Linux/x86 shellcode that performs a chmod of 4777.
1fe2ea4a81c26110a9f36ab0cd4aa3e7
EPIC4 remote exploit that acts as an IRC server and makes use of a stack-based overflow in EPIC4 versions later than pre2.003. Upon success, this exploit yields a shell with the privileges of the user id connecting into the server.
60364157eaa053fedb0f4fd986a98e85
S-Quadra Advisory #2003-11-26 - FreeRADIUS version 0.9.3 and below suffers from a stack overflow in the rlm_smb module. Successful exploitation of the vulnerability leads to code execution abilities as root.
e0af404d1347c842bb816348e3d130af
My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.
b43abc56c3104b46370ca73811988658
Utilizing the MHTML parsing vulnerability in conjunction with the BackToFramedJpu vulnerability, a malicious attacker can obtain full MYCOMPUTER security zone access to a victim machine.
560f5f3680ade229e1b80ea41d4412d0
A flaw exists in the way Microsoft Internet Explorer performs MHTML redirection that can lead to a victim having executables downloaded and run. Link to a demonstration included.
4a0f22ce33818d4d8b5e8ad0e4a72970
By combining the Microsoft Internet Explorer cache file disclosure vulnerability with several other unpatched vulnerabilities, a malicious INTERNET page can reach the MYCOMPUTER zone. Link to two demonstrations included.
6af73a20bb010072be91f05cc8b71f9a
Microsoft Internet Explorer v6.SP1 and below has a vulnerable download function that can be exploited by a malicious attacker to gain access to a user's cache directory. Link to two demonstrations included.
f5f58452fe96ccac411affb2f9aa1ac7
A cross-zone scripting vulnerability has been found in Internet Explorer. If a web page contains some sub-frame, its security zone may be compromised. Link to a demonstration included.
321eb5687bad72de83a782fb73439364
After applying the patch for MS03-048, Windows is still susceptible to the Hijack Click attack when performed in conjunction with the method caching attack which can make the window.move accessible again. Link to a demonstration included.
bbbe6142ef64fb71d189c053a995c343
Rapid7 Security Advisory - Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array. A valid login is required to exploit this vulnerability. Version 11.0.3.3 for Linux is not vulnerable.
68c419231c535ce39ca3187c3c632165
Simple patch for OpenSSL 0.9.7c that adds a PKCS#12 brute-forcing option which takes in a wordlist.
f13b90dd9a84af1e68eeccd7760fbcad
CERT Quarterly Summary CS-2003-04 - There have been documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange, various SSL/TLS implementations, a buffer overflow in Sendmail, and a buffer management error in OpenSSH. There have also been reports of W32/Swen.A, W32/Mimail variants, and exploitation of an Internet Explorer vulnerability reported in August of 2003.
64bcd2eac439122f37c384aaa8bd86b5
S-Quadra Advisory #2003-11-24 - Monit version 4.1 is susceptible to a denial of service via a negative Content-length field and is also vulnerable to a stack overflow when accepting long HTTP requests.
ddfa2ceae5a29fda453212302c494a98
ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
6425534104fd9f6f644c6f7286ed40e1
Os-sim attempts to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. Supported platform is Linux.
c6f3cb40950de18d054ff3b84bb57712
CommerceSQL shopping cart allows remote file reading via a directory traversal vulnerability in its index.cgi.
5a17b3f5332c2e8437aa225dc2841a71
The embedded webserver for the Thomson TCM315 cable modem is vulnerable to a buffer overflow during a typical GET method HTTP request.
51198bef948a30a3927152acb48c8e3f
Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.
1dcb3778cf0666564820fc49425c8d2f
Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.
8021b039c337a9b27a5ea27d4cc63157
Brief research paper that audits and discusses the true scope of how many hosts on the Internet actually have TCP port 139 listening and are susceptible to attack.
bdd6e30719b9fc83c5360faff129ac70
Security Corporation Security Advisory [SCSA-021]: vBPortal versions 2.0 alpha 8.1 and below allow a remote attacker the ability to send mail anonymously via a vulnerability in its friend.php script.
b9b406a1de68f15e93c5a0044938ddfa
webfs 1.7.x remote root exploit that binds a shell to port 26112 and makes use of a User-Agent buffer overflow.
5d7053881beaf39ab594c60a0b0cd44c
A bug exists in MSN's Messenger client that allows a user's IP address to be exposed due to improper parsing of the Ip-Address field when parsing requests.
20299636636f63dc45c73c692442d9d2
Xitami's LiteServe webserver versions 2.5 and below suffer from a denial of service vulnerability that stems from a logic error during the processing of a POST request.
f99731f08cbe75282ebf2e8919136ef4