Remote CGI exploit written in Perl for Cpanel 5 Guestbook. Spawns a bash shell with the uid of the webserver. Windows version. Warning: Use this binary at your own risk.
Remote exploit for Apache + OpenSSL v0.9.6d and below. This exploit is based upon the openssl-too-open exploit by Solar Eclipse and offers more than 130 targets including various flavors of Linux.
Wd.pl is a remote IIS exploit in perl which exploits the bug in ntdll.dll described inms03-007. Tested on Windows 2000 Advanced Server SP3 - Korean language edition.
PHP Nuke 6.0 is vulnerable to multiple SQL injection attacks that will allow an attacker to access member lists, show users by user ID, show moderators, show administrators, privilege escalation, and more.
Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.
LHTTPd 0.1 remote buffer overflow exploit for the Win32 platform. This exploits a buffer overflow in GET request handling of HTTPd 0.1 for Microsoft Windows and binds a shell to the desired port.
Win32hlp exploit for the :LINK overflow that traps a .CNT file with arbitrary code that once downloaded will execute without a user being prompted for verification. Tested against Windows 2000 PRO/SERVER SP0/SP1/SP2.
Security Corporation Security Advisory [SCSA-012]: The Sambar server default installation has a cgi-bin directory which contains executables that allow remote users to view information regarding the operating system and web server's directory. It also path disclosure and tons of cross site scripting vulnerabilities.
Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.
ST-tcphump.c is a remote tcpdump ISAKMP denial of service exploit. Sends a packet on UDP port 500 which sends tcpdump into an infinite loop upon receipt of the specially crafted packet. Supports spoofed and non-spoofed packets.
CORE Security Technologies Advisory - A vulnerability exists in GNOME's Eye of Gnome versions 2.2.0 and below that is locally exploitable. When EOG is used as a default image viewer, it takes in the image name as a command line argument and in turn can execute arbitrary commands with the privileges of the user attempting to view the image.
Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .
Forum Web Server v1.60 has multiple vulnerabilities including a directory traversal that can be used to get usernames and passwords for the server and a cross site scripting vulnerability during message replies.