A vulnerability exists in Oracle 8.1.5 for UN*X which may allow any user to obtain root privileges. Local root exploit shell script included.
17d374afd2a8378ded9bbbbbe17182f77ee586f2c4da4eb247fb052a192da311
Exploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
2b98566441d44ba149fafd2b74a9bf4293af462f1fe5b8657c87530b1278ec22
New exploits for November, 1999.
a9b0ae4f3aa4ff26161cef9ef046a6b1bc3c222673bf2dd033d59b249c686ab0
Qpopper 3.0b remote root exploit, tested on tested on BSDI 3.0/4.0.1, FreeBSD 2.2.8/3.3, and Linux.
4838a4454622b456ed9380a043cedb9492cba751e4b9545b07c53e94f1ff6336
Seyon, shipped with FreeBSD 3.3-RELEASE has several vulnerabilities. The problem is that seyon is still installed setgid dialer in FreeBSD, allowing a local user can grant himself priviliges which allow access to anything that requires group dialer, including modem devices.
a9642539381b9b2c0b68f11b82b75f51cf840c23814a843007b8cb83175e7c42
/usr/vmsys/bin/chkperm and /usr/sbin/arp can be used to read bin-owned files. Tested on Solaris 2.6 and 2.7, sparc edition.
f90b3fcc752af63f6b5d54d3b5905eca70e3ace2ce6af776755dca4e9c75ee57
Qpopper 3.0b remote exploit for x86 Linux (tested on RedHat/2.0.38). Exploits pop_msg buffer overflow to spawn a remote root shell. Vulnerability exists on all platforms running Qpopper 3.0 through version 3.0b20.
9476acb99667dd313da9809ad43f391db697c087b2422c7cc4869e455abf12b1
The version of xmindpath shipped with FreeBSD 3.3 has a local buffer overflow. Exploit gives euid uucp.
5d52e1a5419ac5a1c0569f83febf0226fe7e2f7a12ae55f4a5ede2a4ea222568
The version angband shipped with FreeBSD 3.3-RELEASE has a buffer overflow vulnerability. Exploit yields egid of group games.
44b73b99876799ae46c66c8fa966417aafad596ff1a5346c51c0eae2a3e456e5
Delegate 5.9.0 remote exploit for FreeBSD 3.2.
c8b15f8cc3129759828d662578ab2d94ba4d1d03a02a5fce93716cbfba60a526
gdc exploit for gated-3.5.11 included on Freebsd-3.3 instalation CD yields euid=0(root). By default, only group wheel (or whatever your trusted gated group is) and root can run gdc.
daf532f5a241b630b4257fee36d298e5ae539656328096a75c7b55b9f5f48468
Netscape Communicator 4.x will allow javascript code in one netscape window to read data from another browser window, even if the two windows are pointed at different domains. Demonstration here.
78532de37047a0f01fce8f4aff77ba175cc8163011408ee025f978c0e9cea369
There is a vulnerability in Oracle Web Listener where a resource can be accessed when is shouldn't be able to be accessed.
edbaf44df750aefe719e9ff3f21674bad0f77af1f4d13f12053ddc777bd9e89b
remote root exploit for Smail-3.2 (rpmmail). A vulnerability exists in the rpmmail package distributed on the Red Hat 6.0 Extra Applications CD. The potential compromise for this bug could be remote or local root or simply remote command execution as "nobody" or similar, depending on your system configuration.
380aa4640a74c6d87378d77d01c5f3879de78c5d2ef92d148aed6914b118f849
Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability. Example included.
166e3926f91c3a2e6ac734080f583044da08ab40996832679d1591724e4ac3d1
The su command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed.
2f370cc88cadf6efc7b1f8a55d5ae2f5c3b8ce45ae76e772bf81e939d0b03feb
[w00giving '99 #6]: UnixWare 7's Xsco. Due to improper bounds checking, an overflow occurs when a lengthy argument (argv[1]) is passed. Because Xsco runs with superuser privileges, this can be exploited for elevated privileges.
0710e3286329f4ec82f0b43031b6894da9140f1c90cf3c7b571b5b51ad62ad0d
[w00giving '99 #7]: UnixWare 7's xlock. The xlock command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed. Exploit by K2
42dca4082a24f106af872bb2a9c3e695482d75141ae5f77e6e01c1aec727dbff
Bindview Security Advisory: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR). Remote users can flood the ARP table and stop the processing of packets.
85b52a0144618cc558cd1f34d6755e7f885a84a66d835af7ef076846c52575a7
UssrLabs found a Local/Remote DoS Attack in BisonWare FTP Server V3.5. The buffer overflow is caused by a long user name, 2000 characters. Source / Binary for DoS attack here.
b9bf2c6f03b60c09ff76b043f8b7a7aac25a8e062fe0a9217a774ed8d103ddcb
UssrLabs found a buffer overflow in WorldClient Server v2.0.0.0 where they do not use proper bounds checking on WorldClient TCP Port 2000. Denial of service exploit available.
3b1c84dc9f0f7149f35a233e5703823a06da161632fee84d723e133ce1a996a5
O'Reilly's WebBoard software has some bugs with interesting possibilities. Vulnerabilities include unauthorized paging and arbitrary content insertion.
f599b47fd54cd9044b14d6b79b5aec270c167886138278d2b2fbba16cbe89790
The Oce 9400 plotter can be used as a telnet proxy in its default configuration.
7dc17fea3ce18547115679dce3605f71296d6cdbc78e338c5547cbcc1a17902e
Multiple remote DoS vulnerabilities have been found in the MDaemon 2.8.5.0 server. Binary / Source for this MDaemon Server v2.8.5.0 Denial of Service here.
3a0ceab38aea510cb377ea41e4fb2cf7d031201d581401ef812dbd81aa89f4ca
Sun Microsystems NetBeans (recently renamed to Forte') Java IDE includes an internal HTTP server to try Java code. When service is enabled for one machine, the HTTP server allows remote access to root and all subdirectories from any machine. Example included.
9e98d68bcd377235a72ff44e6d0f4d04526bb950706328566c2744fb4832566d