Apache Tomcat Connector jk2-2.0.2 (mod_jk2) remote overflow exploit that is Fedora Core 6, 7, 8 (exec-shield) based.
42513b4843afdb23595cd7a871eeca6f
Apache Tomcat Connector mod_jk version 1.2.19 remote buffer overflow exploit for Fedora Core 5,6 (exec-shield).
7237019e79ecd2b7a54187bb77cd1af4
Fedora Core 6 (exec-shield) based Webdesproxy version 0.0.1 remote root exploit.
9f1800894ead4793a02e0a1bfcaa650f
3proxy version 0.5.3g proxy.c logurl() remote buffer overflow exploit. Uses the reverse connect-back method.
88c2dd6160b7a6b3c9f6f8697c7219f6
Fenice OMS server version 1.10 remote root buffer overflow exploit.
5332710197aa081c6d97686d14b3152d
Fedora Core 6 (exec-shield) based GNU imap4d mailutils-0.6 search remote format string exploit.
b2617db887c9dcb1ffd81f8123dd5738
Whitepaper titled 'Advanced Exploitation In Exec-Shield: Fedora Core Case Study". This is an excellent paper and is in both PDF and text formats. Please check it out.
73c2ca5aeeb6801b9799fe7003203043
ProFTPD versions 1.3.0 and 1.3.0a local overflow exploit.
e1ddb5fd4879cb1644845b2170583de2
Zeroboard version 4.1 pl 7 is susceptible to cross site scripting attacks.
840c2676bc4c48b8f8274afe64263bb9
Global Hauri Virobot is susceptible to an authentication bypass flaw.
0639d51c4366de335eddf6cc2e229776
Snmppd is susceptible to a format string vulnerability.
02c8e09228f0fb818c6d1a9f32266bd7
Snmppd format string vulnerability. Snmppd (used by / with Nagios) may contain a format-string vulnerability in unsafe syslog() calls.
37deecb480480697a0e9cc7a9aaf3096
GLD 1.4 remote overflow format string exploit that binds a shell to port 36864.
e55ef2d56dc9463377fb00e6f3cac699
INetCop Security Advisory #2005-0x82-026 - Multiple buffer overflows and a format string vulnerability live in GLD versions 1.4 and below.
cca612224a7d03de78d7b9f49fe96634
Sh-httpd v0.3 and 0.4 contain a remote directory traversal vulnerability involving a wildcard character which allows attackers to read any file on the system and execute CGI's. Patch included.
0a6560a983f4d7c86c1eb4c1f8375ba8
wuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here.
e32262b59b2c437a042a9c44f585e779
wuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here. Win32 version included that requires cygwin1.dll.
d51a154c43964e9060e022535d454572
wuftpd version 2.6.2 remote root exploit that makes use of the off-by-one vulnerability discussed here.
ba62e7c09104708dc6d95e0c0e6ccbea
New version of the DCOM remote exploit that uses a magic return address.
3c971c900f29a65fc93e7c0dd596382e
INetCop Security Advisory #2003-0x82-018 - The GNU bug tracking system GNATS has two bugs that exist in the pr-edit (Problem report editor) program. There is a heap based overflow when a user uses the -d option to input a directory name under version 3.2 There is an environment variable overflow vulnerability in version 3.113.x that will also yield root privileges.
ebc815caa9bbe255fc983c4395f2428d
Local root exploit against GNATS v3.113.x that makes use of a heap based environment variable overflow vulnerability. Related advisory found here. Tested against RedHat Linux versions 6-9.
c433613d79f8fd6493b48c10d8b30e3f
Local root exploit against GNATS v3.2 that makes use of the heap overflow found in the -d switch. Related advisory found here. Tested against RedHat Linux versions 6-9.
39b4e56f07ade73a703b6eada24cb533
This paper goes into great detail describing how to utilize format string attacks with limited buffer space.
c533bdbebb1fc4a96cf43dbff879cdc5
INetCop Security Advisory #2003-0x82-017.b - New versions of WsMP3d are not patched against an old remote heap corruption overflow vulnerability. Remote exploit and advisory included.
fee1e5ee6009d22f0754405163419c14
INetCop Security Advisory #2003-0x82-017.a - WsMP3d, a web server that streams MP3s much like shoutcast but is GPL, suffers from a directory traversal vulnerability that not only allows viewing of files outside of the webroot, but allows for remote command execution as well.
1ff2d86a592f92c1751dc263dab6ada1