Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
44d770ea27a8490f768df00ddd53357cee60223940c04a835e294debe42339e3
THC-Shagg is an application to bruteforce check digit algorithms. It analyzes a given list of serial numbers and tries to find a matching algorithm and its setup. If such a setup is found, THC-Shagg is able to generate (extrapolate) new serial numbers, e.g. VISA and MasterCard credit card numbers, EAN numbers, IMEI, UPC or even EFT routing numbers.
beaebc61b99d81db0fc58c65787d826e2032df6e00662b4ca2b8413ed3611e9d
Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow. Includes both Linux and FreeBSD targets.
afa4cb86c25ccd524dc32cd373bbf79e895145dd4fd8d42831a2f91bc8fc0f25
CERT Advisory CA-2003-17 - CERT announces that an exploit has been circulating for the denial of service attack against Cisco routers and switches.
fa0af4778d17e41df7ea8f2bf792a21ec1560902617a294199be862d998c9393
Remote exploit that will cause a denial of service against Cisco routers and switches. Warning: Broken.
b71891bc30993e6966706f90564e4f9b83853b36b2f7b37f73045a53631830d8
Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.
57d65d13bc4302634c3ef691392ac36a6a8919bb4af7265e422ac3ab66718ebe
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
071e544d27a7d17915f0f5b5cade353e16bfcd3f2c72d68a1126dc9b64ca7bc5
NetTerm-NetFTPD 4.2.2 suffers from multiple buffer overflows that can cause a denial of service against the server and possibly execute arbitrary commands.
5a306efd007be6e93b46a57ca18e8723f5dbb426b9df29199030f5864f8bfe0d
CERT Advisory CA-2003-16 - A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
b9bb753690553d6b31adc50199b09cdd488ccbf24144a64753c7c243ee7add0a
A massive security vulnerability has been discovered in all recent versions of the Microsoft operating systems. There is a buffer overflow vulnerability that exists in an integral component of any Windows operating system, the RPC interface implementing Distributed Component Object Model services, or DCOM, that allows remote attackers to obtain unauthorized access to vulnerable systems.
a2ab7e1ad93e552958685d18447336ec08b35a14099950c3e45ea405d5917eaf
CERT Advisory CA-2003-15 - A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device.
af2755db813b1d4f9af9eda1bf413ce515f313ada93635dacefd03868b8b3d34
Advisory that discusses exploitation of the University of Minnesota Gopherd version 3.0.5 and below that makes use of the do_command() buffer overflow vulnerability.
41cd532c2317311e30c49cbcf529fbe61127eae9f335f83232fabbf1837663ed
Cisco Security Advisory: Cisco routers and switches running the IOS software are vulnerable to a denial of service attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full.
ef0504594a7ab6822dce58c8ba0c82480259ebe0b5d86f0f970b4e558f0f7b36
omniHTTPD 2.10 suffers from cross site scripting vulnerabilities that could lead to session hijacking.
52b5848c269b6da5f3724ecbe6e5ea940b8b8a3fbcfd5bff25bae930f4ebc792
SGI Security Advisory 20030702-01-P - It has been reported that logging into an IRIX 6.5 machine while particular environment variables are set can lead to /usr/lib/iaf/scheme dumping core. Since scheme is suid root, this could potentially lead to a root compromise.
cf55ec3e1e580ca7b85e91d22604fd9c68c6799680b2b730027f68cf4fe308de
SGI Security Advisory 20030701-01-P - Multiple vulnerabilities have been found in the Name Service Daemon, or nsd, on IRIX below version 6.5.21.
b6218821e51de97c515742f76bc0a7393297d398e8dfbefd71584ac16e407bec
Zone-H Security Advisory ZH2003-11SA - Elite News version 1.0.0.0-1.0.0.3 Beta allows direct access to various system files which enables an attacker to retrieve the administrator login name, then utilize that name on another page to set a cookie that will be referenced by yet another page that allows an attacker to post as the administrator.
15b0010175329a204e9968c5e50f2759f6d246f310258aa395f5fc303d0bc6e8
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0
The Splatt Forum engine allows html code insertion for the post icon form input.
6a997a7fd6c6056a6317e6c215a6608c822b8076ec2b127e14bf5b37bb4e7d46
Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.
ba080e1ee2b24295baccbce99c973d0e451004caf92506c8f54b87dc62b1a0d2
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65
A threaded ssh banner scanner written in Java that takes in a list of IPs or hostnames. Written and tested for Linux and Windows.
668d3d6e3f251c2cee5ad3e449105439defd5cde59ca1389636980dc5106c36f
Local exploit that yields gid of games for /usr/bin/toppler. Tested against RedHat 8.0.
c92cab560b62bccb2088bbd7e1ee2b423795fe4783101d37181185d7c3dbad96
Simpnews has an include file vulnerability that allows a remote attacker to load malicious PHP scripts.
3a1cb29b2d9407d519d17fe3a494ffe6d482069586256ca3aea9634a0659e949