Microsoft Security Bulletin (MS00-048) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability allows a malicious user who can authenticate with the SQL server to run a database stored procedure without proper permissions. Microsoft FAQ on this issue avalable here.
54ea46851968ec5669928b3dee1521a7b09d1bd84028696c575a139329dddeba
CERT Advisory CA-2000-13 Two Input Validation vulnerabilities in FTPD. Wu-Ftpd 2.6.0 has a site exec vulnerability, and BSD ftpd vulnerability involving a missing character-formatting argument in setproctitle(). Both of these can be exploited by remote attackers to gain root access.
956c76b0ce1114a6f1dd3c590afcf13fe4e6aff06b58ee96381ec0a95566b529
iplog is a TCP/IP traffic logger capable of logging TCP, UDP and ICMP traffic. Features a DNS cache, the ability to detect port scans, null scans, and FIN scans, "smurf" attacks, bogus TCP flags used in OS detection, Xmas scans, ICMP ping floods, UDP scans, and IP fragment attacks. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris.
3821967691495a98f5225dc6886657a49eedb7e6a1d8cc12a817f6fd8793ec0b
Local linux dos - fork() bomb.
0150114c259b6f8388ff58ff1ed1bf9e8d1d382a3e050a5864232da60723117d
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT. The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%.
61c0ad7d028e554c35d5167f8ebd20c832a6adbd1bb7c02554be5c77505b3562
SecureXpert Labs Advisory [SX-20000620-2] - Multiple services on Windows 2000 Server are vulnerable to a simple attack which allows remote network users to drive the CPU utilization to 100% in an extremely short period of time, at little cost to the attacker's machine.
191c6adfd847ea402235201869f564559ee66cfe136a02c7e35f348121711f8d
SecureXpert Labs Advisory [SX-20000620-1] - Denial of Service vulnerability in Microsoft Windows 2000 Telnet Server. A remote user can cause the telnet server to stop responding to requests by sending a stream of binary zeros to the telnet server. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc target.host 23 < /dev/zero".
75c77bf0657fae44cbe5c5587fc4118b7d0679ae59041f32fa493cfc21d0f95d
!Bios can decrypt the passwords used in some most common BIOS (including various bioses/versions by IBM, American Megatrends Inc, Award and Phoenix). !Bios can also save and restore the IBM standard CMOS/NVRAM memory where almost all common Bioses store the BIOS setup settings. !Bios can save the part of the RAM dedicated for the BIOS (which has security implications in some BIOSes as encryption algorithms and/or password may actually reside here in some badly coded BIOSes). !Bios can do crude, brutal attacks ("blasters") which removes password from a lot of Bioses. A bit dangerous though, can give unexpected and unwanted results. !Bios has a CMOS editor where you through a interface with similarities to several hex-editors can modify the CMOS/NVRAM memory in binary, decimal and hexadecimal ways. (only adviced for very experienced hackers) !Bios has a command line interface (CLI) and a very simple VGA-text interface, GUI. If no parameters is passed to !Bios, it starts the easy-to-use GUI, otherwise it starts the GUI. !Bios has built-in support pages which provides several tricks and tips, notes about known backdoors etc.
e6b3250b00edef016e7be33215b43b63879d3d2dad4f62f8f21afda6b7424770
Default Passwords for many network switches and devices. Includes many 3com products, ACC, AcceleratedDSL, ADC, Alteon, Arrowpoint, AT
39b068457d87fe9ccdf5c7fa081a0000390236b200f7392040d582c8c91acd72
hping2 is a network tool which sends custom ICMP/UDP/TCP packets and displays target replies like ping does with ICMP replies. hping2 can handle fragmentation, arbitrary packet body and size and can be used in order to transfer files under any supported protocol. hping2 is useful for testing firewall rules, spoofed port scanning, testing network performance under different protocols, packet sizes, TOS, and fragmentation, path MTU discovery, file transfer even with really facist firewall rules, traceroute with different protocols, firewalk like usage, remote OS fingerprinting, TCP/IP stack auditing, and much more.
b13bb23791aeed1de0424b28be4fef0947ceac2fd123cc3d4feaec3411a355e4