372 byte socket-proxy shellcode for Linux on x86.
433765238af6b29c9039efca01cdbde5d458010e03af10626c35d6b7f3e86c91
90 byte connect back shellcode for Linux on x86.
34677ae2cc62c081beeb6ed4432ef2371fd2e9b8491caa7d9d91e10a202353a1
Linux kernel 2.6.11 and below CPL 0 local exploit. Third version/variant of this exploit.
1ca572d08790256ea24ef02a696eaf5397c0fc2f20cbdaf34cbe38b22906afe9
Remote command execution exploit for CubeCart versions 3.0.6 and below that makes use of an input sanitization flaw in orderSuccess.inc.php.
00fbd0c7206790a27b12b5ae24f9fbea2296507f3b1dcffb6d9667818b0c41b4
This Metasploit module exploits a vulnerability in the Windows Picture and Fax Viewer found in Windows XP and 2003. This vulnerability uses a corrupt Windows Metafile to execute arbitrary code.
32b10151bef51975d7d381bd4a6c2f01253e1bd6cd421060244006781845ee54
Webknock is a program that continuously scans Apache's access logfile and executes a configurable command when a certain URL sequence is detected. The IP address of the client can be passed to the command to be executed, allowing one to use iptables to open certain ports (usually, SSH) to certain hosts as soon as the correct URL sequence is activated. No changes to the Web server configuration are necessary.
54b59c18820c91951fcdb4d7ccf60d3c3ec4ddecf2f016a44e58a9451a9a3774
Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
3afb2f086bd459b8a854856dbdff2e4b49a9ce4cea307d1d4e195f91d267845e
Sony's Instant Video Everywhere Service is susceptible to a replay attack due to passing credentials over an insecure connection.
e411ec2ce0ca7bfaff8b07af72e19f12795d3e954c3ab8a63ed6f90810b8e1d0
Mandriva Linux Security Advisory - newbug discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.
63337b10e654694bdf95adae6bbbc6d53c122f70a7b8bc340fb5146e29276a61
Electric Sheep version 2.6.3 suffers from a stack overflow in the windows-id parameter. Note that it is not setuid by default.
637e767deb9f57a0e6465433adc14495207554e9f117a7669575c6eaa7b3f610
Electric Sheep version 2.6.3 suffers from network related vulnerabilities due to libcurl issues.
5ddfb3f618c3702bf4ddd8b34b5e16e3b176e0879d1427707009924438082225
MAC changing utility that can be used on Windows from the command line.
90c5fbc6757814acbd1f1a07456780bb3a9a61b9ef64a246eb092af41bd2f1e8
Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbitrary locations in the file system, and thereby gain root access. Versions of rssh below 2.3.0 are affected.
e0400de36fd827a4ed316391ce7f793e1db1e6ed15f917f0dbbe692281d94f10
Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows arbitrary code execution when a malicious ARJ file is opened. The vulnerability has been confirmed in version 3.4.0.0. Other versions may also be affected.
90fe454dcc4e972332b2273b3e29b2723f41e8dc0a3162a8d3b8c341ab5f210f
Lotus Notes uses the same vulnerable shimgvw.dll graphics rendering engine file implicated in the Microsoft WMF file handling vulnerability.
29b636686315c58735d0610c7bca6c8b5cc3272d4a75f859ecf334370e5f21e7
Gentoo Linux Security Advisory GLSA 200512-18 - Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DT_RPATH field insecurely, causing the dynamic loader to search for shared libraries in potentially untrusted directories. Versions less than 1.70-r1 are affected.
5419778abf1281f4d52f3a5a7ad6287dc73c3a659653c6a61a9bc863212e11e0
KAPDA Advisory #18 - Various WebWiz scripts suffer from SQL injection vulnerabilities due to a lack of input sanitization in check_user.asp. Details on exploitation provided.
47d9f7e6f77dbf6c77a9d24bd85c5239b1dae742ef993af3a16cb86904a1d76e
Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
5ba9a1a6b5a7b435020260334850fe74a866e04070aad02a7a81f636e1114fd9
Internet Explorer Version 6.0.2900.2180.xpsp_sp2 mshtml.dll <div> denial of service exploit.
b08d821fdf031251580d1f273add92d5d9909edc141c9787b63358afb96f8656
Remote command execution exploit for phpDocumentor versions 1.3.0 rc4 and below.
c85a0ee4f7dca42e17c196cd5e48e3e132fc76fefe04312f063338e3d92850ca
Google's GMailSite script is susceptible to cross site scripting attacks. Details provided. Versions 1.0.4 and below are affected.
80412f5ef921ebe774f0f42ee55259a8ea6dab306befcacfa67e350729d833b3
Gentoo Linux Security Advisory GLSA 200512-17 - Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates command-line parameters to a scp or rsync command. Versions less than 4.2 are affected.
7d3b8b8e673a150ac59bf9f575a2aa0f0761ff52bc5581fff2170616a3a2b959
Debian Security Advisory DSA 927-2 - The last update of tkdiff contained a programming error which is fixed by this version. The Debian Security Audit project discovered that tkdiff, a graphical side by side "diff" utility, creates temporary files in an insecure fashion.
04ddb92216231252d15a068f89a4eb20ca1ed709cdfa916c563a4426b39cca12
Technical Cyber Security Alert TA05-362A - Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the the Windows operating system may be at risk as well.
f6f83f4c62f88b1b8f28ccf5bd55c11ca01db6be417a1c42f07ba65cd3f93cf3
Call for papers for the IT Underground 2006 conference to be held February 23 - 24, 2006.
1cd8eba24c0aa9b81f9ec07b3756967f56953e292b60d8fee3511b4d13e1cede