Exploit code for Denial of Service attack against Windows 95/98/NT machines, based on Windows handling of ARP packets. Requires the recently released libnet-0.99.tgz.
3e8ad95eeeda991fe8283e9386d7bf68cdc57de7b2e137c481c3cabe18857634
Security vulnerability in all versions of procmail previous to 3.12 contain heap-allocated buffer overflows, allowing remote attacker to execute hostile code, and permitting any local user to obtain setgid mail rights. New release http://www.procmail.org/procmail.tar.gz available from author.
3622146ea1f122a38d88acb3a0514379b5aa09ff8bc8bc4b15849af7b796013f
Security vulnerability in procmail allows local users to dump the contents of any file to screen. Exploit description and recommended solution included.
18c3fda4974df0366e5010c618f75f59865a05072c074e2b07fd63efc1624cf4
QPOP v2.4b2 remote root exploit code for FreeBSD 2.2.5 and BSDi 2.1.
45641082f94fc06725b3687f1e50999274016f4cce17d631c59e582e6b2bbabf
Real Media Server v6.0 stores passwords in plain text in a world-readable file, and the G2 web admin "feature" stores passwords in plaintext in world readable access logs available to anyone.
406ff86587e0180d4d60d0411373fae8927b3fdb4d766fa32b4244012ebf9ed3
Security vulnerabilities have been identified in various packages that ship with Red Hat Linux, including pine, mutt, sysklogd, zgv. Upgrades are strongly recommended; instructions included.
4adc9bbee50aa8dfa27d2de062a86036d32c854305a9500c35711c9df05ec83b
Security hole in RocketMail webmail service allows attacker to take over user account that has been inactive for relatively short period of time. Personal data, addressbooks, and other info compromised. No fix available yet.
cf5a27d9c7c2a62a972f9471adf57307bc0547aaec91f13e21894eb507ae9d6b
Directory permissions bug in all versions of rsync rsync v2.3.1 rectifies this security hole.
ca95edada474e3583ce900f5731958e38ada4fea117087bac9c95de6af94f7ef
SCO TermVision Windows 95 client uses poor encryption (XOR), leading to potential compromise of all user accounts, including root.
4a6c7be52a22574bab1902d8ba9503919ad5e989f4dceba1130fd2937883e78a
Local Denial of Service attack exists in Sendmail v8.9.1 and earlier, allowing malicious user to fill /var/spool/mqueue partition and prevent sendmail from accepting connections.
a8312c580465db664bcc23b3e7aed389e59017aba24fbeea73ca58088a36f565
Security holes in various commercial and freeware shopping carts allow remote attackers to gain access to privileged data, including customer information (names, addresses, phone numbers, and credit card numbers!). Lists, details, and exploit descriptions of all known vulnerable shopping cart software included.
739bef0035b2886f13c5cc66f4ed561333751c78398354b74dece63ffcba485b
SiteServer(SS) 3.0 Direct Mail(DM) software for Windows NT stores passwords in clear text in a share created with full control permissions for all users.
89b8d61c096c771a08c9c4bcd57aba814326eae7772798aab8d3ab03a491705e
Exploit code for severe local Denial of Service attack against sendmail (up to 8.9.3).
cbe2098cf55e51505eed7c3bbc4121548565c9835696aa4d4e7ea36a80337979
The old Solaris ff.core *still* exists in Solaris 7. Non-privileged users can gain root access, overwrite files on the system, etc. Recommended solution included.
2f5d542b796841e34660977152a8d9b39d4b5f414a72ce25996588e87232b945
Anybody with access to your snmp port can access your entire mib tree. Vulnerability confirmed for vacm ucd-snmp v3.52 and v3.6; suggested workaround included.
45c5b6bd659b705deb335bcac378a053b9c0ac4ec57001b0920ece0007d40bad
Virtual Network Computing servers using VNC software produced by mimeflood.pl. Submitted by 0zZ.
a6575f5cc495014dd85b7ec2dd30364a152c7428484475b5e56708486c958aef
Yet another vulnerable shopping cart system??? Webcart, by mountain-net.com, reveals entire order logs, including customer credit card information. The included response from Mountain Network Systems makes this one an interesting read.
b03fd9e4c1147a92bf4c2f5325f186c5d85fe811b5548566b8bcf3fc4a857dba
Webcom's (www.webcom.se) CGI Guestbook (wguest.exe and rguest.exe) has a number of security problems that allow a remote attacker to access privileged files on Windows 95/98/NT web servers.
13a39921570391acfba3f044bc161e7f9924cd8fb94ef8bcef00b425949bfd43
WebRamp Internet access devices are vulnerable to Denial of Service attacks that allow an attacker to either crash the WebRamp device or change its IP address. Vendor upgrades that rectify the problems are available.
a4c688516b3b2cd22d58deda360b5b816da345535429d6134a8d3e1802464cd1
Exploit code for Denial of Service attack against Windows 95/98/NT machines, based on Windows handling of ARP packets.
a49a3da40bb93100f517660bf8bfb69a30d1722bf4c620c573037735230e35bb
Handling of ARP packets by Windows 95/98/NT allows attacker to execute untraceable Denial of Service attack. Exploit description with ARP packet construction information included. No fix available. example.cap
03d0b9f1fd7fd2d11bd39b21f0e7d9060b36ab043bcc48b111457550bec736cb
Numerous WinGate 3.0 vulnerabilities allow remote attacker to read any file on system, decrypt WinGate passwords, and launch Denial of Service attacks. Exploit descriptions included. No fixes available yet.
b98e37a3a2b957609e098cdbe2c75de1f2dcf4cc5e84e004dc1facdca4170c68
Security vulnerability in Winroute 3.0x and Winroute Pro 3.0x allows remote attacker to easily gain full access to the admin proxy server, bypassing authentication effortlessly.
ee8caa007f6c2626b9b3c0cb4e2278f374388d95c4532ab07d7a2c0c669709fa
WU-Ftpd worm now prevalent "in the wild" creates backdoors on vulnerable WU-Ftpd servers. Exploit descriptions and partial exploit code included.
91dedf1b16526803940b1ca074e71a684be00dc173446550813061d5d0a80a07
The /tmp/.font-unix directory created by the xfs (X Font Server) program can result in local root compromise by a non-privileged user when xfs is executed by root. Suggested fixes included.
70c80b0df726ac2c1dae12e7cc8ac398ab7df03e71adfcf678de9ef6a722f9d9