Proof of concept exploit for /usr/sbin/chat on RedHat Linux 7.3. Note: chat is not setuid by default on most installations.
c9a281b9044a9467791c8614d54bcf288295b2f5098c342bdf3f19623a7da630
Macromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.
a735d602394b50e656bc281563c0a6fa0a3b76a6ea07c95001ca5055469a229a
Re-Boot Design ASP Forum is vulnerable to a SQL injection attack that allows remote accessing of a user account without prior knowledge of their password.
e678d70617cc30fc5813f731c6760853903497a982dccceee63e02e782e18f04
Thread-ITSQL is susceptible to cross site scripting attacks in its Topic Title, Name and Message fields.
a8673828a2c183f9ff8049970d8dbf6c66a148d78e082ca0072c4acc741f989a
The Thread-IT Message board is vulnerable to cross site scripting injection via the Topic Title, Name and Message fields.
10e3db50f48b3886d5c8ae6c8e46cadf3fa8ec612cab4d818e88e79ee5f0385f
Comment Board is susceptible to cross site scripting attacks in the Topic Title, Name, and Message fields.
827dc62fdf35b1cc001920e7959315e067206ab13b453f97e6841f66fd718d36
WebWeaver version 1.06 and below allows for anonymous surfing of the server if the Host field is set excessively long. It is also susceptible to various denial of services attacks.
d379db7c0aee30b485cfe256c1ea095e1ecc0ca84aa0b246acdf7e56cbf677dc
FreeBSD Security Advisory FreeBSD-SA-03:14.arp - Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.
dde29ce8a88cf20ce908f5b73c17ed056e549898e79d57c425cc8cd42cc921c5
Guardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
f3c7790699c2de28eff06ee5c00de602e489b1a387068cec05c864ef10156833
602PRO LanSuite 2003 for Windows is vulnerable to sensitive information disclosure, logs freely being accessible to any remote attacker, the ability to read any file on the server, and directory traversal attacks.
9f04a1d343d4cc73ccc8d7925f80792502dfe9ae066749060a5a410c141bac4b
The Savant Web Server version 3.1 for Windows 95, 98, ME, NT, and 2000 is remotely vulnerable to a denial of service condition when various malformed GET requests are passed to the server.
2bd87abf901a44d0071f6039019aec576f2bf17865434df7b85c0d48b661fdc7
TCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
cd7f1d11b3ca6f5557a7089d0ad41c6cfe112cbae11c131b99ae3ae789457d9e
The Oracle-Proxy aka SQL-Gateway of Gauntlet Firewall version 6 crashes when invalid data is sent over any defined SQL-gw disallowing any future connections.
a0e10a92d97abbd19d53edba384816435d156b0d725e5b27d36f4936aab82bbe
NULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
9bd9eaaee3c3e86fe3542b65ecfc1b31fb82cef2f2febf220de60c32a9c33f01
NULLhttpd version 0.5.1 and below is vulnerable to a remote denial of service attack that utilizes 100% of the CPU and consumes any unused memory.
5e460644a7de9fa6951e7addf77a7867790c8a4a7e60614db8e8431f63fde7dc
PROTEGO Security Advisory #PSA200302 - MondoSearch versions 4.4, 5.0, and 5.1 are all susceptible to having arbitrary ASP code executed on the server via the Msmsetup.exe binary.
dd2110920726df2b84f352c14daafac87f04aa60c0693776f805424930b8f0f7
ISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
0b7e33b20eb6e39707bf6f99835e0d7b6a4c02fe435aa0e95c32fea7585d8dee
Paper describing the fundamentals to writing shellcode on Linux x86 systems. Filled with loads of examples.
c7f898409a0cfbef6ca72115bde9760dfaa77bbaa75169f1aee06693faa67236
AppScan 4 Audit Edition has a flaw where the Explore stage of the utility has an automatic scan option. When a reference to a URL in an href tag is made using a wrapper function instead of directly calling window.open or document.location javascript functions, AppScan will not detect the link and the URL will not be tested against any attack.
738c67afd76910eef51c248ffef68d21df6238a1d7277ac9314af039a2a5aabe
Moozatech Advisory - wzdftpd FTP server version 0.1rc5 is vulnerable to a remote denial of service when an internal check during the login process verifies the input. Sending a single CRLF sequence at login will cause an Unhandled exception.
9dc709a32ecc61f75ab26f3b3ad333db8c02afd077bd2ccd557d391336f40994
Packet Storm new exploits for March, 2003.
99a4af813d300038af78ac3abb7d9b6bd8d2dceb9b661b5b112f238494160780
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
c77c45cda120a2df844639ed9545243e9c9a436bd723e556c9ea06c15a682d06
Both OpenSSH portable versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code with at least one of the bugs being remotely exploitable.
6039997a0d3920e9ec4076fc04dcbce3949da71808527bf29c18e4ad183aa448
mpg123 v0.59r and 0.59s remote client-side heap corruption exploit that makes use of the overflow found in the readstring() function of httpget.c which does not limit the amount of data written to a buffer.
b966ec4b297ac556e11aa1acbd8b25b092385a2aa517c52977bb4f02b7484849
Remote exploit for lsh 1.4.x that makes use of a boundary error in read_line.c when checking for errors. Spawns a bindshell on port 45295.
e168f8955d32dfb71b3687b375f1e860d3b0793aad3026a1c30016d53a3c21eb