allegrodos.txt

The description made it easy to create this one. Needed this to confirm if some 2.10-branded products were in fact patched and warranted replacing. Considering there was four years of warning and there are still tons of boxes with this problem, please, people, get your systems pen-tested...

RoseAttackv1.txt

/-------------------------------------------------------------/ / Implementation of Rose Attack described by Gandalf . Reference: Bugtraq, 30 mars 2004, "IPv4 fragmentation, The Rose Attack" Written by Laurent Constantin Library netwib must be installed:...

WinZip - MIME Parsing Overflow

/ Author: snooq Date: 14 April 2004 This is a PoC exploit for WinZip32 MIME Parsing Overflow bug reported by iDefense on 27 February 2004. The original advisory is found here: http://www.idefense.com/application/poi/display?id=76 This version is SP dependent becoz my idiotic shellcode uses...

Microsoft IIS - SSL Remote Denial of Service (MS04-011)

/ Microsoft SSL Remote Denial of Service MS04-011 Tested succesfully against IIS 5.0 with SSL. David Barroso Berrueta dbarroso s21sec com Alfredo Andres Omella aandres s21sec com S21sec - www s21sec com / include include include include include include include include include include include...

[Full-Disclosure] Microsoft Help and Support Center argument injection vulnerability

OVERVIEW ======== "Help and Support Center HSC is a feature in Windows that provides help on a variety of topics" from www.microsoft.com. It can be accessed via HCP: URLs. HSC is installed by default on Windows XP and Windows Server 2003 systems. An argument injection vulnerability in HSC allows ...

Unreal engine updates and Battle Mages advisory

I have an update about the methods used to test the format string vulnerability in the Unreal engine I reported yesterday. I have solved a problem in the windows version of my proof-of-concept unrfs-poc now version 0.1.1: http://aluigi.altervista.org/poc/unrfs-poc.zip The following instead is a...

gwebTraversal.txt

Donato Ferrante Application: GWeb HTTP Server http://freshmeat.net/projects/gweb/ Version: 0.6 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2...

Proxy-Pro Professional GateKeeper 4.7 Web Proxy - Buffer Overrun

// source: https://www.securityfocus.com/bid/9716/info Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited to execute arbitrary code in t...

Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator

/ Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version can be found here...

Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator

Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...

[Full-Disclosure] Serv-U 4.1 Memory Corruption / Whatever

Well, I didn't have the time to fully analyze it yet, but by using a fuzzer to check Serv-U, I found something that crashed it using bad data in SITE CHMOD. This is not the already discovered vulnerability, cause it can be used without write access, the crash occurs before permissions are even...

[RHSA-2004:048-01] Updated PWLib packages fix protocol security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated PWLib packages fix protocol security issues Advisory ID: RHSA-2004:048-01 Issue date: 2004-02-13 Updated on: 2004-02-13 Product: Red Ha...

New CesarFTP v 0.99g DoS

just thought that, since you seemed interseted in the topic earlier, I would e-mail you this exploit. I don't think that it's going to get patched anytime soon anyways, so it doesn't matter. I haven't tested remotely network trouble but I would like to get some info back on your results. I can on...

Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2)

/ EDB Note: This will just "test" the vulnerability. EDB Note: An exploit version can be found here https://www.exploit-db.com/exploits/145/ / / Proof of concept code for testing domremap Linux kernel bug. It is based on the code by Christophe Devine and Julien Tinnes posted on Bugtraq mailing li...

Note for "Invalid ContentType may disclose cache directory"

Note for "Invalid ContentType may disclose cache directory" This vulnerability"Invalid ContentType may disclose cache directory" doesn't work on all systems. "Invalid ContentType may disclose cache directory", at http://www.safecenter.net/UMBRELLAWEBV4/threadid10008/ Please note that execdror6 an...

[Full-Disclosure] yet another panic() in OpenBSD

a project lacking the basic QA and unit testing and here is the outcome: include stdio.h include sys/types.h include sys/sem.h include sys/ipc.h int main int i; fori = 0; i 0x40; i++ semopi, struct sembuf NULL, 0; PANIC in OpenBSD 3.3 and 3.4 is confirmed. Full-Disclosure - We believe in it...

Real Server 789 (Windows Linux) - Remote Code Execution

Real Server 789 Windows Linux - Remote Code Execution / / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by: Johnny Cyberpunk thehackerschoice / THC PUBLIC SOURCE MATERIALS / / http://www.service.real.com/help/faq/security/rootexploit082203.html / / After successful exploitation o...

GNU GNATS 3.113.1_6 - Queue-PR Database Command Line Option Buffer Overflow

source: https://www.securityfocus.com/bid/8232/info A stack overflow vulnerability has been reported for the queue-pr utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. Successful exploitation may result in the executio...

Cisco IOS IPv4 Packet Denial of Service Exploit (cisco-bug-44020.c)

No description provided by source. // / cisco-bug-44020.c - Copyright by Martin Kluge [email protected] / / / / Feel free to modify this code as you like, as long as you include / / the above copyright statement. / / / / Please use this code only to check your OWN cisco routers. / / / / / / This...

Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes

New XFree86 packages for Red Hat Linux 8.0 are now available which include several security fixes, bug fixes, enhancements, and driver updates. Updated: June 30, 2003 The XFree86 4.2.1-20 packages which were originally released in this advisory were accidentally built with debugging info enabled...