| -[[
30 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| inc.c |
bsdi
3.0 |
-file
stack overflow |
local |
v9 |
| inn-nnrp.c |
nntp |
innd
nnrp overflow |
remote |
babcia |
| su-dtors.c |
suse
6.2 |
glibc
format strings su
exploit |
local |
localcore |
| local_nonexec_sun.c |
solaris
2.7/7.0 |
locale
format strings exploit |
local |
warning3 |
| |
|
|
|
|
| -[[
29 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| bftpexp.c |
ftpd |
format
strings bug |
remote |
digit |
| rcpsploit.pl |
redhat
6.2 |
users
can spawn a suid shell |
local |
tlabs |
| dump-0.4b15x.c |
redhat
6.2 |
external
program call with suid priv |
local |
mat |
| |
|
|
|
|
| -[[
21 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| sperl.c |
bsdi
3.0 |
stack
buffer overflow |
local |
v9 |
| bobek.c |
ftpd |
format
strings exploit (update) |
remote |
venglin |
| xrcvtty.c |
bsdi
4.0/3.0 |
stack
buffer overflow |
local |
v9 |
| vixie-cron.sh |
debian
2.2 |
insecure
umask() and fopen() calls |
local |
michal
zalewski |
| |
|
|
|
|
| -[[
20 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| locale.c |
solaris
sparc 7.0/2.6 |
format
string exploit |
local |
solar
eclipse |
| xlockfmt.c |
slackware
7.1 |
format
string exploit |
local |
ben
williams |
| hp-pppd.c |
hp-ux
11.0 |
stack
buffer overflow |
local |
k2 |
| ypbind.tgz |
redhat
7.0/debian 2.2 |
format
string exploit |
remote |
digit |
| |
|
|
|
|
| -[[
19 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| dump.sh |
redhat
6.2 |
external
program call with suid priv |
local |
mat |
| portbind.c |
solaris
sparc |
portbinding
shellcode |
shellcode |
dopesquad.net |
| crontab.sh |
hp-ux
10.20 |
users
can overwrite files |
dos |
dubhe |
| passive
connect.c |
freebsd |
connect
back shellcode |
shellcode |
scrippie |
| |
|
|
|
|
| -[[
18 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| iisex.c |
win2k/nt/iis |
unicode
transversal bug |
remote |
incubus |
| iis-zang.c |
win2k/nt/iis |
unicode
transversal bug |
remote |
optyx
& t12 |
| unicode.pl |
win2k/nt/iis |
unicode
transversal bug |
remote |
steeLe |
| unicodexecute.pl |
win2k/nt/iis |
unicode
transversal bug |
remote |
roelof
temmingh |
| |
|
|
|
|
| -[[
17 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| ppp-off.sh |
slackware 7.1 |
insecure
/tmp call |
dos |
sinfony |
| xsplumber.c |
games |
strcpy()
buffer overflow |
local |
v9 |
| listmail-exploit.pl |
cgi |
users
can execute commands |
remote |
teleh0r |
| utilmind-maillist-exploit.pl |
cgi |
users
can execute commands |
remote |
teleh0r |
| |
|
|
|
|
| -[[
16 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| hl-rcon.c |
games |
rcon
exploit |
remote |
condor
& csh |
| restore.sh |
redhat 6.2 |
external
program call with suid priv |
local |
nawok |
| oidldapd.c |
redhat
6.2/6.1 |
home
enviroment overflow |
local |
unknown |
| resdump.pl |
redhat 6.2 |
external
program call with suid priv |
local |
tlabs |
| |
|
|
|
|
| -[[
15 november ]]- |
|
| [-name-] |
[-platform/daemon-] |
[-description-] |
[-type-] |
[-author-] |
| pollex.pl |
cgi |
users
can control poll cgi |
remote |
keelis |
| openwall.c |
debian
2.2 |
heap
mismanagement bug |
local |
mastersecurity |
| news_exp.c |
cgi |
users
can change cgi admin password |
remote |
morpheusbd |
| gnomehack.c |
debian
2.2 |
home
enviroment overflow |
local |
v9 |
| |
|
|
|
|
| [comments? gov-boi@hack.co.za] |
EOF
|
![[www.hack.co.za]](../images/logo.jpg){kind=logo}