what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 221 RSS Feed

Files Date: 2000-08-01 to 2000-08-31

HWA-warpcrash.c
Posted Aug 30, 2000
Authored by eth0 | Site hwa-security.net

HWA-warpcrash - Systems Affected: OS/2 Warp 4.5 FTP server V4.0/4.2, OS/2 Warp 4.5 FTP server V4.3, Probably other versions of the software as well. Problem: The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down by a malicious connection attempt.

tags | exploit, tcp
SHA-256 | cf8fada37f8c1613e87c090555684cc0f5c51d3e63815104a2e3e47aeb5420ca
asb-0.1b.tar.gz
Posted Aug 30, 2000
Authored by wild andi | Site wildandi.void.at

Advanced Socket Bouncer (ASB) is another kind of network tool. It supports IPv6 (detects automatically IPv6 hostnames/addresses), SQUID (connect method and SQUID with SSL support but no SSL proxy), SOCKS4, SOCKS5, and WINGATE.

tags | tool
systems | unix
SHA-256 | 6d8e284992b078fd77ad8910e57bfa57dc3b6d034d5c043f4f19e4b8a0ca1ec0
NTblackhat.doc
Posted Aug 30, 2000
Authored by Neon-Lenz | Site TheGovernment.com

NT Blackhat paper is a beginner's document about NT-security. This document describes pretty well what malicious hackers exactly do when they attempt to hack your NT servers. Although it was meant for beginners, it is still suitable for novices, and maybe even experts who wants to read and maybe learn something that they didn't know.

tags | paper
SHA-256 | 9bc5d341b00d97d30115a560879c0f9fc3e6fb8f23278feb1eb19a1b0910fd73
cable.html
Posted Aug 30, 2000
Authored by r1tual | Site subterrain.net

This paper is the culmination of research that describes the DOCSIS standard and related information for the purpose of explaining exactly how cable networks (@home, RoadRunner, Mediaone) are implemented from the service provider to the home. This includes details on the cryptography used, the frequencies data is transmitted on, and hardware explanations. A recommended read for anyone interested in cable-modem networks.

tags | paper
SHA-256 | a51266d77a22f525901cc0fb9b1e1e1f03cceb95d47d9b1cece1ab5b319bfd5d
CIMcheck.pl
Posted Aug 30, 2000
Authored by Neon | Site TheGovernment.com

CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary. Perl2exe binary available here here.

tags | exploit, remote, root
SHA-256 | 02f9d096afa81c2dcbbf3f8bb5609cd6012765d85d04dbbebd34e50597b3e154
dhashsawmill-pilot.c
Posted Aug 30, 2000
Authored by Larry W. Cashdollar | Site vapid.dhs.org

PocketC program to dehash the admin password for FlowerFire's Sawmill 5.0.21 log analysis package. This has been written, compiled and tested on my palm IIIxe. Takes a few seconds since the hash is so weak.

SHA-256 | 0aa155e7517924fa800b7c6c2d61993936bdde7128b24b1b64a1311803519fd9
CIMcheck.exe
Posted Aug 30, 2000
Authored by Neon | Site TheGovernment.com

CIMcheck.exe is an exploit for the Compaq Insight Manager root dot dot bug. The remote webserver must be running NT with port 2301 open. The exploit opens up the full vulnerable url and attempts to get the sam._ backup password file from the remote repa ir directory. You can specify which file you want to download, default is the /wi k nnt/repair/ directory and the sam._ backup password file. Perl2exe binary.

tags | exploit, remote, root
SHA-256 | 5544d2db9c8dc0786db03c0333204f82c3ce81f66faa47a4e2eca3e446cb972a
debian.xchat.txt
Posted Aug 30, 2000
Site debian.org

Debian Linux Security Advisories - The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you upgrade your xchat package(s) immediately.

tags | shell
systems | linux, debian
SHA-256 | 92ea17ad4b9f5d402e151a4484533f7e07caad18dba33aa33f837e36d1ba8144
webmail.txt
Posted Aug 30, 2000
Authored by D-Krypt

