NetBSD/i386 2.0, setreuid(0, 0); execve("/bin//sh", ..., NULL); shellcode. 29 Bytes.
2361c89276305bd09af3f19909dd5cda1173703a34b42ec8f14d0baaec5e090a
NetBSD/i386 2.0, setreuid(0, 0); execve("/bin//sh", ..., NULL); shellcode. 30 Bytes.
117af4cd119203328bda7ac1a71cede1ce1eff0d09363550faf1f7a805060a54
The Webmin miniserv.pl code suffers from a format string vulnerability.
97ebba960f457a58ad0e761322199ad5c6c0a070121c559a0100561ad97b67fc
Microsoft Internet Explorer denial of service metafile exploit. Raises CPU utilization up to 100%.
48fd7350f572c62e78b0b5618eba85ff145865f9260ae631a6875341622b4523
A buffer overflow vulnerability in the utility phgrafx included in the QNX Neutrino Realtime Operating System can potentially be exploited by malicious users to escalate their privileges. Exploit included.
59ea4aa5c272f08159cf44506744ef6f78fd70d1feb59c535e77bf1afa84aea9
It is possible to mount a denial of service attack against Windows 2000/2003 hosts where the SYN attack protection has been enabled.
5aff64df96ecc852c2daff2bb5ddea80c392c2a30780ca25b8aab68fefc3bfcb
Guppy versions 4.5.9 and below suffer from remote code execution and arbitrary inclusion flaws. Full exploit provided.
968ffef02bac67138cf981ec650bc3a7d33b94c0c0c8eb860f158874ad6f9ca9
WebCalendar 1.0.1 is susceptible to SQL injection attacks.
23e27c95c7836fb9ed4b91fc3f6d56dabd8ce00e2c70c418b4563aabab3e4fb9
PHP Web Statistik version 1.4 suffers from injection vulnerabilities.
1254628e2da8b1b1b6f411da297d1ea9e16f19f55e843ac8d21250c14532a6ef
FreeWebStat version 1.0 rev37 is vulnerable to multiple cross site scripting flaws.
0020303ba5ebcc0da8d674752ec0c2c826555fce3288cdd245981ad3915983ad
Cisco IOS exploit that demonstrates how unsanitized input from a user can be injected into dynamically generated web pages.
4d70c45a942ad697419897fb1a6037e8fa9a37acf43cbbe1c805f31581738d5b
Kadu, an opensource Gadu-Gadu instant messaging client, is susceptible to a denial of service condition.
09bf206aa9b5e425a10bdda36dbf29d831e765432536a018af9b045321bb7ecb
Randshop is susceptible to SQL injection attacks.
1a59e41d524a0c0075464b3e6e4f4bd5df6198c644af1105c7c17ed7ce2102bd
APC PowerChute Network Shutdown's web interface only supports HTTP, forcing credentials to be passed in the clear.
8885c9bf6f4b2c0fa09d301f83d4ae9733e49fd941dbcba894109c631117a434
Google Talk Beta Messenger stores all credentials in clear text in the process memory.
77351e323ebc2b62b46a2bc7cd97d4de54156ea418e6b6aeaadbc17bf1698b51
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
b8ef27d4bdfa652884217592c1c17d31a78a1b97978a9d9e2b7dcdf6e969cd6b
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
623d26c4ef62dca439222272bc448db49a7551150f3fbb17951e9163d7ddbbd0