Secure Network Operations, Inc. Advisory SRT2003-07-08-1223 - IBM U2 UniVerse version 10.0.0.9 and below allows the uvadm user to escalate to root privileges via a buffer overflow in uvadmsh.
07bee1686a0c83e96b5a7d0c30fcdc0f47ba477ddd22842dd3e50400b4aa78c6
Secure Network Operations, Inc. Advisory SRT2003-07-07-0913 - IBM U2 UniVerse version 10.0.0.9 and below commits some abnormal suid behavior in its uvrestore and setacc applications allowing an attacker to monitor other user ttys and more.
2c90d30100f5f984b3cf32a5c64662112d4acdb4e1ed35b55f059aa383f79e89
Secure Network Operations, Inc. Advisory SRT2003-07-07-0833 - IBM U2 UniVerse version 10.0.0.9 and below on Linux allows users with uvadm rights the ability to escalate to root privileges.
bc6359004efcd5b06bacf05b043408021032d202e1eeabf6980ac879a8b11f43
Secure Network Operations, Inc. Advisory SRT2003-07-07-0831 - IBM U2 UniVerse version 10.0.0.9 and below on Linux and DGUX has a legacy program included in the package that creates hard links as root.
6a486570d3ce8440e70bf1f76f1a3177aebbaa5a9eb2a4dcaeabe63319a83984
Logo for Engination
d9d9453e3bbdff8bbded4e89a8a5a70726ce4159d4c42e98a0a74e95f34e5d31
nfs-utils version 1.0.3 and below for Linux has an off-by-one bug that allows a local or remote attacker to send an RPC request to mountd that could execute arbitrary code or cause a denial of service.
3fe1bcb8239cc8b00c2dfcf354fa601b0b377cb56afd088883e8b2af3724d591
Hopfake logs traceroute attempts and can also add some extra fake hops. Works well with TCP/UDP and ICMP-ECHO based traceroutes.
240d10356442704cb6a76489439bf4cccb4452ed4ca304baddfcacd35e7c9ddf
Moby's Netsuite 1.21 httpd server is vulnerable to a multitude of directory traversal bugs that allow an attacker to access files outside of the web root.
c3a9e9ae00e9e67b478e9d3093cc3f9669abbf2620d5783b4b97471d46479220
Hummingbird's Exceed X emulator mishandles fonts and is vulnerable to both remote and local denial of service attacks and may allow an attacker to remotely gain root privileges.
4229f6700178e0c3f5a09ba9b35ac021fc622a1b8acd2e2bc7bda54b9d98eea6
Simple shellcode that allows command execution on Microsoft Windows platforms.
a5a6d5c1a064493d07a7279f0875d3e18e7199ccc79e6c56780408cd1ef3e18c
A buffer overflow has been discovered in the IMAP4rev1 MDaemon v6.7.9 and below that can allow malicious users to remotely crash this application and commit code execution with SYSTEM privileges.
abf6ce1c4d9bf7f8ca7fe731e42afda03ebc4f4ddfc1cbcedb749995121a265c
Exploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html.
de57f77d0570f6c0cef77345b9c3a45bdf07eb7947748433529550f3a4693e1a
Local exploit for Upclient 5.0.b5 that spawns a shell with kmem privileges. Tested on FreeBSD 5.0.
12ad32e03b238b43ac52391150406436f569b35875fd12e93cbdce6c5c310419
Paper discussing more shatter attacks that are possible using SEH memory locations to escalate privileges in Windows. Related information available here.
08eeaae0ef4d604d10152e302c4788b1eb3339d71fd9c5a793d9b0e5a67d44e0
OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.
b080fa6cc868df661d6a5f84927bd9d12568a47e84e38cf22695a72e5ee75f19
Backdoored version of OpenSSH 3.6.1p2 that has a magic password, logs logins and passwords to a specified file, and disables use of the default configuration file.
b8d706e7016863b7aae46d746b1f0f9ebfe89f5729e5b7e3f964a1ff7c5aa41f
Packet Storm new exploits for April, 2003.
31c9e6c9d8582f6aca72f21d5e0406005516f63c17fe7cad6b90dc9ccac51305
Packet Storm new exploits for January, 2002.
c8876e01bb72729efd8c9bb8059af190059d1b349a108ff8047f1404d6b7c269
Packet Storm new exploits for January, 2003.
05e9bf140090db0cdb886afeb952996de9fc46088acb9fcee3c4fd94972e4c8d
Packet Storm new exploits for May, 2003.
3266d5d2ec89be98ae96388144950426ff1b73fbfc6af81a7f8f55b77fcfbbb5
LLC v0.9.2 is a log cleaner for Linux.
bd31dd99d9d4d55fa1aa06496921958c44bf0a1c8dcfe1f12eb4e6ef80fbcf36
Another submission of a t-shirt graphic for Packet Storm.
794a4b796619be7e502818e0873d5237f7795ce41886683121a1e66ccefd49a9
mIRC 6.03 and below allows an attacker to misleading supply a URL that poses as one URL but leads to another by setting the color of the secondary URL to the default background color.
6b69a01535a0c67322cb56b25faa8fc7dba090f0825a3a04ed026b05cdd0462d
mIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
e563523994f9fa8795dd89183f1920def4ff07f15d1392c758656569e82a5204
Proof of concept exploit for mnoGoSearch 3.1.20 (and possibly works on 3.2.10) that binds a shell to port 10000. Tested against FreeBSD.
3b52260178c6331557b9865a060541ff07d5cdeeedbe2e926b3952bdeac4b23d