Windows port of the remote exploit utilizing the DCOM RPC overflow originally coded by H D Moore.
98186a16043a537eb59eec975695e217b9043d1747d7a414c37c888c6b72be38
Remote exploit utilizing the DCOM RPC overflow discovered by LSD. Includes targets for Windows 2000 and XP. Binds a shell on port 4444.
aac1c914909b279cffcee8699eff0774f5962b99d0dbd3ed2a80f12fa7a64d4a
An interesting bug in the Mitel Voice Over IP system that allows an attacker to discover phone numbers calling through the DHCP server.
1ed33fcc27a383016afe3811d1aa56ff46a4cdcfdf95bf1b10d6082b6b4ffcdb
CERT Advisory CA-2003-18 - CERT announces that a set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.
eafbaabf97c03108de6117e44f1d1a3d553ac31d3dabf02f3f7f03ac596520c5
NGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.
237dd712fc93400a7d9eed9e111f3ab5238fd5fcb2322857fa12ec0d69be3187
Scans an IP range and checks is a specified port is open for TCP connections. Can also search for specific parts in strings which the servers return. TCP RAW is not fully implemented.
5f26393e2a0d14d3a912b9f88ea34961da5d1612660ca4e6ef10d46898155e30
Packet capturing and network monitoring tool. Contains all the basics for monitoring network traffic. Tested on NetBSD and Linux.
b391ac1d3f92a701211db0c0e84bb25f662fa0e6fd9f0c7ae5f66be100ff5cea
An advanced backdoor which waits for a ICMP packet and then connects to a UDP server on the client.
a82f0882beed30e7c614cc2eabc39c2192750969a622ff0f723746be51b66bb6
SACscan is a basic portscanner much alike Nmap
74072f0cf65e2b908075df89fc05ee5c2fb536201cb01e3fcc3c738612f9693a
PHP-G
078015488d26f1dd993259eac78f9ecdbd1e53a886fe906982d804667e0be8e6
Various configurations of CPU/BIOS/OS can lead to a denial of service on a server by a local user due to certain BIOSes not zeroing out MSRs on reboot. Patch included.
ca31052b05fc2352ad297512130b304003132d25354bf262fd89aa8fc1a9205a
Remote denial of service exploit making use of the vulnerability found in DCOM under Windows.
d713c961d2e4c5c929651f387787d375feb82aa68cc35f126fa794fd0d189fdf
Integrigy Security Alert - The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information without application authentication. The AOL/J Setup Test Suite is installed by default for all 11i implementations. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.5.1 - 11.5.8.
854e86c2ad0a68b842923e90cca894c381a953aeda7c67d317b9cdd7deb2aefc
Integrigy Security Alert - The Oracle Applications FNDWRR CGI program, used to retrieve report output from the Concurrent Manager server via a web browser, has a remotely exploitable buffer overflow. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.0 and 11.5.1 - 11.5.8.
35163210430282df91a1cb019208a07bf7a0cc546bf99ea364752eb19abc2a02
Ethereal is one of those packages that many network managers would love to be able to use, but they are often prevented from getting what they would like from Ethereal because of the lack of documentation. This document is part of an effort on the part of the Ethereal team to improve the accessibility of Ethereal.
618a41b9e6642eaa7c78e75a9ba30c173ace317aaeadbc6c608977bbdff33552
Remote exploit for miniSQL version 1.3 and below that achieves privilege escalation root gid.
e3637acdc0aea734e04f3ed1cd756e1015ef7c75c0c7bf4b03ee10155c796dc7
Remote buffer overflow denial of service exploit for the Netware Enterprise CGI2PERL.NLM.
33d051b502f0487617368e88328921009574f44a7495c5805d2770bd46b2cdd0
Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.
117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308
Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.
4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5e
Atstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.
0e3ea90058d665a67768d87daa55ed99b0140ecb0adefcc560fee055b21f3437
Post discussing vulnerabilities in deployment of dangerous files onto a target machine utilizing the Windows Media Player.
8f316501a1dad19f5066131347357a6b5fef2a66474c18543f7935f8ac377235
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
b788871c0f91201b1a31c1f00aaa9c66675d601621475bdce6d1b47247ca04f4
Threaded banner scanner that is rather versatile and lightweight.
8265bf561570b0b737107a03fe3943d365b3ba56e5ee0416bf40453166ab473d
The Netware 5.1 SP6 suffers from a buffer overflow in the web server PERL handler CGI2PERL.NLM which will cause a denial of service situation. CERT: VU# 185593.
fe0de70876ed6743218b3c34d52b1cccb867bd93640ab254fbe70590d1973c6e
scip Advisory 2003-01 - MSN search is a link directory moderated by Microsoft. It is possible to inject some scripting with a search query. An attacker could initiate scripting attacks as denial of service attempts or cookie stealing.
c36c2de0aabf0ef9474193ad304fe9cc33e18af8c68c0026acae466d99f577a2