HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.
cf8fada37f8c1613e87c090555684cc0f5c51d3e63815104a2e3e47aeb5420caAdvanced Socket Bouncer (ASB) is another kind of network tool. It supports IPv6 (detects automatically IPv6 hostnames/addresses), SQUID (connect method and SQUID with SSL support but no SSL proxy), SOCKS4, SOCKS5, and WINGATE.
6d8e284992b078fd77ad8910e57bfa57dc3b6d034d5c043f4f19e4b8a0ca1ec0NT Blackhat paper is a beginner's document about NT-security. This document describes pretty well what malicious hackers exactly do when they attempt to hack your NT servers. Although it was meant for beginners, it is still suitable for novices, and maybe even experts who wants to read and maybe learn something that they didn't know.
9bc5d341b00d97d30115a560879c0f9fc3e6fb8f23278feb1eb19a1b0910fd73This paper is the culmination of research that describes the DOCSIS standard and related information for the purpose of explaining exactly how cable networks (@home, RoadRunner, Mediaone) are implemented from the service provider to the home. This includes details on the cryptography used, the frequencies data is transmitted on, and hardware explanations. A recommended read for anyone interested in cable-modem networks.
a51266d77a22f525901cc0fb9b1e1e1f03cceb95d47d9b1cece1ab5b319bfd5dCIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.
02f9d096afa81c2dcbbf3f8bb5609cd6012765d85d04dbbebd34e50597b3e154PocketC program to dehash the admin password for FlowerFire's Sawmill 5.0.21 log analysis package. This has been written, compiled and tested on my palm IIIxe. Takes a few seconds since the hash is so weak.
0aa155e7517924fa800b7c6c2d61993936bdde7128b24b1b64a1311803519fd9CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.
5544d2db9c8dc0786db03c0333204f82c3ce81f66faa47a4e2eca3e446cb972aDebian Linux Security Advisories - The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you upgrade your xchat package(s) immediately.
92ea17ad4b9f5d402e151a4484533f7e07caad18dba33aa33f837e36d1ba8144-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.
0816d0752bc9ca5d7c49022abbc5dabc570e44109e381d1ba13966b6b2106a36Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl.
fd30db3d59fb11eebed664de7828aa72bf38858d22179822a5620979f47adbd7Debian Security Advisory - Using ntop to distribute network traffic through the network, i.e. running ntop as webserver, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured.
46903f38c37d51ae42ab5e007449f7c7e49a1b6750c646d43af71efc518dbca6This decrypts the safe passwords of NcFtp
1456100cf9a8fdbad6da475d328a766118e6fa62d942b9ddef1a6d3d0bb7d718This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.
c26bee1cd2d462edde38575ca8ae2a80b30398e106409a54ccc6ef6a98fdf6e8This scanner scans to see if a certain host or IP is vulnerable to the Wu-ftpd 2.6.0 bug. Written in portuguese.
ae964328b738ae8d1db754f190ae243c054607cd19ca7ebdc57fda7af06acd81A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.
89bcdeb0f24a910c4dcaa633ef6aa1a288acd34b4f9b1497078ed75916af2589
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed