Remote buffer overflows in various FTP servers leads to potential root compromise.
406172d824472d5015e41095546c5de3cb5a7445178fbf237678c37c792fe1b9
Default configuration of Website Pro 2.0 opens security hole allowing remote attackers to upload new files and overwrite existing files. This is how www.idsoftware.com got hacked this week.
d18ec1180e4e3473f3c9ca5cac2a12363f136ffa2ba64be78adf862f98a4d655
Buffer overflow in Windows Explorer can lead to Denial of Service attack, and possibly more.
4214293d27b33ba9bb4f154acf870baa5a5a54e9b95f0a50d46aeaa2d415d028
Windows FAT Filesystem Advisory: Recursive directory creation can be used as a Denial of Service attack against Windows* servers that allow anonymous FTP upload, and any that allow users to create directories and execute files.
bab71ed1bea79436a1c61aa4bc40f4b35f976ddc2c6b334802cf7cc588f083dc
ISS X-Force advisory concerning Windows backdoors, specifically NetBus 2.0 Pro, Caligula, and Picture.exe. An excellent analysis of the new NetBus 2.0 Pro is included, making this a "must read" file.
624e7b8b4d18038d8656b7fba7911d548aa1eda2ee3d28168fe14a14334e1a9b
This is nothing new, but is nevertheless a good reminder that Windows registry keys are never deleted, unless you "hack" the registry yourself. For details on how to edit your Windows registry, and take care of many of the rest of those "Windows annoyances", check out Annoyances.org
297ac600a3126496ce6b9b4a8421b040319266ebf95e3414b8e8b914b9d8514f
More Windows 98 buffer overflows detailed. The interesting thing about these is that it appears that Microsoft software developers define buffer values for each application without consulting one another. In other words, virtually every MS product allocates different amounts of space for buffers!
3233d491cd03ed7a39f51a2995d07a4acbbe5a73c7e280ab229ed3665778cecc
ISS X-Force advisory concerning Windows backdoors, specifically NetBus 2.0 Pro, Caligula, and Picture.exe. An excellent analysis of the new NetBus 2.0 Pro is included, making this a "must read" file.
cee3bc26d8ed5956ce96c31b7db8db96054271f17ea1d74781c5e958a82dc31f
Macintosh version of Microsoft Word '98 includes sensitive material in document files. Specifically, document files created in Word '98 frequently include unrelated data taken from the hard-drive. This data can contain passwords, or other confidential information that is on the hard-drive. 9902-exploits/ws_ftp-DoS.txt WS_FTP Server Remote Denial of Service Attack. Exploit example included.
cfba308b0139e7c2f2d406029d0033be1c7b5c3e93df2d0bee8fc167bf33e9d2
Linux /usr/bin/lpc (PLP Line Printer Control program) contains buffer overflow with local root compromise. Exploit code and patch fix included.
02e319c65a5b19c0f7837742936e6eb9967bf34b351ce0d3493bd35d638e180a
The Xtvscreen program can be used to overwrite any file on SuSE 6 (and probably other distros and OS's).
23e0ffc7351fb8f8db008369f1a1204d6fab32028c0e84e1bf09e2a3d2fb153b
ISS Internet Security Scanner for Linux (version 5.3) install.iss security hole is vulnerable to the standard tmp-symlink attack. Not much exploit potential here, as noted by Fyodor, but this problem raises serious questions about the overall integrity of proprietary ISS software that is distributed in binary form only.
2ac45dc970b2651ed7327d08c55bac3eb31bc66662b2e32df81476f4f18963be
Trend Micro's InterScan VirusWall does not properly protect LANs from inbound traffic (any user can download binaries and virus infected files though the VirusWall). Exploit code included; no patch available from the vendor yet.
c9dcc0e2e23227f93b25f0b63b208c428d5edecca2b432f333a2602c512d20ec
The ISS Internet Scanner lets you brute force by using username/password pairs specified in the file default.login.
699af6caa49e79fc9dae77eebf6a0ad59b3ec4f49adf4332551300050354acee
Example generic tmp-symlink exploit code that can be used for Denial of Service attacks or root compromises.
4f1315210789e192210530124a20b14d285e161fee054f21662640351113c9c7
Example script that exploits the poc.mail.local.txt (mail.local) security hole.
da41d2dae164a4557d6998e2fca3ac80383e4ac5caaab5ac71b14ec02dce8aec
Detailed descriptions of SMP /proc race conditions in Linux 2.2.1 kernel. Patches and Linux-2.2.1 /proc SMP race sniffer exploit code included.
953fc16750d0e9aadc7149c2cf38c1a3e7ab36073ac96e3bd6af1cb473723eee
Example script to test for the ncftpd.txt (NcFTPd) security exploit.
f662640f6c2994030cb4786d5747a8b803f7f8564ddd7f013919b672ce04cb9f
Exploit code for buffer overflow in lsof versions 4.40 and earlier that enables any local user to obtain root privileges.
2f337885cd4644411ec2cd6a2bdd6142da00b5fd1c44ff7e70bea39dc9fa6ebb
Buffer overflow in lsof v4.40 and earlier allows local root compromise. Suggested patch and fix information included.
12c3c70a01727e082fd215742bed00bec82aa7abab22a03f28b5fa0cbfe47c52
The Lydia pop3 email utility produced by Kabsoftware uses a weak encryption algorithm, leaving user passwords locally vulnerable.
0058b79f1038405d4d136dab9fc159fb719755d252212222dc920096bd1b9d32
Lynx /tmp bug involving symlinks can lead to local root compromise.
a6b28927f7725cb5e7841faa2bb5111e32452c91664008bad5d0baa2ce7ea8df
Diff for mail.local security hole.
855504517b6b7256a212e93bbdf14bcac7895900deaf5939cec69b952003b2e0
Example script that exploits the poc.mail.local.txt (mail.local) security hole.
33008441bf71060f041ab7d57a1c8ed7eb2bf57f991fb1f98d2a75fe0f8b7cb4
Mail-Max SMTP server for windows 95/98/NT contains remote buffer overflows that can result in root compromise. Exploit code (compiles on Linux x86) included.
bd9e54b5e723020155b6c4d447526db08e8a38f0decba193319f9e366086f768