Two remote issues were found with the Novell Groupwise web server. The help argument will reveal the full path of the server, and any .htm file on the system may be read with GWWEB.EXE.
6e8012dff3fa95418285c4ea3cae3829f2c00f863699c100e3f2cc66339f2aa3
Remote DoS attack in Symantec's Email protection in NAV2000. The Protection program leaves a pop server running on the local workstation NAV2000 is installed on, which is vulnerable to a buffer overflow in a long user name.
aaccfd8e405ec8b7ba562a2709ab7e65d5140e07269bdaa79017d2aff4dbcb5d
A vulnerability in linux 2.0.X allows local users to crash the kernel. Exploits missing option length checks.
dd9f0fac7e12433fc0f3f39525e139a3db1e9cc38a3334c7305d23225438da86
BindView Security Advisory - Windows NT's SYSKEY feature. SYSKEY does not fully protect the SAM from off-line attacks. Specifically, dictionary and brute-force password cracking are still possible, even when SYSKEY is enabled and the attacker is not in possession of the SystemKey.
ed21462fc63b5f9e8702adc0dc85afa7134cb844786d5211b01a9c25a543ad2d
Vulnerability in HHOPEN.OCX that allows the execution of arbitrary code with IE5. Includes test exploit for IE5 5.00.2614.3500 on Win98.
db5b19bdf3c0cd8a9d6cb02b3858e54238509ca2b03ec61c2ca6bcd18c23352e
Infoseek Ultraseek 3.1 for NT contains an exploitable remote buffer overflow. Versions 2.1 through 3.1 are confirmed vulnerable. Patch available here.
42d3dd3af506ffa70f60f249dee703eed3fb14029aca516d36676438db7fae7e
Exploit for SSH-1.2.27 compiled with RSAREF2. It was tested against sshd running on Linux (Redhat 6.0) and OpenBSD 2.6, from a Linux Redhat 6.0 box. The exploit is more or less "script-kid-proof" since if it doesnt work a bit of debugging, coding and probably crypto skills are needed to make it work. More information available here.
f5d81f91644fc5cbc5d955dffdf2e9e49303cd9490296a806aef8229ac7c24a0
A vulnerability in FreeBSD 3.3's xsoldier will allow any user to gain root access. This user does not have to have a valid $DISPLAY to exploit this.
411e25fa4d0f8f1546ae437eca6b7cd89ef9c9556cec361f9418db59086b8ed4
UssrLabs found a Local/Remote DoS Attack in War FTP Daemon 1.70 the buffer overflow is caused by a Multiple connections at the same time.
4fe5c91f900a82f28a23b3518e64d52b7b78204ea047b6da7a1533bda5ab17be
sadmindex - i386 Solaris remote root exploit for /usr/sbin/sadmind. Tested and confirmed under Solaris 2.6 and 7.0.
919febf8476775414985f61514eacb43aa1821422016026451ad20f16fb62911
sadmindex - SPARC Solaris remote root exploit for /usr/sbin/sadmind. Tested and confirmed under Solaris 2.6 and 7.0.
196eda0c3347ef56a67b27125b8b617bf684f8578d287869f81b8fc38d268331
Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. Advisory by Alfred Huger
b67b24a58f09ccb33c44515104ebe4f95d111c6a0fd71af7c651a4b4bf8ae19f
Whois.CGI - ADVISORY (hhp) Hole in several known/unknown vulnerabilities in Whois CGI packages. Affected are Whois Internic Lookup version 1.0, CC Whois Version 1.0, and Matt's Whois Version 1. These versions allow execution of commands due to lack of shell escape character parsing.
2360cca9573c4bd4934cb2e44e71bf956a22efa26aedae17ea0768db32124048
A fundamental flaw in SCO UnixWare's security model will allow any user to gain root, read system files, etc. Any process that gets extra privledges from /etc/security/tcb/privs is vulnerable. Exploit included.
e43f1d71568f42ead69639f27b46f790fcc45e7e0ab1b76a9ed368206e498a62
IIS4 reveals full path name because it does not check for the existance of a local file before calling CGI.
83151e7aab34f0807ad2152c87df75da00c744aeea468d27a95bca1c092ca040
[w00giving #8] Here's a new version of my snoop exploit, it seems that it will work on the new patched version of snoop aswell, and actually, the target host dose NOT have to be running with -v. Snoop is a program similar to tcpdump that allows one to watch network traffic. There is a buffer overflow in the snoop program that occurs when a domain name greater than 1024 bytes is logged, because it will overwrite a buffer in print_domain_name. This vulnerability allows remote access to the system with the privileges of the user who ran snoop (usually root, because it requires read privileges on special devices). Remote Solaris 2.7 x86 snoop exploit included.
99717fd62e6c6114deeea939793ba768fffa61af82db1312bc92a5d2d6438cf0
Remote exploit for VDO Live Player 3.02 for Windows95/98/NT. If VDO Live Player is installed on the system and the browser is configured default, .vdo file is downloaded and executed without confirmation. So, if the clients visit the webpage which is written the automatic download code of vdo file (such as META tag) that contains the attack code, the client machine will be cracked by the instructions which are written in vdo file.
f15115d6af33eda19fe9ada84b2ba454b0f0ec8435fd4fa8e073faaf327c2680
Microsoft Internet Explorer 4.x and 5.x - Frame Loop Vulnerability. By creating an endless loop of frames, it is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its probable that the machine will crash and reboot itself. Exploit code included.
24e2bf47adda735c3da3d4b2b7f11aae167e1d5a809fbef07252f7d4c711ce16
eLOL (electronic laugh out loud) is a windows daily joke program. It will listen to simple commands from anyone on a tcp port.
c5238b500873db434a696cebf1329b92d50199c70d662404dd6e9bece2587d7f
Xshipwars remote overflow - Xshipwars 1.24 and below are vulnerable.
570e24a8dbcd431683104d021788b7b6200baf92b06d7840b3ed5ec4190fb39b
IE5 remote exploit - Evaluating "vnd.ms.radio:\\aaaaaaaaaaa...." causes an exploitable stack overrun in MSDXM.OCX. y providing an oversize (360 byte) URL using the vnd.ms.radio protocol, a malicious web site or e-mailer (or...) can cause arbitrary code to be executed on a client machine.
dd2816d3ffe6c85607d9b93df9a0343ac9aaf0904875e3728263fe91333b13be
Many ftp daemons are vulnerable to a DoS when muiltiple data connections are opened. Perl exploit included.
494698fc92b88b92340012fe5f75b91c533820b5dd2184d266290d4eecc25efb
Windows NT, SP4 and below, the logged in users password in plaintext is visable if logged in as administrator. Exploit program included.
ef393b1c31ee295c74d2bfb982a58283a0e01fb5d57528ad651e7b3a7835a665
Yet another wu-ftpd 2.5.0 exploit, which finds world writable directories automatically. Tested on Redhat5, Redhat6, and Debian linux.
070dcb17b0983c82941c323daaf00a487f9924adb8255f6edc18b6260baabac8
UssrLabs found a Remote DoS Attack in GoodTech Telnet Server NT v2.2.1, the buffer overflow is caused by a long user name of 23870 characters.
b4dcc58fec884a03dce61b82c3e2adf4c48d47d5a401906e01cde0d939a9be47