Cisco PSIRT's response to the privilege escalation vulnerability in multiple Linux based Cicso products including: Cisco Wireless LAN Solution Engine (WLSE), Cisco Hosting Solution Engine (HSE), Cisco User Registration Tool (URT), Cisco Ethernet Subscriber Solution Engine (ESSE), CiscoWorks2000 Service Management Solution (SMS)
5fed5f29f98f68d37f4b0e34a99ad89ec73549e4955eedd56cf3633347bb56be
Assurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products. the "show" application has several vulnerabilities which allow an attacker to "break out" of the shell and execute commands (including /bin/sh) as the root user.
ffd7ec925a08321578c4606c7b0a6bde0583a426858c95a75515779c416b030a
The package SYS.DBMS_LOGMNR_SESSION contains a SQL injection vulnerability in the procedure DELETE_FROM_TABLE. Oracle fixed this problem by using the package DBMS_ASSERT.
1eb412d989006bda131499a0f77fe151a8bbbc7dc287b8e0d7be3dc8c7bd297f
Some components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
a36f19d2a6ed11d0ffb67d60451dbbfebd2b4a55d7432dc8a62f16c20cc2b9fc
phpLister v. 0.4.1 suffers from XSS.
8b1f1255e539096abf589d91e29f48549f7c3a9af76ed4ba68514c56be5bde95
A paper discussing the various vulnerabilities in Ad-Aware.
4b6a28f895b49f29af11ab0ad13559dae263a936ed19aedc7e28d7ca632b9ba8
proxytest.pl is a perl script that reads in a list of proxies from a text file and checks their state.
6ee7234a27bb8276b190e57089ec9fe6039dd9086a9ef97adaf4240fcfd66ed9
wnetstat.pl is a small perl wrapper script to hide IPs from netstat.
02bc906fe5883774a8295c8c29a77175963ce43fbd71869d1fef8126325afe45
An introductory paper for would-be hackers. It could also prove useful for network admins and hackers that want to improve themselves. Chapters include: The OS, Understanding TCP/IP, Becoming a Hacker, WHOIS Databases, Basic Tracerouting and Path Analysis, Mapping with DNS and Geolocation and more.
b4e91f313fa1cce8a5f8538e82a63ea7ab2d08cf63b8afe5a744d2e88801afa3
libShellCode is a library that can be included when writing Linux and BSD i386 based exploits by providing functions that generate shellcode with user given parameters during runtime.
62dc05ebdc7b74df8811246fb68046d2fcd9f998a5c37747b2183c8dd2035545
open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848
An example of a return into libc exploit that possibly works though grsecurity patch protection.
3d52d2bc3578ca63d91d157654640485e25d9bb02f962aa6d3f5f5cfb99a6f01
Linpha 1.1.0 suffers from a XSS vulnerability.
f7e3f5d7e4eb3b1bc3ee23685ee770c5e7307dd23fd9a66a2f4042defa1f53b3
FlexBB 0.5.5 remote SQL login bypass exploit.
8ec957f077965343b237cb624658ab727dbed83ca28cd9460e3a4489e4d2e1b8
Neon Responder 5.4 for Windows suffers from a DOS - sending it a specially crafted "Clock Synchronization" packet causes it to crash. POC included.
00308f6b50521d1c774a89502ee9de291b104713e6c78d55efed7ad64f9478bd
RechnungsZentrale v2 suffers from SQL Injection and Remote File inclusion Vulnerabilities.
199f60d5a50ae67e551c0a6e37b12a5cd7446cbdbfe0fa75e2ffcebfaec62501
Findnot.com DNS Privacy Breach, DNS Spoofing Exposure, and ISP Monitoring Vulnerability - Several vulnerabilities have been reported in Findnot.com's SSH Proxy Service which can cause all DNS requests for lookup of sites visited to be resolved using local DNS servers.
a31794b9b3bd88d68a780c393eeb2de80a451637e98988ab84f8fef14ed66b8c
Findnot.com IP Address Privacy Breach and Unencrypted Data Vulnerability - Several vulnerabilities have been reported in Findnot.com's Microsoft PPTP VPN Service Client, which can cause intermittent immediate loss of anonymity and privacy while using the service.
c0752cb8fe102e220a572433d2dce33f44c4db45a14e50386da67dfd2e8bc542
SnmShred Mail Shredder - A perl script designed to exploit the RCPT function of sendmail to flood a mail server.
cce6ffec509ff19248173998ae0f248d9ec996a9de28ed4954b65b709b198d89
Defacing The Art Of Hijacking Spamming And EMail Viruses - A paper analyzing the methodology of hijacking a users web browser focusing mainly on Internet Explorer.
a19d8c74cf6da99ca80f6b3a1494254c3e49702f0a7e4c81583dd174eeb52bf6
Web Management Port Scanner - a portscanner written in perl to find open web management ports.
8cad85f4aa0349fabc4af990c1d5409313e9fa2e773e2125d265b5db72cf634c
NetProx Proxy Redirector - a proxy redirector written in PERL for connection redirection between remote machines.
7bb571bfb44fe6f5af0880fd8cc2ca70bcb72f15d7bc2483d40bae54f239f0f2
phpMyAgenda 3.0 Final suffers from a Remote File Include Vulnerability in agenda.php3.
0127ffa3f68c50522dd1e30f8420f3e869bbb31c79e98814dd7ee96be5025be1
bloggage suffers from a SQL injection vulnerability. POC included.
7a2ffb82807a4c80dfb88bf703c3f20e81c36ea5204da378e2d297a46d82a022
Mini-NUKE v2.3 suffers from a SQL injection vulnerability.
114b0a0ebc035da9aeb614dc226952c5976517fc0db78b6fd4b1da9be7fdc486