This paper describes in detail the exploitation of the libc locale format string vulnerability on Solaris/SPARC. The full source code for the exploit is presented and some details of the implementation are discussed.
7b17fe99c5995c3700f946e8abe827d958a46295cd8e9068e1a590b08b7ef993
Xitami WEB/FTP Server for Windows 95/98/NT/2k v2.5b4 has remote vulnerabilities which allow users to view sensitive system information via testcgi.exe. Passwords are stored in plain text. Denial of service is possible.
963cbf8d5f403c450c746e48d4a87ee002babfa21848572bbe2f6ac1680a715f
Working Solaris x86 /usr/bin/mail exploit
a711668cc0d9690ee75eb24dd2d018bd428e023e5b49e67478bbd7fdca690496
A vulnerability exists in Oracle 8.1.5 for UN*X which may allow any user to obtain root privileges. Local root exploit shell script included.
17d374afd2a8378ded9bbbbbe17182f77ee586f2c4da4eb247fb052a192da311
The Sambar web server version 4.3 Beta 2 is vulnerable to remote buffer overflow. Dos example included.
e480e4ea52df200307b608978e22215ea04221336cc1ca0297728e71575dd718
Netscape Navigator/Communicator 4.5 buffer overflow advisory - I recently uncovered a stack based buffer overflow in NN which allowed me to execute arbitrary code. Exploit included. Tested with Netscape Navigator 4.5 using Windows98.
8ae2a6160c963cdc89d7ce97dcfa06db4b47da886d8c54227c1f6ca9cec3bdad
Plogd v2 - syn/udp/icmp packet logger (freebsd version).
6c7d6a373bf27fc4fe88c764bdf5b002ece8a6296bef7632474fc0eaa5c56233
Backdoor shell script to be run from cron monthly.
4a51bcecc880b78e5845e0c1ac80f9ec82f41bd9dad31c57256aed344a399b3c
RemoteHit searches for a computer on a remote network, in a given IP Range, using NetBIOS protocol. The program is fully multi-threaded. RemoteHit has MS "Find: Computer" like interface.
db0de589bc6f540188e5838ce03d6e87817cab5274689fdee8c1f91cb44f7ca0
NSI Rwhoisd v1.5 through 1.5.7.2 contains a remotely exploitable format string vulnerability if use-syslog: is on, which is the default.
4caaf3484ee97afe74157fd65fa4dad6415e2f47eebe489b3f4b240baea110ff
PhpNuke v5.1 allows remote users to steal the admin password, which is Base 64 encoded. The password is in a cookie which needs to be stolen from the admin by asking him to visit a link.
7af6df4201e5053dd29cb236178603fdb4a5bda31c8042192edb2f568326c3d9
CgiXp.exe is a remote exploit for Webcart v8.4 (bugtraq id 3453) and several unicode vulnerabilities (bugtraq id 1806). Tested against Windows NT Server 2000 / IIS 5.0 and Linux Red Hat 7.2 / Apache 1.3.22 +webcart.cgi. Gui based, requires Visual Basic 5.0 .OCX files in your system directory (richtext ocx, msinet dll).
bfb17b9ce107c0b63e002bf9a232a47c3933a3eba05ece3d08aebbad41d5c025
Apache-SSL is a set of patches for Apache to create a secure Webserver, based on SSLeay/OpenSSL. It is designed to be small, secure, and efficient.
91d9326eb3feff14935b0fae89ce6b59cba7e70e4491826037ccce5f82f1ec78
Berkeley finger.cgi has a remote command execution vulnerability because it does not strip out newlines.
9522938f90cc239769620d06fc8cdd679f71ea497be3e18b34ec0cfceaaf02f6
RegistryBrowser is a utility which demonstrates problems associated with stolen windows passwords by remotely browsing remote system registries using a specified user account. Tested on Windows NT and 2000.
754befcbca706cd9b4ff37c98092c6a93a03c9734298d1ab59b156a982dc7d9b
Uni.pl checks a host for the recent IIS unicode vulnerability in 14 different ways.
32bd5f34a95c46295f57976cfbf6555ee9b99614f669f3c03817d94d1fb5c99d
The Flicks Titan application firewall for IIS has a vulnerability in the url inspection allowing it to be easily bypassed.
c9ae3c7cec218aa4c0a512ca5aab4dada76da541b52fcc647bd0702fc4ea36a6
ADM ftp server brute force password cracker. Uses a dictionary, of course.
eb2d2b7b7079e96e58453f44c0bab50584ff3c778e7aff3061a21db68b9aa9b2
Proof of concept code for the Solaris 2.6 and 2.7 (SPARC) "write" buffer overflow. Guile Cool
f21badab966bdf7e602bc08f4a5c985093b94ac2fd1db132e7a1e225c048e477
shtroj2.c is an auto-hiding back door kernel module for linux that executes an arbitrary command when the environment variable TERM is set to a specific password on the execution of a program. Can be used to drop immediately to a functional tty-based shell instead of running /bin/login with sshd and telnetd.
2a5e1ed71748161de81d6d0a9b0b72b1da9a35faa6043246f127de53b3988ac9
Passlogd is a sniffer which logs traffic on the UDP syslog port, allowing a syslog receiver to have no open ports.
babdc54eb766a9d916345491692393e349eefcc11b0d887fdcc6f9fbdb588622
This jpg has nothing to do with unix, but it is easily funny enough to warrant being in the unix humor section anyway. It is an unaltered press photo of GW Bush being accosted by a gooselike animal.
75116b6771c9d248c08316ec5bd924cb8b50f4e987fa253f3c360a20bc795186
PDD is the first tool of its kind for forensic analysis of Palm OS platform devices. pdd (Palm dd) is a Windows-based tool for Palm OS memory imaging and forensic acquisition. The Palm OS Console Mode is used to acquire memory card information and to create a bit-for-bit image of the selected memory region. No data is modified on the target device and the data retrieval is not detectable by the user of the PDA. Source code is available here.
a2d15a1002636e6a06a171d2b43bbbad21f1b6715583ac5be11e1a3ea69e055e
Internet Security Systems (ISS) X-Force has discovered a vulnerability in the HP-UX line printer daemon (rlpdaemon). This vulnerability may allow a remote or local attacker to execute arbitrary code with superuser privilege.
fc8855c32af05bfe561174dc0946a2ed415b60808e50f138370be7dc3d2426dc
qDefense Security Advisory QDAV-2001-11-1 - A vulnerability in Hypermail SSI has been discovered that allows users to execute arbitrary commands on a server running Hypermail and SSI.
1f00acda38a91de5892bf56ba2d321748d458c17881de94dda4ec2e0d925c6d9