Working Solaris x86 /usr/bin/mail exploit
a711668cc0d9690ee75eb24dd2d018bd428e023e5b49e67478bbd7fdca690496
Linux exploit for w3-auth authentication module from mini-sql package.
77c6fbba1d688a2dfe7705ee48d1a1110575cc153310572836ed7f7e75aed9f7
IE 5.0 vulnerability allows reading local and remote text files using "download behavior".
9c5b7796afb25afd1040621f831f7be4ec6b5c7e8506d7372f58c92c1b086fd8
Remote buffer overflow in ftpd under AIX 4.3.2 running on an RS6000.
ab25d3859b9281678d4180181543c1f449090ff51c3881d1cf30f6005544d376
Apparently this program will give you any privileges you like under NT, any service pack. We haven't tested it yet, but it looks interesting. The instructions state: simply run Abaddon.exe, and answer the two questions that are asked (You can change them or leave them on default), then press OK. We highly recommend you add yourself to the Administrators group while your at it, but of course, it's your choice =). You'll become what you chose to be the next time an Administrator logs in. Dont worry, you'll be warned of what you became =).
3fe40d45d88c7a7c219fda19c40de4f3fce8041ee2a0ae9c66e5d3c8b16e964a
The unsetenv function in glibc 2.1.1 suffers from a problem whereby when running through the environment variables, if the name of the variable being unset is present twice consecutively, the second is not destroyed.
e95f036725c67eeb8bbbae8a91e4c1024e21dd154ce64c42d89d5f8972a412d8
On SuSE 6.2, /usr/bin/pb and /usr/bin/pg, suid root by default allow any user to read any file on the system.
bee33e1b284d9c26735967f8e5656a85d2c39e8e862ab38ebecde0fa73eb1db0
A fully functional unix virus that will infect your manpages when started
7a21d58433fa270c7e2dad8c566f8df79a0b4d09c4e1d0864c08a4f8b8dd1733
/usr/bin/sccw contains a bug allowing a local root compromise through an overflow in handling $HOME. For Linux x86 tested on SuSE 6.2.
1a4ba5966711dd2350d5c844fc2fd33fd80a54d53e53c1833f89d49d306a2a05
nlservd/rnavc local root exploit for Linux x86 tested on SuSE 6.2. Exploits Arkiea's Knox backup package.
20ae153167802687c55fbf998a0f2a1a04c7f30f5207c19ae0ed3a19f237ebeb
SSH 1.2.27 vulnerable to a denial of service attack
52db1d05b27b6f7d8b74feae305f307c509b18a2db01b105867f9738c709aa92
SSH has the option of setting up "authentication sockets", used to pass authentication keys securely. When this is used, a socket is created on both client and server machines; the socket created on the server uses an often easy to guess filename (based on the PID)...
75491b9d176b71151fc9e9366f1486cb0fe9a8525c93ee0c5a2c52acb43f9ff4
Local root exploit for Solaris 2.6 through ps and way it handles $LD_PROFILE.
f506a2474914c827ec7a0c0bf71a2c49ecf7efebc987a21b65784bbd6935e068
SCO 5.0.x exploits for scosession and scoterm allowing bin/root respectively.
a61174f64ded7a55fac1aadd1f8c4b9fbd79b7bfc3f5f36cdf34cca15ae44bb3
root exploit for the ProFTPD log_xfer() buffer overflow.
db92d949feac85635925af2c68c4a2d9061dce0a00179e24c9161365329e6f94
When lynx calls external programs for protocols (e.g. telnet), the location is passed unchecked. This can be used to activate commandline parameters.
2efb9a7b590a7fdfbaaf65d327cae8fdd80728736bce172044d775dd8f2118a4
proftpd 1.2.0pre6 patch
5bdc9aa9e1d57b44dbf88aab490454e6434e8ff5c0144e794f2d95918ae4b618
Virtually any program using the GNOME libraries is vulnerable to a buffer overflow attack!
27f7d493a0ad77755b1b1284a650c04745451802d22a2093bee4bdecf5682a29
FreeBSD vfs_cache.c in version 3.0 and later is vulnerable to a denial of service attack as there is no way to purge entries from the cache.
bd076457f63ba433e668902ae2abeed4b04f14b8d13e7b4cff6f2455d620f582
fts library routine vulnerability. Local users could gain root access.
ce67cec1e5bb2748fc8ef9819ef8460f79229b6f4d78e7caeef04af037340737
The dtaction vulnerability in CDE can be exploited for local root compromise on Digital Unix systems. Also verified for Solaris 7, 2.6, 2.5.1.
08bb78d647b3cfbf293215485277311b70d46215f6a653d950b61923933445d6
cfingerd version 1.4.2 is vulnerable to local buffer overflow attack through not checking the gecos field properly. Exploit for FreeBSD provided.
a9308af867b771b47b698b1ab88fa06596b04bd7896758bfc21b5aca3cf68770
Patch for amd. Prevent remote users from executing arbitrary code as root in the amd daemon context.
90eb9d58c8d1ac2665e015cc26a337f33de00361023b565d00bf182ab2bf0db0
Several ActiveX buffer overruns
13bd59cd10996e713aab1f5b0125964949f126215dfa17b70e3575a56425c3ef
Linux loadable kernel module backdoor for 2.0.X. kbd is a nice little backdoor that allows root access by modifing the SYS_creat and SYS_getuid system calls. Usage after insmod is fairly strait forward: 1. login as a normal user 2. host:~$ touch foobar 3. login again under the *same* username 4. the second login session will be given root privileges 5. Remember to repeat this procedure everytime you plan on using the backdoor. To keep this covert, the special uid resets after root is given out, this prevents the legitimate owner of the account from receiving a suspicious root shell when he/she logs in.
8ae30ed612db9e4ee01490102ccbc464f01e2f47f0852958d1b8e0b2c215d1c7