Very simple shell script exploit code for the recently discovered xfs security hole.
c1ce65f6a9e3979b3ea53e5ab6dbad1f85f51fe41e24929b7742303e909024f0
Russ Cooper of NTBugtraq provides the most intriguing corporate trojan/conspiracy/coverup story of the month. This is really simply too far out to believe, but then again, do you trust Adobe and NAI? Whether this is true or not, it damn sure makes for interesting security news, and Russ has done an excellent job researching the whole wierd and unsettling saga.
5595a566adcdbef0b7765764a3a0f34412cba6762b9a74420e8574e16f2730b1
Exploit code for local root compromise of AIX 3.2.x and 4.x via Infod vulnerability. Vendor patch information available.
f1a20104206d132b253a0d25c9d71cd9cc61181b2c645a18ab4fa2b88919ade9
Serious security holes in all of the major anonymous Web surfing services allow web sites to obtain information about users that the anonymizing services are suppose to be hiding. Java, JavaScript, and ActiveX are the culprits. Many proxy and firewall services are vulnerable too. Exploit description and code included. Recommended solution: Disable Java, JavaScript, and ActiveX.
3fa14c1a52d3de99775fa1885e801d5e43be6bf22ec1ec4c6e35723d9d67954b
Anyboard web forum contains vulnerablity that allows anybody to retrieve admin login and password.
ebfa418d01c32c313e86ab0bbd91c3c84a8b3509b739e42d2bcaa2550dd7b307
URL Crash Bug in latest versions of AOL's Instant Messenger provides yet another way to launch Denial of Service attacks against AIM users.
b0d093f25cdfc5a5cf5093c931e96e78038a491983e30a01634c9d35c9777d2e
Prompt parsing vulnerability in bash-1.x opens up numerous potential exploits. Suggested fix and patch included.
b7bab12f0ef967d41db381e5b7e6713516708340affc08bec9c55a5f8ab169bd
Security vulnerability found in Big Brother v1.09b/c System and Network Monitor for UNIX, in which sensitive files can be read via web server. Upgrade to current release or install patch. Vendor information included in advisory.
f91b0ddcf832e53532927d85c362b6f00bcc31a853ea338b48f17017c20575a2
BMC Software's PATROL Management software allows remote attacker to gain administrator access and execute Denial of Service attacks.
fc248b2b7a8b42d5db1859015792a1f79a2aa71877075d4c2a0c83cff38fa24b
BSDI IMAP2BIS remote root exploit code.
9dabbb577528acf44ddc0c335c9ce313f861050c6a08575c61f990a97012f0c7
All versions of COAS (Caldera Open Administration Tool) previous to coas-1.0-8 may make /etc/shadow world readable. Vendor solutions and upgrade information included.
fc34ff51f6f40b67054ae729042ed711e9cee7849b9b0be4cfc24c4c21f3fbd2
Security vulnerability in Cold Fusion Application Servers allows remote attacker to download, delete and even upload executable files to a Cold Fusion server via the web interface. Access is not limited to files under the web root. Vendor patch available.
b44faf764c3b7bd0c132b9b88165e77477a775c0c3dfd50512b141aaa4f825a7
CGI scanner v1.2 scans web servers for 35 common cgi security holes. 6k. Updated, modified, and recoded by su1d sh3ll.
28f9a07f62a4c384ee2af3780d3d294bbe70c69431321dc56b5c183248e77cdb
Latest release of the CGI vulnerability scanner, now with checks for 41 common CGI vulnerabilities.
9aa2f1eb5c3a0c6db1f9a257c3180949c6ec3c99d903c9d998f3ed1a83a9542b
cgichk2.c
27cd78001d49c92f5e9f24cd9d71695d9e4e496ef40b7673b2a5c64dd246552e
Updated CGI vulnerability scanner, now with checks for 43 different exploits.
0cac4a6f4646f0d128c55b2dc08478c58e61ddd4c3b8aa87df647cdca41ca18d
Cisco IOS Software Input Access List leakage with NAT creates vulnerability that may allow users to circumvent network security filters, and therefore security policies. Vendor patches and workarounds available.
5940933a631571bbc96c03b8eb7fd27268839d494c6c675df241f5766996160d
Cold Fusion Application Server vulnerability scanner; see Lopht Cold Fusion Application Server Advisory for details.
dc5e02abfd1948bec4222bb9aa38e5b76797524012fc5fa922f5b712ec2ab1e7
crackpipe.c is a program that utilizes the linux Ethertap device to tunnel IP's over normal TCP/UDP connections. Being actively developed.
5e449f0dee5926d3ab0389a1c8a4b1e5f93bb61aef893f3d24d56dce4239fa17
Exploit code for CSMMail Windows 95/98/NT SMTP Server remote buffer overflow condition. Root compromise. All versions of CSMMail affected; no fix provided or suggested.
ef690e898416db5771458f59f27326b1380ce979a1485c33c99dc60b643b2b5e
Bad month for e-commerce, eh? The Cybercash shopping cart software, by cybercash.com, exposes customer credit card info and admin passwd and config files in publicly accessible directories.
a3e9c8e348be7d73c256063664c2dcc041ac6f0e73e2e01793bf64aa607b2db4
The Apache and Boa web server configurations shipped with Debian allows anybody to access web server cofiguration files and docs, and even permits local users to browse through other user's home directories.
edea4609d0d991c28f9e7cfcfab299b910020d4416fffb68fd13ade2afc516b2
Digital Unix 4.x contains security hole in /var permissions allowing potential root compromise.
e0bcf4ae26d639e3ea0f0c7a4342cafb060d377a22072c9bdb1b8c85b823a347
Security hole in EBay's on-line auction web site software allows attacker to completely hijack your account(s). Full exploit description and code included. EBay solution: None (they apparently don't give a damn). Viable solution: stop using EBay.
711fa7b8e70770619210378fc3f4155a21e8fba9a501f3213444feebebcc18de
eGROUPS mailing list service vulnerability allows anybody to approve messages for moderated mailing lists. Detailed exploit description included.
31cc33d9f43200acd7ef535d1043464e39a46237facbaa1ddc648408ed20a346