsoft Internet Explorer 5.0 contains a couple of interesting eggs.
b29c641b1ea4cf6ca5da04e75427509efabf446800982507278fd984893274cc
Microsoft Internet Explorer 5.0 DHTML edit control security hole allows remote attacker to read and grab files. Complete exploit code included; no vendor patch; temporary suggested workarounds included.
8a4422242454b781c9dfc587444f7ee02bbece1c6cb152c54b8c3b2a061e3e18
Microsoft has released patches for several of the many security vulnerabilities in Internet Explorer 5.0.
2d0e47d56bfbb0675874b3dfce0c991b39570e01c970a16c436d18bfc26a41ce
NetBSD SVR4 compatibility device creation vulnerability allows a regular user to arbitrarily read or write any data stored on the NetBSD portion of the first IDE disk configured by the system.
a613b4bed0458846b19492401ac012cad2218d90ecbad614396d49254603a748
NetBSD security vulnerability exists in which unprivileged users can trigger a file-system locking error, causing the system to panic or hang. Exploit included; vendor kernel patch fix information included.
2d78b47ae3e9add73ff913f04d2b83c5c788b421bb537bd1608acbcdb9bb3e14
NetApps C630 Netcache v3.3.1 (latest release) allows anyone to retrieve SNMP-Information, regardless of the community-name setting/configurations.
9cf9091e3b6658886d1b465fbddfbf5e5e6d88b84fa2842a17585844276e429b
Exploit script that retrieves and decrypts user passwords from Netscape 4.5 ~user/.netscape/liprefs.js files. Perl version of the exploit included too.
f18b1cc4903b289a2c8623e22f79ec2aca300fae237c3486d5d884e374567aef
Norton AntiVirus for Microsoft stores admin passwords in clear text, allowing remote attacker to compromise file and system integrity via the included web interface. No vendor patches available, and no really adequate fixes suggested yet.
aa905856f0b7df65f552ed0f01189ab804056ebe7c171812ca262b461118acba
Novell Remote.NLM password decryption exploit program, with full source code included. 9k.
09217518b70cdc6d1a19fd9ef45911addcec68ce3d30a5a252093bcb2b734f4c
Windows NT server Denial of Service attack exists in which any local user on client machine can cause server to hang by sending large number of message boxes within short time period.
b40b08d9cf7c15f3c52db4bf278f0029a70cd55cae99c342833a3790ec41da39
Microsoft MFT bug allows any user with write permissions to effectively destroy your entire NTFS volume, forcing you to reformat.
0a2ad46a467d9764ce3eb4ad8d020a9f43fe4a4b55cdf1e28b5a0e22c1a14b81
Windows NT versions of rcp/rsh allows remote attacker to gain access. Exploit example included. Solution is to simply not run rsh, rlogin and rexec at all.
9cc5a6ef82dab10e4f1ce75b8708cc60b68291b41881deeaa911d95484d4bbc2
Hummingbird's Exceed X emulator (all versions up to and including 6.x?) for Windows 95/98/NT allows remote attacker to execute simple Denial of Service attack.
e7a2eadb5957faa34705ca3a22ffffcea57b87256b94e70e828bcd9fc9813f0f
Bad permissions on Windows NT ProfileList registry subkeys allow any malicious NT user to cause other users of the system to load a "trojaned" profile that could lead to a system compromise. Exploit description and vendor solution included.
54057eb398a0eeecb0fcb718eabe86ff4593d8772f67adaac7ec2fed79e5fad7
Windows NT4+SP4 contains bug related to long filenames that causes server crashes when MAX_PATH limit is exceeded.
d8aa65c735eefe9b788e4821a707c183f4f02eaa498cf33b9a5227358af88fad
Yet another timezone problem with Windows NT4+SP4. Several possible solutions included, but the REAL answer is to use GMT/UTC exclusively.
a810903e23fde3daad58e307631ff9153422f165763343672ca54cc3a74588f2
Denial of Service attack *appears* to exist with Windows NT4+SP4+RAS. Exploit description included; the actual configurations/versions affected is not yet clear.
9cb4c385924afbe6e129b46abc3a957fc6ae64a524822b906ab9defe0ff6425b
Security/Privacy vulnerability in Microsoft Outlook Express allows anybody in "internet zone" to retrieve privileged information about your E-mail. Exploit script included.
fe27aeab04ffd226f46c59ca51232a15037965abe56fca003a5fb007fe28541b
Can somebody find a Shopping Cart that does NOT expose customer credit card data? Perlshop (www.arpanet.com/PerlShop) is also vulnerable; add another one to the growing list of e-commerce products.
5c44b4ddbe285c59f6bda948f7cbf194a152852eada3cb25dd9bc4badadc2c38
Buffer overflow in Pine 4.xx can be used by local user to gain increased (possibly root) privileges.
4d667da2a7f9951830df2826cc547f1c377b284273037dbd8e4a6376c8195d73
Lockfile vulnerability in Pine 4.xx can be used to launch local Denial of Service attacks. Exploit code and recommended fix included.
1327f1a468be8dc7f998d2bd42107145035f12cd1c99c14b6481ed452ef03e8f