Exploit code for Pine 4.xx that allows local attacker to gain elevated, possibly (clueless superuser) root, privileges.
6190f93c46da23859557dd1a9dd27dc274bccdc97c868e5d2d1079ef802c1300
The Microsoft "favicon.ico" bug allows anybody to use search engines to find and access server logs, and subsequently glean information such as passwords included in cgi script URLs in the logs.
0342a81da35fea51199898d5435e68485778b6cf89b0acc11559f46684bece69
fawx.c is an igmp-8+frag attack for linux, similar to ssping.c, that sends oversized fragmented IGMP packets to a box either making it freeze (WinNT/9x), or lagging it to hell and back. Since most Win32 firewalls dont support IGMP, the attack successfully penetrates most systems, making it much more effective than an ICMP attack which is likely to be filtered. It has successfully crashed NT4.0+sp1+2, Win95, Win95 with ConSeal PC firewall blocking icmp, Win95 with McAfee PC firewall. It also passed undetected through ipfwadm and ipchains (useful for flooding).
3bceefae0c99f8589c025cb707a2813f18fb5385a697fd53eb3a30be6fce1021
Ffingerd bugs compromise user privacy. Exploit details, patches, and upgrade information included.
ac2cb9d5d70cc16b5cea6bc7e1d26472edf9489b488ec79023de3ad4d48c8567
Security Holes In FileGuard 3.0.8 file protection software for the MacOS allows anyone with guest account access to gain administrator privileges and access to ALL files.
d30b0ace07c9127553b40b6f9b093814c9d1d6b26296018f0a52eb9ceca0e436
FlowPoint ADSL routers have a universal default password that allows remote attacker to gain complete control of router if password is not changed.
5adc5414234a74fb3f9ea91e68b54190b85f2ae0d5ac6e94f96f04a21ccc5ebf
Fooling Foolproof Security: A very good description of how to bypass FoolProof PC/Internet security features.
d1d4abad86a8bdafe9151ab3f34fbd6a643c66a76d57b136e0f80bf2e4c6a43a
Windows FrontPage 98 Server contains another simple Denial of Service attack. Exploit description included.
64ab70344e7db4801b243bd86c27d183be68a4feaf1e86c7815412b193d3529f
'random seed' security vulnerability in FWTK and Gauntlet allows attacker with shell access to the authsrv host to gain access to any service that authenticates through the 'authsrv' service. Vendor solution included (upgrade to later release).
236dbdb0f446367394c19b9f4d96398bf1f3bb5274747e02c11336e9e67e28b4
Several free form data mailer scripts allow attacker to steal Hotmail passwords with a simple javascript-based exploit.
a1c7e928499cfff2ee1f600e5c5080e5fe3b55c701ed9863acb8341ba1d8d96b
Security Vulnerability with ftp on HP-UX 11.00 and with hpterm on HP-UX 10.20 permits users to gain increased privileges. Vendor patches available.
7e4bff979f49830800642c9aa2eea1aca314486cc168c87eb3261c4a59b221b3
HP-UX (various versions of 10.x and 11.0) security vulnerabilities in MC/ServiceGuard, MC/LockManager, and Domain Enterprise Server Management System (DESMS) allow users to gain increased privileges. Vendor patch information included.
66cf03fd96d2ed93d30f4083ae82b267e1ef06343a297256e23baeaff1553cda
Cold Fusion exploit template that allows remote attacker to upload, download, and delete files on vulnerable ColdFusion application servers.
a4313f1276f811245e01ebb7b4a81664ef7cb75c5a0c5eaf761d6fd92b0abfab
Source code for a simple program that exploits a vulnerability in Wondows NT PE loader, causing a BSOD (Blue Screen Of Death). The program does not need any special privileges to run, and can be hidden easily. Windows NT4 and NT5betaX (any and all patches) vulnerable.
7b0435ce20971f9aa5af9f78ae7f511eaa4d3cf2dee91fb5d61bd8a6e724263d
Novell Remote.NLM password decryption exploit program, with full source code included.
bb2f8b25e102ba27f111488a78118a8bdf72b8b9e38e2d7a5972bc9018c1743b
Root compromise exploit code for the Internet Security Systems Internet Scanner buffer overflow.
2f06a903cd863a88e4b287859507123fa73df24a416a88c5817843286f09b3f1
SDI wu-ftpd exploit that allows attacker to execute commands remotely as root user if write access is enabled on the ftp server.
4a62025f90ef96afbb9315bd885e7302a57c733eb1fab8ec12db9baed9fc10e7
Buffer overflow in Internet Security Systems Internet Scanner allows non-privileged local user to gain root access. Exploit code and temporary security recommendations included.
f9112bc87aa83e839215963a588e888c6721a945a072cc9d694fe203d13e61d1
Exploit code for local XFree 3.3.3-symlink root compromise. Tested under FreeBSD 3.1, but should work on others too.
1e6853bc65155c6e73b43ac55a109df496be3b3a7ae8a1240d4a67d0467640c5
"Features" in Xylan OmniSwitches can result in Denial of Service attacks and access by attacker to privileged information.
6e2037179bc9d49348f7c5804b4ec51e77877c4dee9fb3cd79ed0a7188a7880c