-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos, Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. The following report is the result of a two hour security survey of high profile webmail and auction services offered free over the internet. This survey is in no way extensive or thorough. It serves only as "proof of concept" that these types of services are vulnerable to attack on a wide scale. All the following vulnerabilities are currently active as of Aug. 25, 2000. The following webmail vulnerabilities all stem from the same problem. The attacker has the ability to pass unfiltered malicious HTML/JavaScript into the target users web environment.

tags | exploit, web, javascript, vulnerability, proof of concept
SHA-256 | 0816d0752bc9ca5d7c49022abbc5dabc570e44109e381d1ba13966b6b2106a36
fpage-DoS.pl
Posted Aug 30, 2000
Authored by Alex Hernandez | Site raza-mexicana.org

Fpage-DoS.pl - Info based attacks DoS Front page. To exploit this vunerability you must have the extensions "/ _ vti_bin/shtml.exe in your server. This is a demonstration script to remotely overflow various server buffers, resulting in a denial of service, for TESTING purposes only. Runs on *nix & Windows with perl.

tags | denial of service, overflow, perl
systems | windows
SHA-256 | fd30db3d59fb11eebed664de7828aa72bf38858d22179822a5620979f47adbd7
debian.ntop.txt
Posted Aug 30, 2000
Site debian.org

Debian Security Advisory - Using ntop to distribute network traffic through the network, i.e. running ntop as webserver, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured.

tags | arbitrary, local, root
systems | linux, debian
SHA-256 | 46903f38c37d51ae42ab5e007449f7c7e49a1b6750c646d43af71efc518dbca6
CrackerNcftp.c
Posted Aug 30, 2000
Site geocities.com

This decrypts the safe passwords of NcFtp

tags | cracker
SHA-256 | 1456100cf9a8fdbad6da475d328a766118e6fa62d942b9ddef1a6d3d0bb7d718
FtpdXploit2000.tar
Posted Aug 30, 2000
Site geocities.com

This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.

tags | exploit
SHA-256 | c26bee1cd2d462edde38575ca8ae2a80b30398e106409a54ccc6ef6a98fdf6e8
Wuftpd-scan2000.c
Posted Aug 30, 2000
Site geocities.com

This scanner scans to see if a certain host or IP is vulnerable to the Wu-ftpd 2.6.0 bug. Written in portuguese.

tags | tool, scanner
systems | unix
SHA-256 | ae964328b738ae8d1db754f190ae243c054607cd19ca7ebdc57fda7af06acd81
Critical_Path_CSS
Posted Aug 30, 2000
Authored by Jeffrey W. Baker

A simple flaw in the web mail service offered by Critical Path (www.cp.net) allows an attacker to gain full access of any webmail account. The attack falls under the umbrella of cross-site scripting, which was addressed in detail by CERT in their advisory CA-2000-02, entitled "Malicious HTML Tags Embedded in Client Web Requests." The bug is aggravated by an defective session token scheme.

tags | exploit, web, xss
SHA-256 | 89bcdeb0f24a910c4dcaa633ef6aa1a288acd34b4f9b1497078ed75916af2589
Purge-It.exe
Posted Aug 29, 2000
Site Purge-it.com

Purge-it is a Windows utility that allows the end-user to take a look inside a system, see what programs are running, which ports are open. The user chooses what happens to the system, and can remove various malware such as backdoors, trojans and spyware.

tags | trojan
systems | windows
SHA-256 | cc99629eb0ad61bcd96e60e7a7d3dbec3017a2c6eff89af68a1cfc674252c312
ms00-061
Posted Aug 29, 2000

Microsoft has released a patch for a security vulnerability in Microsoft Money. The vulnerability could allow a malicious user to obtain the password of a Money data file. Frequently asked questions regarding this vulnerability and the patch can be found here

SHA-256 | 310762eaf43db128fe3dfe2d41bd2696eb5dbb85dfc00088d883c08c9f12646a
WDK_v1.0.vuln.txt
Posted Aug 29, 2000
Authored by Kevin Finisterre

