The BadBlue web server v1.7 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
99d05374da83f582e4c1a538df787b729ffaa4edb6e65cda12d5bea1cb47a8a5
The Liteserve Web Server v2.0 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
1ad0b43d131843b5736e0561fcc1a675759e988ac4a519a13fc34d067e8ed50f
The BRS WebWeaver Web Server v1.01 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
952d6a2e38bf73ed6659426d07625a19fe392c8b246d7ec67b52f1f0b7264132
Tunnel finder is a particular proxy checker that can display information from a list of proxies by searching for proxy servers that permit the CONNECT command allowing an end user to achieve a higher level of anonymity.
04f9dee370118f4214730926d3a378e63fa4c58b145ca7bcb65f65b3693a1376
Virgil CGI Scanner by Mark Ruef has a vulnerability where user input is trusted without being sanitized and is actually populating bash variables which end up getting executed. Simple exploit examples are included.
d904fe4eeff1617f799ad5d492b310acc2605145158faff2c8c8a7b7a546cdac
Microsoft Windows RPC Denial of Service utility.
14210ab9185d541e6e0cd8c76e93e68f6cf19be6fc42f04ea56bb85b67e5e8ef
Log wiping utility used to sanitize logs from utmp, wtmp, utmpx, wtmpx, lastlog files. Capabilities also allow modification and addition of entries.
7d68a83410f500bb5b1ecadd45370d96ed4e69ce4f1b607f6b1bc9a7ea7b61da
iDEFENSE Security Advisory 10.24.02 - The Solarwinds TFTP server v5.0.55 and below contains a directory traversal bug which allows remote users to download any file on the system.
a7a4ff629f7e930a627e2df7c2e09b6d40a316d099e31b0a622bdad02850eb20
Microsoft Internet Explorer versions 5.5 and 6.0 are susceptible to 9 attacks involving object caching. When communicating between windows, security checks ensure that both pages are in the same security zone and on the same domain. These crucial security checks wrongly assume that certain methods and objects are only going to be called through their respective window. This assumption enables some cached methods and objects to provide interoperability between otherwise separated documents.
0d493f1ee4c0342068a311e12ade60a725672891b23957e14ce2b5cbe1e6e675
Two modified versions of the slapper worm exploit made more user-friendly with simple interaction to define what host and port will be hit with the exploit.
33f0ab9cc7a39a816dbc6dddc8b1952feeb6871f5ad68e60decab4626431eb7c
Iptables shell script. Some Brazilian comments.
4a4d7de414db7c905e2217bf7d07d40927e0c013b2effde9a9f8880838c68278
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 remote denial of service exploit which consumes all available CPU via synflooding. To fix, update to the newest zonealarm and run windows update.
2329490bcac7c86570a101a2d3d6cdd834e3f075b8ff11c4b4122ece94d2393e
The Autopsy Forensic Browser is an HTML-based graphical interface to The here.
cde4370054a7517eb875f440b96f74eecd787db70646c17b539c794decd11608
NGSSoftware Security Advisory - Microsoft SQL Server 2000 and 7 allow attackers to gain control of the database by elevating their privileges by using the xp_runwebtask stored procedure. Fix available here.
0993da5c8ab7c5ff24d06d11c71e7c6166e5eef4f669d081f8f47da07b21ae30
AN HTTPD v1.30 to 1.41c remote heap overflow exploit written in java for Japanese Windows 2000 Pro (SP2).
167ce9e82779b5e084ff82fd83009543c8acb427e75433946e1e8bb76aabd037
Nocc v0.9.5 contains cross site scripting vulnerabilities which allow an attacker to take over a victim's e-mail account and/or perform actions against the victim's will, by simply sending a malicious e-mail message to the victim. Fix available at http://nocc.sourceforge.net.
9dc7f58e6a84de7afd3c2dc0c1c01e0a92637f30032701f1adde85a1090db208
PowerFTP v2.24 and below remote denial of service exploit in Perl.
6c35bcb40ba1d5bd9322642847860c17eb6c904541ae79689c51f4513a733837
Sendmail 8.11.x linux/x86 local root exploit. Uses gdb to find offsets.
97fb231f9fda1d4ce349f63e8594a891166c284dcf5ab06cb3000406b26a36b9
Unicode IIS exploit in perl. Tries 20 ways.
8662d0aab8bd41a11af165611d21686de5ca89f17b76ea0ca9ec002d6a6ccc07
Windows XP port scanner.
2765e98d0c660f9e26fe5790fef0fe45c40dc5cafb09fc4422ae1815a1232f59
Web602 webserver remote denial of service exploit which uses the com1 windows flaw.
ab81b2d5aae5a6c0ecbe18c0c13997194365a98f277de5ce0d0fa049a1a34322
Web602 (Czech version) directory tree exploit.
93003a050e2c15ef1e0f6c14a2e62b6ea615d4de687dec1239970cbb346096e7
HP Netris v0.5 and below remote denial of service exploit.
1511466d20ead8a76a69420ed7ccb8dcb916dcf1d94877d562d9820209800c33
Crip.c is a utility for ripping out a c-declaration of binary data (like shellcode) and converting it to binary.
a63c9f4d2960f672e07b9bbd29d3d87d4a43463fb6e89cd83c72d12adb1619b0
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
0fd643ed6ce80f231d2e8aeb0282685d95a821baacdd2963e6c251e0fbff879d