Local root exploit for /usr/bin/trn. Tested on Mandrake 9.2, Slackware 9.1.0/10.0.0.

Mandrake Linux Security Update Advisory - Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, tcltags and vimspell.sh created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts.

ELOG version 2.5.6 and below remote shell exploit. Includes targets for Slackware, Gentoo, FreeBSD, Mandrake, Fedora Core 1, Debian, Windows XP, and Redhat.

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X. Screenshot available here..

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X. Screenshot available here..

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X. Screenshot available here..

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X. Screenshot available here..

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X. Screenshot available here..

Secunia Security Advisory - Mandrake has issued an update for hylafax. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

Lesstif local root exploit for Mandrake Linux 2006 that makes use of the mtink binary which is setuid by default.

Samba versions below 3.0.20 heap overflow exploit. Written for older versions of Debian, Slackware, and Mandrake.

The Bastille Hardening program locks down an operating system, configuring the system for increased security. It currently supports Red Hat, Fedora Core, Red Hat Enterprise, SuSE, SuSE Enterprise, Mandrake, Debian, and Gentoo, HP-UX, and Apple's Mac OS X.

Anomalous Payloadbased Worm Detection and Signature Generation.

Advanced Polymorphic Worms: Evading IDS by Blending with Normal Traffic.

vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the binary executable version.

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version.

This code shows how to send hidden data steganographed into a simulation of common (worm) traffic.

Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.

The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA.

The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.

Whitepaper called Exploiting Web 2.0, Real Life XSS-Worm.

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

Whitepaper called Using "ShoutBoxes" to control malicious software.

Whitepaper called How Conficker makes use of MS08-067.

This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

PHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit.

Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.

Whitepaper called To Kill a Centrifuge - A Technical Analysis of What Stuxnet's Creators Tried to Achieve.

Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm.

Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.

Whitepaper that discusses types of computer worms and how metamorphic worms differ from the rest.

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.