There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.
84992efa78bb3a3fb28262ec1636137a11f3ea4f0311648432ccd5daf13f4aa1A newline-and-tab technology along with the Msxml2.XMLHTTP ActiveX object in Microsoft Internet Explorer allows an attacker to bypass restrictions thus allowing XMLHttpRequest to interact with other sites.
c1b4a0216680574a03c9a89e8536a4c397402580faae85a81a1ba587337f8e54Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.
dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58deThis tool enables the user to perform hop enumeration ("traceroute") within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do.
bef2510b762b0b1f0bddb9261ff48bd58606aef3f200307d00bb91da517bf024Microsoft Internet Explorer is susceptible to a race condition when handling XML files.
65b5ff88a5c688e6efade9020b65082b7c0d035363e0ec99c427016864fe459bp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
32e1f026dd57ab647074756629038bd5a27a8e6656915da975aca3b0f3a7ca75fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
a6ccc98cfad2330b7baf0827c44657e35cb6c387ab1e55e4b3f8bb762b4161bcp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
831a4b6a39b33de014871382233112437df138ac0b88113a1f9b944299087f23p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
6c4d8745f04e59f2ba68d56fd1554551592f08a0497c9fc21b84498f47d1aee0p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
174a1756727e8a70ce5608c6f412ecc89544c67b602215c1252df8e4a3c34d10p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
179d6ee928d353a18a1720cbccd146154d2f0e94f9ec017db838f45c1e8ddcc9There appears to be a vulnerability in how Microsoft Internet Explorer handles (or fails to handle) certain combinations of nested OBJECT tags. This may lead to execution of code.
6880a1239046effd5defd553a873969d4f86cd06011c2e3d852b721791b32847p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
41d5cff0c19ab4add7345ce4326250d294cc6dec98912b229234e413320f7fffWhitepaper discussing three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers.
d849035a1f06e3a9cad55a9295d2a7c43b7d6123119210ab738c87baad77219bInteresting write up regarding possible code execution vulnerabilities in Microsoft Internet Explorer due to problems with image decompression and parsing.
8aa59c5262d0659c3680241d1e53f860d9626568c3b86d989d08cba6b374e641Linux kernel versions up to and including 2.6.11 has various bugs in the ISO9660 filesystem handler code that can cause denial of service conditions. Script included that tests for this.
3b9fb06993c1ae8e5272ced026e456981eb915235b15ab9645b2d41729a0dc8dp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
524bb56f5c023913a3328472fa5f6aa5a6cb2c88568ba205c466a1b9a7dfe0e4poink is a TCP/IP-based ping implementation that does not require special privileges and is designed for multiuser shell systems. It is intended to be a secure replacement for the standard IPv4 network monitoring tool.
a09d8be32a08f7888d85fea76552a0608886ce6b7257855443947f62ea09c142Google's custom-crafted MX software is susceptible to a trivial buffer overflow vulnerability.
396737d94e8af9b562e87e15793607ec6157f8a039b69c9e0857d9830f7708c5p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
78702c2f8f43e546c8002d842fad47e077f205f16b6ac210cff5a285cdfe0d58mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.
834ffbcab9fe491dcb7f248248f9542c337a4d42432f6b53633d5c5528041e9aAddendum to previous post regarding browser inabilities to render HTML securely. It appears that problems thought not to also include MSIE do affect that product as well.
1d3da6813efc5cf470fc248ce32c43c281b284739d7147da3b335d2b2b2b9074Debian Security Advisory DSA 556-1 - Due to a bug in the netkit-telnet server (telnetd), an a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
ec4755f9d76dfa4e46939a05ae1657c36bf2ae1df7bb22a5ed874747052b57adFakebust is a simple, open-source, user-friendly, intuitive and very rapid malicious code analyzer that can partly replace and in certain aspects outperform an expensive, strictly controlled sandbox setup.
819c715400d0031c57cdcd4ca690905959ddce6857b8c4b80a6dfe213f3e387fThe Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This exposes the platform to a remote root problem discovered by scut of TESO back in 2001.
b774351baca900b321dda13082fb9c199c217207f04f1f3942bfc7692e1b6978
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed