When scp'ing files from a remote machine, the remote scp daemon can be modified to overwrite arbitrary files on the client side. Scp from ssh-1.2.30 and below is vulnerable. Proof of concept scp replacment included.
c83fdb97397307f495d1cef7e5ab8dc8f8740692dccebe8deaaee85d3f5a2fe1
BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
e24169f769ff08b95674ca0b151e7ca48901eed39216c7984e0e4d0e2e4797ae
OpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
0871c02f9900cd9d31c6b18d39964674456feb034d0b15de1647853203cc0096
Red Hat Security Advisory - The old BSD-based lpr which we shipped with Red Hat Linux 5.x and 6.x has a recently discovered local root format string bug in its calls to the syslog facility.
68ca43a21f3236c79d794da9e4d510f760089a9d493a6ac04145e637f94c261e
Snort2HTML v1.5 converts Snort Intrusion Detection System logs into nicely-formatted HTML.
c585d4e20fc71f2ee6d79241605c53963ed072a83ff76bc69cb7464c01834cb6
Red Hat Security Advisory - LPRng has a string format bug in the use_syslog function. This function returns user input in a string that is passed to the syslog() function as the format string. It is possible to corrupt the print daemon's execution with unexpected format specifiers, thus gaining root access to the computer. The vulnerability is theoretically exploitable both locally and remotely.
83027cf3896158dff0e111b901dcbc0f01589231168753a60836df217b877264
Crackwhore 2, a basic HTTP verification application that will test website security. Includes an exploit vulnerability scanner and an FTP root crack utility. IRC chat function, language-packs, text export and more features have been implemented.
1e30dcb8eaadbc4ed04814583cb51fc3b09b2fd51eeb524bb2bc169fe85fa391
Easy Advertiser v. 2.04 Remote Exploit. The stats.cgi script used in Easy Advertiser has an insecure open() that allows this exploit to bind a shell to port 60179 running with user priviledges that the webserver is run as. Netcat is needed locally to use this.
3039f45d2afe1dffcacaeeaa10a0cd1ac319430fdfef2be12356e97c5078f50b
Internet Security Systems (ISS) has identified vulnerabilities in several utilities that ship as part of the Groff document formatting system package.
fbb240e9e8f7090ddc8625ef09174331b3b248f794fec3695f392bdad9961a77
OpenBSD Advisories - There is a format string vulnerability present in the pw_error() function of OpenBSD 2.7's libutil library can yield localhost users root access through the setuid /usr/bin/chpass utility. Affected versions: OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and 4.1.1 are safe.
c4dc0e1f0cf54500d97b341679ab07d2223bed756a6b56374ca34a7169f219cd
Microsoft Security Bulliten (MS00-070) - Microsoft has released a patch that eliminates several vulnerabilities in Windows NT 4.0 and Windows 2000. There is an "Invalid LPC Request" vulnerability which can cause the affected system to fail, an "LPC Mempry Exhaustion" vulnerability which can deplete the affected system's memory, and a new variant of the "Spoofed LPC Port Request" vulnerability which could allow a malicious user create a process that runs at the priviledge level of the already running process. FAQ can be found here
5d8c5735773152f383166a43c106f08d4a2aa27f464e7f28a521342c91a0ba65
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
7eb53ae562976f11c699ea7d32f06b6d6652df89793f8b483f7147dafb7bff43