Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
d6672353da22242d8fc89098e6e31eb2c358a76ff09164f2b7f0f5060a5f0c03
A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
fd6ebb0828f5cb6e82c9eee40aa6c2ec59a5dc98c91a65464b19819116f6bf26
iDEFENSE Security Advisory 04.08.03 - Remote exploitation of a memory leak in the Apache 2.0 HTTP Server causes the characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters. Versions affected: < 2.0.45.
b48df828dbdecf9e21604f43457d667566af6ec88eb59354928059fb5619165d
iDEFENSE Security Advisory 04.09.03 - A vulnerability exists in Microsoft's Internet Security and Acceleration Server that allows attackers to cause a denial-of-service condition by spoofing a specially crafted packet to the target system. Another impact of this vulnerability is the capability of a remote attacker to generate an infinite packet storm between two unpatched systems implementing ISA Server or MS Proxy 2.0 over the Internet.
b573e2b6f6a85ab874cda45b55e19be72c075584f1a76e5079e895a43dc4c0de
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
b4c7ae8769c612b482a70be7b1495c99466bb71de7d68352b7ed0d353ea95920
Denial of service exploit against Half-life servers. After sending 3 specially formed packets the server is unresponsive and there is 100% CPU utilization. Tested against versions 3.1.1.0 under Suse Linux 7.3 and Windows 2000.
f6925a6a151cb89c26585acb1aea48df880c09ff4bfd634972dca9999ce666cd
mIRC versions 6.03 and below has limited visibility during a DCC GET that allows for an attacker to spoof a legitimate file and instead send an executable that can lead to a compromise.
1526285a6cfee9ec7f27c916f95f1a43e3c750528310833886e933edd45409b5
UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
1ec77d05a51e34bf8f10fddbcea60b702cb5fe474c39d04ba118f2d496c1a10e
Coppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
0d2fe1a4e09dda1f2380a7d53ddb87733772a50e381a3cc8e5217a10c4ca5dab
Atstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34ac
FreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
23abd59338b2e7cba9ff83607ae2df35e0a61553e0f957bbac4570d67c681598
Digital Defense Inc. Security Advisory DDI-1013 - A buffer overflow exists in Samba which allows a remote attacker to gain root privileges due to a a StrnCpy() into a char array (fname) using a non-constant length (namelen). Versions affected: < Samba 2.2.8a, <= Samba 2.0.10, < Samba-TNG 0.3.2.
962ecad2179dfe0cee6faea84ca0c80848964f1c2c98c2fd4afdf1aee435a89b
Utility for finding Samba and Windows Netbios services. Udp based and very quick.
0f979b2367b4d8a0297222cbb4011213e3324b66c3659d16507092fb464bb330
fatajack is a modified Wlan Jack that sends a deauth instead of an auth. This tool highlights poor AP security and works by sending authentication requests to an AP with an inappropriate authentication algorithm and status code. This causes most makes to drop the relevant associated session.
5b4c8235dc1aa20a0096f52dea4f1c9832db9cee0de8bddad235a411167b0ced
Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3f
Win32 Shellcode Version 1.1 - Supports SHE+ScanMem to get GetProcAddress memory address, bind mode, connect back mode, reuse connect mode, and more.
5362ba1b4b205e3dbeaca2371bc7f6813b413007491740ae688a645399986d60
Simple scripting utility that will perform DNS, SMTP, and HTTP scans on a hostname list given by google.com.
22496f05022cb6837ddc642bb6b9592199c3824b3664014e3f379c9af03ac571