Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
d6672353da22242d8fc89098e6e31eb2c358a76ff09164f2b7f0f5060a5f0c03A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
fd6ebb0828f5cb6e82c9eee40aa6c2ec59a5dc98c91a65464b19819116f6bf26iDEFENSE Security Advisory 04.08.03 - Remote exploitation of a memory leak in the Apache 2.0 HTTP Server causes the characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters. Versions affected: < 2.0.45.
b48df828dbdecf9e21604f43457d667566af6ec88eb59354928059fb5619165diDEFENSE Security Advisory 04.09.03 - A vulnerability exists in Microsoft's Internet Security and Acceleration Server that allows attackers to cause a denial-of-service condition by spoofing a specially crafted packet to the target system. Another impact of this vulnerability is the capability of a remote attacker to generate an infinite packet storm between two unpatched systems implementing ISA Server or MS Proxy 2.0 over the Internet.
b573e2b6f6a85ab874cda45b55e19be72c075584f1a76e5079e895a43dc4c0deFlawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
b4c7ae8769c612b482a70be7b1495c99466bb71de7d68352b7ed0d353ea95920Denial of service exploit against Half-life servers. After sending 3 specially formed packets the server is unresponsive and there is 100% CPU utilization. Tested against versions 3.1.1.0 under Suse Linux 7.3 and Windows 2000.
f6925a6a151cb89c26585acb1aea48df880c09ff4bfd634972dca9999ce666cdmIRC versions 6.03 and below has limited visibility during a DCC GET that allows for an attacker to spoof a legitimate file and instead send an executable that can lead to a compromise.
1526285a6cfee9ec7f27c916f95f1a43e3c750528310833886e933edd45409b5UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
1ec77d05a51e34bf8f10fddbcea60b702cb5fe474c39d04ba118f2d496c1a10eCoppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
0d2fe1a4e09dda1f2380a7d53ddb87733772a50e381a3cc8e5217a10c4ca5dabAtstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34acFreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
23abd59338b2e7cba9ff83607ae2df35e0a61553e0f957bbac4570d67c681598Digital Defense Inc. Security Advisory DDI-1013 - A buffer overflow exists in Samba which allows a remote attacker to gain root privileges due to a a StrnCpy() into a char array (fname) using a non-constant length (namelen). Versions affected: < Samba 2.2.8a, <= Samba 2.0.10, < Samba-TNG 0.3.2.
962ecad2179dfe0cee6faea84ca0c80848964f1c2c98c2fd4afdf1aee435a89bUtility for finding Samba and Windows Netbios services. Udp based and very quick.
0f979b2367b4d8a0297222cbb4011213e3324b66c3659d16507092fb464bb330fatajack is a modified Wlan Jack that sends a deauth instead of an auth. This tool highlights poor AP security and works by sending authentication requests to an AP with an inappropriate authentication algorithm and status code. This causes most makes to drop the relevant associated session.
5b4c8235dc1aa20a0096f52dea4f1c9832db9cee0de8bddad235a411167b0cedRemote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3fWin32 Shellcode Version 1.1 - Supports SHE+ScanMem to get GetProcAddress memory address, bind mode, connect back mode, reuse connect mode, and more.
5362ba1b4b205e3dbeaca2371bc7f6813b413007491740ae688a645399986d60Simple scripting utility that will perform DNS, SMTP, and HTTP scans on a hostname list given by google.com.
22496f05022cb6837ddc642bb6b9592199c3824b3664014e3f379c9af03ac571
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed