Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .
21103ace980bf29abaf0743ed5d8816533999653245d3642f709e758b76ba991
Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.
15a084aac71ca804bb1ff97e1ca230d473228271616ff4493d50b4b2a3d11cd4
Zlib gzprintf() proof-of-concept buffer overflow exploit.
526b27a79eccef0155d5959f4134946835d3f413dd6d008aa45c728ec96c60bd
Local root exploit utilizing the overflow in XLOCALEDIR under XFree86 Version 4.2.x using xterm. Tested against Slackware 8.1 with kernel version 2.2.25.
5fd8f78f2af0410dd41eacb2da05936e9ffd1dfde65f9fc1f23fe0893668246c
Packet Storm new exploits for March, 2003.
99a4af813d300038af78ac3abb7d9b6bd8d2dceb9b661b5b112f238494160780
Local exploit that yields gid of games for /usr/bin/toppler. Tested against RedHat 8.0.
c92cab560b62bccb2088bbd7e1ee2b423795fe4783101d37181185d7c3dbad96
Exploit for the win32 Sphere Server .55i from the Ultima Online Server Emulator.
c61f895011cca1cf9179eac1583450d27e65398ee74ab2bebbbc0cc2f78f02e7
Exploit for remote administrative access on the freeware Ultima Online server emulator from sphereserver.com. Tested against axissvr 0.13.3.0.
1e2e497dc7b1abee56419b300adc740941e8fbad2c4768089ac1e0f1a2735a3f
Proof of concept exploit that will bind a cmd.exe shell on a given port utilizing the vulnerability in ntdll.dll described in ms03-007.
4a6a2dbc4a7b778869518e506ac6cd06819603c1bdf12113faff2f380ee3bcb8
Rs_iis_xpl.pl is a remote exploit for rs_iis.c, a remote IIS exploit. Sets up a web server, and if rs_iis.c is used to attempt an exploit, a shell will be spawned on the attacking host. Tested against FreeBSD 4.7-RELEASE-p7.
53a1d6f18d614b512a0d0c1ca5a75101a70147c7534c005448527d40e2891a82
Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.
3b8cd898c56ffd9fbcad5f8c4a643c6201ae0184608d07c89c46e5d1ba679c07
CORE Security Technologies Advisory - A vulnerability exists in GNOME's Eye of Gnome versions 2.2.0 and below that is locally exploitable. When EOG is used as a default image viewer, it takes in the image name as a command line argument and in turn can execute arbitrary commands with the privileges of the user attempting to view the image.
1950228f33b065eb6ab55bc204fca15b96faec949e0b20489cd4de91304831bb
Gespuis acts as an irc bouncer and exploits BitchX/Epic clients spawning a bindshell.
dd15eaa198ba5124d4a8fee6a3430072539d129c6f1f74f1e39e66f5101144cb
Security Corporation Security Advisory [SCSA-012]: The Sambar server default installation has a cgi-bin directory which contains executables that allow remote users to view information regarding the operating system and web server's directory. It also path disclosure and tons of cross site scripting vulnerabilities.
b897ec3ddb97840373628aa3bb5efc9f8c599d518df5000da8a5091885486a75
NSFOCUS Security Advisory SA2003-01 - The NSFOCUS Security Team has found a buffer overflow vulnerability in Microsoft Windows XP Redirector that can be exploited locally and can allow attackers to crash the system or gain local system privilege by carefully crafted code.
4bce606470486613bbe2edd6d19c384969079d8be9debbb1f30a27d5174adf73
The CuteFTP 5.0 client is vulnerable to an overflow in the LIST response. This exploit spawns a fake FTP daemon that will take advantage of an inbound vulnerable client.
0d90fa34ef19917ca10687f8f44e64d6c882b732e003af9733fd1171ab14236f
Wd.pl is a remote IIS exploit in perl which exploits the bug in ntdll.dll described inms03-007. Tested on Windows 2000 Advanced Server SP3 - Korean language edition.
5ea1f6ba50a1127397038bd3ad1cc1ed795a67a840eab0ac0c674e81cf2d7b19
Ntdll.dll remote IIS exploit which exploits the bug described inms03-007. Attempts to spawn a remote shell.
8fd2cc3cb35d4d32afa6c2889e3056ee970fc039cea7bda513e5554fd8b1068b
Outblaze web based email is vulnerable to user cookie spoofing that will allow an attacker to retrieve a user's password.
27cb8401290217c09af3cc57b0eac1a72004aee543b0d3820828ddb0cc9e207b
INetCop Security Advisory #2002-0x82-013 - The Kebi Academy 2001 Web Solution suffers from a basic directory traversal vulnerability which may allow remote attackers to execute code on the server.
852fd7f68269e8865c32455952d42b80d4eef0257eeec6af4e85f898aa68088d
Remote exploit for Intel's PXE (Pre-boot eXecution Environment) daemon on RedHat Linux 8.0.
6ee7f60bbf12228d58ccf17f6d93e028fed34300347b2f6d532b8eabc173c677
Local exploit for the SUNWlldap library buffer overflow vulnerability on Sun Solaris x86.
9741295723632b8059de0525584841db6e2fb91f9d27d52e0c0d9caf0562ad64
Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux.
3a5210e98085c90e9f463fc1ab409702683f014b9cd595a3baf694c9a429a289
Remote CGI exploit written in Perl for Cpanel 5 Guestbook. Spawns a bash shell with the uid of the webserver.
ca9f2885c908445eb60e8177358c48d394aa727280a6bb55d5f86eff26d45bb7
IS 5.0 / Windows 2000 mass scanner / rooter which spawns a shell from a vulnerable system back over to the machine from where the attack is launched.
24f0ee8484f067e1f4b58579af1d7deca6ff9ef430a2ae999a08629bbc3e11c1