what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2000-08-15

rapidstream.vpn.txt
Posted Aug 15, 2000
Authored by Loki

RapidStream VPN nodes has hard-coded the 'rsadmin' account into the sshd binary in the appliance OS. The account has been given a 'null' password in which password assignment and authentication was expected to be handled by the RapidStream software itself. The vendor failed to realize that arbitrary commands could be appended to the ssh string when connecting to the SSH server on the remote vpn. This in effect could lead to many things, including the ability to spawn a remote root shell on the vpn.

tags | exploit, remote, arbitrary, shell, root
MD5 | 6e70e4def5f1cac4ebe348a0e56c6965
linsql.c
Posted Aug 15, 2000
Authored by Herbless

Linsql is a simple command-line client for MS SQL server which can execute arbitrary SQL queries and OS commands on an MS-SQL hosts that uses a blank 'sa' password, a common default configuration.

tags | exploit, arbitrary
MD5 | b2093a37c013dad47d3336afc2da99a5
VIGILANTE-2000006.txt
Posted Aug 15, 2000
Authored by Vigilante | Site vigilante.com

Vigilante Security Advisory - The OS/2 Warp 4.5 FTP Server contains denial of service vulnerabilities which allow anyone who can connect to port 21 to crash the service. Fix available here.

tags | exploit, denial of service, vulnerability
MD5 | 076354db31d3da7d9ef4e70cab192a03
VIGILANTE-2000005.txt
Posted Aug 15, 2000
Authored by Vigilante | Site vigilante.com

Vigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here.

tags | exploit, denial of service, tcp
MD5 | 3f541d31e07cd77684a3542ad46821b9
saint-2.1.3.tar.gz
Posted Aug 15, 2000
Site wwdsi.com

SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. It is updated regularly and scans for just about all remotely detectable vulnerabilities. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.

Changes: Check for IRIX telnetd format string vulnerability, Check for buffer overflow in gopher, Check for vulnerability in SUN AnswerBook2 (detected only at heavy-plus scanning level), Check for wais.pl, Check for PCCS MySQL Database Admin Tool, and Modified heavy scan to avoid crashing PC Duo.
tags | tool, scanner, vulnerability
systems | unix
MD5 | 4f15701849763bd72f2162f6386e3b7b
zorp-0.5.12.tar.gz
Posted Aug 15, 2000
Authored by Balazs Scheidler | Site balabit.hu

Zorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).

Changes: This release adds a new instance management script. Zorp is entering a feature freeze, heading towards the first stable version.
tags | tool, tcp, firewall, protocol
systems | unix
MD5 | b2d1cc7d8d49e44b0fd5b74b79a5d202
ackcmd.zip
Posted Aug 15, 2000
Authored by Arne Vidstrom | Site ntsecurity.nu

AckCmd is a special kind of remote Command Prompt for Windows 2000. It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases. More information can be found in the ACK Tunneling Trojans paper.

tags | remote, trojan, tcp
systems | windows, 2k
MD5 | 3bbbc2ffe5b7a002556c3f97a35bf45a
snitch.exe
Posted Aug 15, 2000
Authored by Arne Vidstrom | Site ntsecurity.nu

Snitch turns back the asterisks in password fields to plaintext passwords.

MD5 | f517d5537ab9dde173081af6df01f70f
zorp-0.5.11.tar.gz
Posted Aug 15, 2000
Authored by Balazs Scheidler | Site balabit.hu

Zorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).

Changes: Better enhancments.
tags | tool, tcp, firewall, protocol
systems | unix
MD5 | 4de982a765f5d27cef7a21f0b2d54bc7
inzider.exe
Posted Aug 15, 2000
Authored by Arne Vidstrom | Site ntsecurity.nu

Inzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.

systems | windows, 2k, 9x, nt
MD5 | 0d46638e9baca3a8fd88dca08251d120
fakegina.zip
Posted Aug 15, 2000
Authored by Arne Vidstrom | Site ntsecurity.nu

FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.

MD5 | 9a55ee09bba39df20b06092fe138e7bd
lyris.3-4.txt
Posted Aug 15, 2000
Authored by Adam Hupp

Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here.

tags | exploit
MD5 | a9644285ccce803fd21a6ecad931c843
ms00-058
Posted Aug 15, 2000

Microsoft Security Bulletin (MS00-058) - Microsoft has released a patch for the "Specialized Header" security vulnerability in Internet Information Server (IIS 5.0) that ships with Windows 2000. The vulnerability causes a web server to send the source code of certain types of web files to a visiting user. Microsoft FAQ on this issue available here.

tags | web
systems | windows, 2k
MD5 | 8e88bfae89bf6787d14258e6c5a66a68
FreeBSD Security Advisory 2000.38
Posted Aug 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:38 - The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization.

systems | freebsd
MD5 | 632b3e9319db03059f8ddd19d0a5711b
FreeBSD Security Advisory 2000.37
Posted Aug 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:37 - The cvsweb port, versions prior to 1.86, contains a vulnerability which allows users with commit access to a CVS repository monitored by cvsweb to execute arbitrary code as the user running the cvsweb.cgi script, which may be located on another machine where the committer has no direct access.

tags | arbitrary, cgi
systems | freebsd
MD5 | 369c22ebc44262a4748f2deccfdcc767
FreeBSD Security Advisory 2000.36
Posted Aug 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.

tags | remote, overflow, arbitrary, local
systems | freebsd
MD5 | 48d403c9f5188212026ee6f08d289224
FreeBSD Security Advisory 2000.35
Posted Aug 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.

tags | arbitrary, local, root
systems | freebsd
MD5 | 1fafc695df1bf3446f681406dc90b01d
FreeBSD Security Advisory 2000.34
Posted Aug 15, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:34 - ISC-DHCP is an implementation of the DHCP protocol containing client and server. FreeBSD 3.2 and above includes the version 2 client by default in the base system, and the version 2 and version 3 clients and servers in the Ports Collection. The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the server, allowing a malicious DHCP server to execute arbitrary commands as root on the client. DHCP may be enabled if your system was initially configured from a DHCP server at install-time, or if you have specifically enabled it after installation. FreeBSD 4.1 is not affected by this problem since it contains the 2.0pl3 client.

tags | arbitrary, root, protocol
systems | freebsd
MD5 | f860bd11876270653acaea47e45d5367
crypto-gram-0008.txt
Posted Aug 15, 2000
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

Crypto-gram for August 15, 2000. In this issue: Secrets and Lies: Digital Security in a Networked World, Microsoft Vulnerabilities, Publicity, and Virus-Based Fixes, News, Counterpane Internet Security News, Crypto-Gram Reprints, European "Crime in Cyberspace" Convention, The Doghouse: Authentica, Bluetooth, and Comments from Readers.

tags | crypto, vulnerability, virus, magazine
MD5 | f7012342a9fe430397c9d71e366de9fa
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close