There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.
84992efa78bb3a3fb28262ec1636137a11f3ea4f0311648432ccd5daf13f4aa1
A newline-and-tab technology along with the Msxml2.XMLHTTP ActiveX object in Microsoft Internet Explorer allows an attacker to bypass restrictions thus allowing XMLHttpRequest to interact with other sites.
c1b4a0216680574a03c9a89e8536a4c397402580faae85a81a1ba587337f8e54
Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.
dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58de
This tool enables the user to perform hop enumeration ("traceroute") within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do.
bef2510b762b0b1f0bddb9261ff48bd58606aef3f200307d00bb91da517bf024
Microsoft Internet Explorer is susceptible to a race condition when handling XML files.
65b5ff88a5c688e6efade9020b65082b7c0d035363e0ec99c427016864fe459b
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
32e1f026dd57ab647074756629038bd5a27a8e6656915da975aca3b0f3a7ca75
fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
a6ccc98cfad2330b7baf0827c44657e35cb6c387ab1e55e4b3f8bb762b4161bc
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
831a4b6a39b33de014871382233112437df138ac0b88113a1f9b944299087f23
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
6c4d8745f04e59f2ba68d56fd1554551592f08a0497c9fc21b84498f47d1aee0
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
174a1756727e8a70ce5608c6f412ecc89544c67b602215c1252df8e4a3c34d10
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
179d6ee928d353a18a1720cbccd146154d2f0e94f9ec017db838f45c1e8ddcc9
There appears to be a vulnerability in how Microsoft Internet Explorer handles (or fails to handle) certain combinations of nested OBJECT tags. This may lead to execution of code.
6880a1239046effd5defd553a873969d4f86cd06011c2e3d852b721791b32847
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
41d5cff0c19ab4add7345ce4326250d294cc6dec98912b229234e413320f7fff
Whitepaper discussing three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers.
d849035a1f06e3a9cad55a9295d2a7c43b7d6123119210ab738c87baad77219b
Interesting write up regarding possible code execution vulnerabilities in Microsoft Internet Explorer due to problems with image decompression and parsing.
8aa59c5262d0659c3680241d1e53f860d9626568c3b86d989d08cba6b374e641
Linux kernel versions up to and including 2.6.11 has various bugs in the ISO9660 filesystem handler code that can cause denial of service conditions. Script included that tests for this.
3b9fb06993c1ae8e5272ced026e456981eb915235b15ab9645b2d41729a0dc8d
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
524bb56f5c023913a3328472fa5f6aa5a6cb2c88568ba205c466a1b9a7dfe0e4
poink is a TCP/IP-based ping implementation that does not require special privileges and is designed for multiuser shell systems. It is intended to be a secure replacement for the standard IPv4 network monitoring tool.
a09d8be32a08f7888d85fea76552a0608886ce6b7257855443947f62ea09c142
Google's custom-crafted MX software is susceptible to a trivial buffer overflow vulnerability.
396737d94e8af9b562e87e15793607ec6157f8a039b69c9e0857d9830f7708c5
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
78702c2f8f43e546c8002d842fad47e077f205f16b6ac210cff5a285cdfe0d58
mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.
834ffbcab9fe491dcb7f248248f9542c337a4d42432f6b53633d5c5528041e9a
Addendum to previous post regarding browser inabilities to render HTML securely. It appears that problems thought not to also include MSIE do affect that product as well.
1d3da6813efc5cf470fc248ce32c43c281b284739d7147da3b335d2b2b2b9074
Debian Security Advisory DSA 556-1 - Due to a bug in the netkit-telnet server (telnetd), an a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
ec4755f9d76dfa4e46939a05ae1657c36bf2ae1df7bb22a5ed874747052b57ad
Fakebust is a simple, open-source, user-friendly, intuitive and very rapid malicious code analyzer that can partly replace and in certain aspects outperform an expensive, strictly controlled sandbox setup.
819c715400d0031c57cdcd4ca690905959ddce6857b8c4b80a6dfe213f3e387f
The Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This exposes the platform to a remote root problem discovered by scut of TESO back in 2001.
b774351baca900b321dda13082fb9c199c217207f04f1f3942bfc7692e1b6978