iDEFENSE Security Advisory 12.16.05 - Remote exploitation of a heap overflow vulnerability in Citrix, Inc.'s Program Neighborhood allows attackers to execute arbitrary code. The vulnerability specifically exists due to insufficient handling of corrupt Application Set responses. A heap-based buffer overflow will occur when the Citrix Program Neighborhood client receives an Application Set response containing a name value over 286 bytes. iDefense has confirmed the existence of this vulnerability in Citrix Presentation Server Client 9.0. All prior versions are suspected vulnerable.
6ea44b3f6b291474d433ca5dd285c702d83bfa6fb95f3dec9f5da6d3623ea280iDEFENSE Security Advisory 01.20.05 - Remote exploitation of an input validation vulnerability in 3Com Corp.'s OfficeConnect Wireless 11g Access Point allows attackers to glean sensitive router information.
20d6f9dae34c3b4c99c46cf39adab6cad55fcb5b45259ad5e2453aaf25d2108ciDEFENSE Security Advisory 12.16.2004-5 - Remote exploitation of a stack-based buffer overflow vulnerability in Veritas Backup Exec allows attackers to execute arbitrary code. The vulnerability specifically exists within the function responsible for receiving and parsing registration requests. The registration request packet contains the hostname and connecting TCP port of the client which is stored in an array on the stack. An attacker can send a registration request with an overly long hostname value to overflow the array and take control of the saved return address to execute arbitrary code.
a924ddb439be900e0f1e0eb48321e5e919eec5354788d3a7cc611c97a744d51fSQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.
33ef7508838012b697f29ea87790514fe74b23e77d4da94f5351850384e86cadA CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure Java, making it possible to run the scanner on a few different platforms. Both the Java source and binary distributions are included.
d7ddc0a81891ee38242dfbcfd94e1c5afa8a97bf82ec803ca9d964710a6963bbMetaFrame XP Presentation Server and MetaFrame 1.8 have a flaw that allows an administrator account to mount any client drive available in any user's Citrix session.
34f23f9738b94f17232372cad784b2bf785946c38d216b82724c99af44ef901aIEHist dumps Internet Explorer history from index.dat files into delimited files suitable for import into other tools.
b8aa5e9a301292fd275a632be35c3791be8407e584979256137f32203de3a450VNCPwdump can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways. It supports dumping and decrypting the password by: Dumping the current users registry key, retrieving it from a NTUSER.DAT file, decrypting a command line supplied encrypted password, and injecting the VNC process and dumping the owner's password.
ebf49f069d3620f60c4c84681dfca3061ff616033ee023578474e84bc7623eedPassifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found. Initial version holds support for the following protocols and plugins: CDP, CIM, HSRP, IPX, NETOP, SMB, TFTP.
8bc5231456824abbfdbf91481823c7a14a7be0f5e42fc530de99aeb9ac3314bbOAT v1.3.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.
f74397f5dff0d95279b307a2fc6334c3acae4a79d5a794fddf202a2e0033b02aOAT v1.2.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.
17b789dc0c4f20818e16e097cd8de94348b2acdbe7665d63d8ff1b91c2df0e9bThis tool should be used to audit the strength of Microsoft SQL Server passwords offline. The tool can be used either in BruteForce mode or in Dictionary attack mode. The performance on a 1 Ghz Pentium (256mb) is around 750,000 guesses/sec. This is the source - Windows and Linux binaries available here.
70225e564e5dad311fc27b7eb5302b9441f8adc52da4eaf2c2d49d79708fe23dThe 4D webserver v4.7.3 has a buffer overflow condition in the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution.
b96f3931116f62370d7fc24b352b14216c1aa472d09e0f7a13ec66181f1c021fCqure.net Security Advisory cqure.net.20020412.bordermanager_36_mv1.a - Three vulnerabilities were identified in Novell Border Manager 3.6. The vulnerabilities will cause the handling NLM to abend, and in some cases result in a denial of service to to Novell server.
f299bcf1188f4c8c7d32630643702fd962fc7a016d90a590fa5014a2d1f6d783Cqure.net Security Advisory cqure.net.20020412.netware_sdmr.a - The IPX compatibility issue Posted to BugTraq on July 11, 2000 by Dimuthu Parussalla applies to Netware 6.0 SP 1 as well. An attacker could cause the SDMR.NLM to abend and in some cases reboot the server.
6e6452d419db4e473889709434156d711e2dea30704458f960ad8691c0bfdd80Cqure.net Security Advisory cqure.net.20020412.netware_client.a - Multiple buffer overflow conditions exist in the Novell Netware client for Windows v4.83 which allow an attacker to crash any software relying in name resolution.
acf676864959962a18ec7ee46cd42809dc4d8f63457b8d3aa66b57a2932b55b5Cqure.net Security Advisory 20020408.netware_nwftpd.a - A vulnerability found in the Novell Netware 6.0 SP1 FTP daemon can be used in a denial of service against this application. Exploitation of this problem can result that the daemon starts consuming all CPU resources.
090c17bdcfa438d7edb5199d6b979d712c815b29b6cfad263682923334c7e20bSQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.
0a6676ead453d7eb681412ed238737347e7d9999a9a49c421d11ecd2fa62ddf7OAT 1.1.0 is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.
bc9ed0ea0c85421c9784e1ff06ab40b9281dd0c95e8d3000643a6c092d7de444WaveStumbler is console based 802.11 network mapper for Linux and supports WEP, ESSID, MAC and more. This package includes a kernel patch (for the wireless nic drivers) which can be applied to the linux-2.4.17 sources and a program called wavestumbler. The program interacts with the patched network drivers to map wireless networks.
319a2fe4cb418f7de47ee1cd5c4b13d741d5068d4d306365a9efe4016383edbaWaveStumbler is console based 802.11 network mapper for Linux and supports WEP, ESSID, MAC and more. This package includes a kernel patch (for the wireless nic drivers) which can be applied to the linux-2.4.17 sources and a program called wavestumbler. The program interacts with the patched network drivers to map wireless networks.
4194bbebe1197ab17393b9b111e5d57f13bd75d916018ecb3a297a88c41dc29cThe SMB Auditing Tool is a password auditing tool for the Windows and the SMB platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremely fast to guess passwords on these platforms. Running a large password file against Windows 2000/XP, shows statistics up to 1200 logins/sec. This means that you could run a commonly used English dictionary with 53 000 words against a server under a minute. Supports SMB over Netbios and native SMB over tcp port 445. Compiles on Linux, BSD, and Cygwin.
1e3300ae5e5ea40279f6d80a3ed0fccb68f2cde69c5f19250d5446805f317df0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed