Explanation of how to exploit the rpc.sadmind bug on Solaris.
39930a280c144ab14cfd240d0a929369a2f7e68dfed059b8f4c01fda84a4ba71
The Sambar web server version 4.3 Beta 2 is vulnerable to remote buffer overflow. Dos example included.
e480e4ea52df200307b608978e22215ea04221336cc1ca0297728e71575dd718
Netscape Navigator/Communicator 4.5 buffer overflow advisory - I recently uncovered a stack based buffer overflow in NN which allowed me to execute arbitrary code. Exploit included. Tested with Netscape Navigator 4.5 using Windows98.
8ae2a6160c963cdc89d7ce97dcfa06db4b47da886d8c54227c1f6ca9cec3bdad
Mobileunit Security Advisory 001 - Privacy hole in Go Express Search. Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for instance, add, remove or alter personal links.
c9185d378aa41a4e82bd6db449c12e8d7b0a1e1020caecaaac4660d85cd539b4
Local / Remote D.o.S vulnerability has been discovered in IMail IMONITOR Server for WinNT Version 5.08. The status.cgi script takes up too much CPU time, if you run status.cgi lots of times, the server will crash.
52d60a89d0c044f3abb0b05f296e310bf0ea9e620ccebc9175f98e0ed5783307
All the exploits for 1999!
67fd709e350500d6439a175f6f5c708796faf47c82557dee6eb14fef418cd70e
Exploits for December, 1999.
703902df89bce6bdbde602567806f74bb44fe1f433263bec15a1ff6e8a8c69a5
initscripts-4.48-1 on RedHat Linux is vulnerable to a race condition. Contains the l0pht advisory on the subject and exploit.
8fbb95a1d486767654b91e051c53b1fe705011257fc3403f663104539a8a7c68
The Savant Web Server V2.0 Win9X / NT / 2K and possibly other versions has a buffer overflow caused by a NULL Character in the parsing Get Command routine.
f700ade2ff5160a78c751d4cad90724e7efd35a4b899b49a1e49ec9a813da624
A vulnerability in majordomo allows local users to gain elevated privileges.
792d59158dadd36a7ada42e732b5f076be51ac1491f09ece77427d758fc24205
Wmmon is a popular program for monitoring CPU load and other system utilization. It runs as a dockapp under WindowMaker. The FreeBSD version of this program has a feature that can be trivially exploited to gain group kmem in recent installs, or user root in really old installs. This affects the FreeBSD version because under FreeBSD the program must be installed setgid kmem or setuid root in order to access system load information through the memory devices. The Linux version should not be vulnerable because it reads information through procfs which requires no special privileges.
b17324e668f1be017ac1858c718bf3d368886a8ffc62efe182da8ba3ed9aeb9c
Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A and other older versions. Possibly exploitable.
214015ff3800285b4f7271b1d3b4fd58490fdf69a220c91c16ef20b2f0c74321
CamShot is a Windows 95/98/NT web server that serves up web pages containing time stamped images captured from a video camera. The images can be viewed from anywhere on the network with a web browser. UssrLabs found a Local / Remote Buffer overflow, The code that handles GET commands has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed.
f179a5f67d4a3699e41fea3f876e418d1c1298f43b98efb499e0052e8832b256
Unixware 7 Vulnerability - Any local users can exploit a bug in rtpm to gain "sys" privileges.
67a0fa19005aafa9242d3fbfa9e854feb7e4cfe89d0badb133bbc369c9e2471e
Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt. Source / Binary for exploit here.
8476e3395c6fecc15aafd8b57e0bb242327bfc69dc4e3b9eeb1f05d3ec39b892
A vulnerability in IBM's Network Station Manager will allow any local user to gain root privileges.
aac4438238668b605585d43fcc4b4f4ebe45a72c09a4cd9071962bc28a93d82b
A vulnerability in "/usr/local/bin/pis" on SCO UnixWare will allow any user to create arbitrary files with group "sys" privileges. A full root compromise is then trivial.
6bb80262134ac8ffccd94ff0c09ebbb892bf91d48a90d119fec119e35aea2470
Anyone can gain remote root access to a UnixWare 7.1 system by exploiting a vulnerability in the i2odialogd daemon. This daemon is installed and running by default.
036bfe31c03c92e9bc94b4a442b735a8cb7fd6fd7607cdb68240709bed19aff3
Remote exploit for ZBServer 1.5 Pro Edition for Win98/NT. Source code. Binary available here.
489d37d2f616fef257eb8ab311b5b7e0d2340595d8b205e9c99b197623dfd15e
[w00giving #11] An exploitable buffer overflow was found in ZBServer 1.5 Pro Edition for Win98/NT. The code that handles GET commands has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed. Source / Binary for the exploit available here.
9e69d604d05c1a2a2c6a723f824527044474acdd573ca473666c6abe690f87a8
Several holes in the Solaris 2.7 SPARC/x86 dmispd daemon will allow malicious users to do various local and remote DoS attacks and probably more.
f473b55e73cc713bf480a073d0ec58518887e272f350177275f1a0e6bf9202b6
KDE, kmail local email-attachment symlink exploit - possible root comprimise. Kmail older than v1.1.1 is vulnerable.
4afa410db651af6de289d5b36edc2bec4444366a290b9429cec19406217a4680
Remote DoS attack discovered in DNS Pro 5.7 for Windows NT, caused by over 30 connections to port 53 at the same time.
6a5b1d3203440661fa1a3460290844a5985c7115edfcea8d58a274dcc8be800a
w00w00 announcment about an exploitable buffer overflow in the POProxy program shipped with Norton Antivirus 2000 for Windows 95/98/NT/2000.
71353195c368a425177adddf5f0313879278613d3f2067468d5866251a84344a
Five new vulnerabilities have been found in Berkeley Sendmail and 'procmail'.
739a99c27c891bd518989d4459effe5d7dbae8f49924a28318fe663f8c8dbe7b