Bug in pine 4.20 below allows pine to execute a command mailed to the user without the user seeing what it is by Jim Herbert. Includes commentary by Pavel Kankovsky on how it is still not fixed in 4.21.
3666f88135de094542fb169ef70fc2338e61507c7e7fe1ec4be8e3b8ec7d257e
Riched20.dll, which Microsost wordpad uses, is vulnerable to a buffer overflow attack. This paper gives lots of detailed information on of exploiting this vulnerability.
3f1b59360021dd122d37fd44d66487de0c4de9144e6bb58b16b27327eed42ef1
Internet Explorer 5.0 under Windows 95 and WinNT 4.0 (guess other versions are affected) has security problems with HTTP redirects in XML objects. This allows at least Reading any (local or nonlocal) XML file and any wellformed documents, Reading parts of documents, Checking for the existence of local files, and possibly reading arbitrary files. Exploit included.
5b6c27497f657cb808f65f63aae3c8ef89936dfdab9b4da93b59f14c50255ef8
Exploit for vulnerabilities in sendmail 8.8.8 which hijacks incoming mail and saves it in /tmp.
bafadc740b0a5f08f59f80e1deefd74e1785d438413907c07207f431886905b3
Integrated FTP attack facility. Remote exploit for wu-ftpd 2.5.0. Explains how to find the offset if you have the binary, and includes offsets for Redhat 6, Redhat 5.1, Redhat 5.2, and Debian 2.1.
5f3e182f8921a74a73a9d092c32adf6a628d50cdd4fa2d0665dc1ffb78405e19
The Vermillion ftp daemon (VFTPD) version 1.23 has a remote DOS attack. Example included.
364eb73941cc98cd5a2bce052f4c3f604902f79f987368276c4c0288d9a0028c
CGI vulnerability found in meta.pl that allows a remote user.to view files on the system as the UID of the httpd server.
b7f7521aa7e1a5c8863f05860d8a9ccf5f935deae7fdd07e63ddbf8b161b997c
HP network printers (tested on HP LaserJet 4500) crash when given a URL loger then 256 characters.
d123734b6144ec16fede7b2f3f1b576848b20cada113ae27077f9c444a9ea6cd
If proftpd has the mod_sqlpw.c optional module compiled in, the last command will display passwords instead of usernames.
ec7d82abc3be27d87dddd381e6122c6d188a6c5e42de20b16c051adac8a7c83a
ZetaMail 2.1 POP3/SMTP server is vulnerable to a buffer overflow caused by a long username / password. Binary / Source for the DoS exploit here.
05ab8f61d142aacfec12a6ab466acd75890a08dc2d75bd8809207b0e15a17a65
Lynx has mechanisms to avoid spoofed 'special URLs'. The protections are insufficient and can result in local compromise.
572c27a381354f90a31a76977dccc10442db4065337602fbc6a83efbba50ffb1
Remote DOS Attack in G6 FTP Server v2.0 (beta 4/5) caused by a buffer overflow in a long user name.
10a81014393e2e851e86f1b981ebf6ad5d458b73177cd286b8726538c086aa92
Cgitest.exe CGI is distributed with W4-Server2.6a/32-bits has a buffer overflow. Any instructions can be executed on the victim host by using this buffer overflow exploit.
152b3ef6e55079125a83e4cd6e9842f7de802388a4ca59dc948071470fdfe4af
DeleGate 5.9.0 remote overflow.
30642c0d094ab7bf796632ec2992a7147c5d28d2f0a2c746c0c9cc62f2186936
NetCPlus SmartServer3 POP 3.51.1 Exploit. Windows binary and source code included. Spawns a command prompt on port 666.
3238b2a6cb153549cf675abd04b8822306e36d2bba966fb91a9d003d385162db
A remotely exploitable buffer overflow has been found in ssh-1.2.27. The problem is the length of the session key is not checked. Multiple platforms are vulnerable.
0a85e8ff5334fd6c730fcbee204b3fcbd601aa00b5176eb6e14ee47c1a17e5db
ADM named 8.2/8.2.1 NXT remote overflow exploit. Includes shellcode for linux x86, Solaris/Sparc, and NetBSD (with and without chroot). Slightly broken to discourage script kiddies.
e34031f3f343e58dd2155719b49f877be36a74f1455787d8c32c17baeacace25
When patches/fixes are applied to binaries on UnixWare 7, the original, unpatched binary files (with the suid/sgid bits maintained) are stored in /var/sadm. By default, the permissions on this directory is 755. This allows normal users to execute and exploit old binaries leftover from patching.
ddcc3aea580eae13df34903d75ef698ba2a71c314c68aee75fb50df4903aaa5d
FormHandler.cgi uses hard coded physical path names for templates so it is possible to read any file on the system.
982f352a5e509b2e9e1fc85b0d6714be542e0e546c96f5882dc578ee003c3f13
A bug in the processing of NXT records allows attackers remote access to DNS servers at the priveledge level that the DNS server runs at. All versions of Bind below 8.2.2 patchlevel 3 are vulnerable. Updated with a little more detailed information about the bug and the handling of NXT records. Advisory from isc here.
0f62614994f9e3c303188367fb4933c80f550e5e69a744404d32c72ec099ca7d
There is a buffer overflow in NetCPlus' SmartServer3 POP3 server which can allow a remote attacker to execute arbitrary code on the machine. Affected are windows 95/98/NT machines running NetCPlus' SmartServer3 program with the POP3 server started. The version tested was 3.51.1.
33c1d77e009be8792bfdf0e14f137ed0d95f798035b257ffb85809fe276c7cff
ISS Security Advisory: Multiple Root Compromise Vulnerabilities in Oracle Application Server for Solaris. An account on the target system is required to exploit these vulnerabilities. Oracle Application Server prior to release 4.0.8 is affected by these vulnerabilities.
efb4afb5de23974d9b3bcdbaf09f000d1e0757705e82f4e88a4061c72070a989
When installed out of the box, XITAMI allows all users to access a sample CGI program called TESTCGI.EXE. This program outputs a lot of information about the box running the webserver, such as environment settings, various directory information, current user logged in etc. This information can be usefull to crackers.
e490f819bf469767694bdb66cc208f53decd72b89aa917eb62974baf262b8b50
Bug in Windows Mailgate 3.2.114. DoS exploit included.
daefc728e283d08cd3bf532ae4cbf6df50665d7e9d17bf2433f3f72d65db52c0
rpc.nfsd2 exploit for Linux.
6fc116c5392ead9489a303becab2008d6ff235abdd986aff52bc4057fd75746c