The Javaserver Webserver Development Kit (WDK) v1.0 contains a .. vulnerability allowing remote attackers to read any file on the system with the permissions of the webserver. The server typically resides on TCP port 8080 and instructions for identifying this server are given.

tags | exploit, remote, tcp
SHA-256 | 8515eea65683688bde7181a502762ac58e5f98c78c8520653bfa290922c6ef5e
vqserver.dos.txt
Posted Aug 29, 2000
Authored by nemesystm | Site dhcorp.cjb.net

vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected.

tags | exploit, denial of service
systems | windows
SHA-256 | 50488cee02fca807a8ce6e2060e9884bc802b907abd649fbdd372b9c7f8b7fae
sf-0.1b.tgz
Posted Aug 29, 2000
Authored by venomous | Site rdcrew.com.ar

Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.

tags | tool, intrusion detection
systems | unix
SHA-256 | caad669b0b465c73e0613d69b59ad4a8753e02d3a078318bc637439fcf97fe34
icmpspewf.c
Posted Aug 29, 2000
Authored by Max0r

ICMPSpewf is a simple tool that allows you to spoof the source of any of the ICMP packets listed in ip_icmp.h

tags | tool, spoof
systems | unix
SHA-256 | 3424a0d35ca16af9325efab0bdaf545d61bc2802ab22396ed335a0952746dda2
netsec27.txt
Posted Aug 28, 2000
Site net-security.org

Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: The FrontPage Server Extensions are vulnerable to a remote denial of service, a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000, webserver Pro 2.3.7 vulnerability, Mandrake Linux Xchat update, ld.so problem that allows local users to obtain super user privilege, IIS Cross-Site Scripting patched, Microsoft Money password vulnerability patched, MGetty local compromise, and Kerberos password authentication issues.

tags | remote, denial of service, overflow, local, xss
systems | linux, mandrake
SHA-256 | 41a3d0d05b3290fcc821f93f043a30e580de167d85445843559dbda0f11021ee
FreeBSD Security Advisory 2000.43
Posted Aug 28, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:43 - The brouted port is incorrectly installed setgid kmem, and contains several exploitable buffer overflows in command-line arguments. An attacker exploiting these to gain kmem privilege can easily upgrade to full root access by manipulating kernel memory

tags | overflow, kernel, root
systems | freebsd
SHA-256 | 11e91750b070a2da94c3d5310490bb38f633a7be33705f3f6dee2e94d8eca474
FreeBSD Security Advisory 2000.42
Posted Aug 28, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreebSD Security Advisory FreeBSD-SA-00:42 - The linux binary-compatability module implements a "shadow" filesystem hierarchy rooted in /compat/linux, which is overlayed against the regular filesystem hierarchy so that Linux binaries "see" files in the shadow hierarchy which can mask the native files. Filenames in this shadow hierarchy are treated incorrectly by the linux kernel module under certain circumstances, and a kernel stack overflow leading to a system compromise by an unprivileged user may be possible when very long filenames are used. ~

tags | overflow, kernel, root
systems | linux, freebsd
SHA-256 | 17e4a4ac716ec87e9f9ec1303ae1ee1e09d2c29f571974e1f8d434cb3024a5d1
floppyfw-1.1.1.img
Posted Aug 28, 2000
Authored by Thomas Lundquist | Site zelow.no

floppyfw is a router and simple firewall on one single floppy. It uses Linux basic firewall capabilities and have a very simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines using both static IP and DHCP. It has a simple installation, mostly only needed to edit one file on the floppy.

Changes: Optimized libraries, LRP replaced with busybox, glibc 2.0.7 has been replaced with 2.1.3, All binaries updated to glibc 2.1.3 compiled versions.
tags | tool, firewall
systems | linux
SHA-256 | 740e90710fcfcc2a2606b81d3715be69d3a20eb83c3fc2f37fa85cbfe9c1b276
Page 1 of 9
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close