what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2000-10-17

Posted Oct 17, 2000
Authored by rain forest puppy | Site wiretrip.net

RFPolicy 2.0 - rain forest puppy's policy on notifying vendors and releasing security vulnerabilities.

Changes: Less stringent on timeframes, more stringent on communication. Thanks to everyone who contributed. I also added some supporting notes (FAQ, etc) to help dispell some misconceptions on it.
tags | paper, vulnerability
SHA-256 | 292c943bdd96a7ec03da8dac3e27832c587f3bcc55001ecabfda4ad18b74786b
Posted Oct 17, 2000
Authored by rain forest puppy | Site wiretrip.net

rain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.

tags | exploit, remote
SHA-256 | 2b1c446965eae66c719dc5275df8c83c036b0c35b914f77fa9b14f18472713f1
Posted Oct 17, 2000

Microsoft Security Bulletin (MS00-078) - Microsoft has released a patch that eliminates the "Web Server Folder Traversal" vulnerability in IIS 4.0 and 5.0 which allows malicious users to add and remove content or execute code remotely with a malformed URL. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | 11cc0a48eeef7590a32423098792c800d48cc565af310381c27a64e069180302
Posted Oct 17, 2000
Authored by Portal, Tf8 | Site security.is

PHP/3.0.12, 3.0.15, and 3.0.16 with apache 1.3.12 remote format string exploit for FreeBSD 3.4, Slackware Linux 4.0, and 7.0.

tags | exploit, remote, php
systems | linux, freebsd, slackware
SHA-256 | 96da427c5e520f508d5095e2ae72b3ea84315600ce6f8c479d2b052c33f7f03f
Posted Oct 17, 2000

Linux/x86 shellcode which drops a shell in /tmp.

tags | shell, x86, shellcode
systems | linux
SHA-256 | 62b4013ad9350cd5bf5b3f480aa7e7674c85ceadd9e23838b494f49582604891
Posted Oct 17, 2000
Authored by Humble

NetBSD shellcode which execve's /bin/sh.

tags | shellcode
systems | netbsd
SHA-256 | 90e0b96c209e409e110992acd09eae3877c00d4709b7d658005a8897f07f9fb1
Posted Oct 17, 2000
Authored by Duke

BSDI shellcode which execve's /bin/sh.

tags | shellcode
SHA-256 | 2908decf21e971872bc8468fa6585bdd6b015b57c7d36da41b12f90c56f46379
Posted Oct 17, 2000
Authored by Doable

SCO shellcode which breaks out of a chrooted environment.

tags | shellcode
SHA-256 | 2cfae4fea699795efc2dce0eb040c37c7f062cb9db79990b2b22adc82dc7c974
Posted Oct 17, 2000

Windows NT/2k remote shellcode.

tags | remote, shellcode
systems | windows
SHA-256 | f6ef9514d5e478de3d6cb35966282d86e4d51f4628729a107cb6dd75be30ab3b
Posted Oct 17, 2000
Site wwwhack.com

wwwhack - Automates the process of trying to crack logins/passwds for www sites that use basic HTTP authentication.

tags | web, cracker
SHA-256 | 089e84d894b907f3532b6d6eb1fbf56479f141961603a31e77c1ce461ce93131
Posted Oct 17, 2000
Site net-security.org

Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: PHP 3 and 4 remote format string vulnerabilities, Internet Explorer authentication data retrieval, IE cached web credentials vulerability, Master index directory transversal vulnerability, BOA vulnerabilities, tmpwatch local dos, Extropoa Webstore directory transversal vulnerability, Interactive's web shopper directory transversal vulnerability, Microsoft share level password vulnerability, Mandrake openssh/scp update, HP Jetdirect dos, WebTV dos, Apache mod_rewrite, Debian curl update, Winu 1.0-5.1 backdoor password, debian ypbind local vulnerability, and Netmeeting denial of service. Articles include SUID programs, getting to the root of the problem, Testing for Trojans, How to detect virus hoaxes, and more.

tags | remote, web, denial of service, local, root, trojan, php, vulnerability, virus
systems | linux, debian, mandrake
SHA-256 | 35a897d619152e6fc91c69586c9708eba9f0eea568921cf5160a50cdba159f94
Posted Oct 17, 2000
Site suse.de

SuSE Security Advisory - SuSE's traceroute (nanog) has a completely different local root vulnerability than the one reported last week. A format string bug was discovered in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts.

tags | local, cgi, root
systems | linux, suse
SHA-256 | 96c1b99142636132b324379d6a844d895deaeb497136fb0856e8974c973cb5b2
Posted Oct 17, 2000
Site suse.de

SuSE Security Advisory - Gnorpm, a graphical user interface to the rpm subsystem for the gnome desktop, handles tempfiles insecurely and can overwrite arbitrary files on the system.

tags | arbitrary
systems | linux, suse
SHA-256 | e622695dd71e6bdb9d84ffae1dae2588103bfbaafea9c97d639d626fb1d6841a
Posted Oct 17, 2000
Authored by Antirez | Site kyuzz.org

11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.

Changes: This release fixes a problem with the kernel patch which didn't unlock the spin lock in signal.c, and segvdump now reports more information on i386.
tags | kernel
systems | linux
SHA-256 | e374ca5391194d5bb5e96d4fafba1751d08411abc60584e65c0c4e7fa7ae14e2
Posted Oct 17, 2000
Site wu-ftpd.org

Wu-Ftpd is a portable FTP server.

Changes: Remote root bugs in 2.6.0 fixed.
systems | unix
SHA-256 | 469a37391346e29ae6abfe3615c03ff579cae5d698ff7611604190596e66d291
Posted Oct 17, 2000
Authored by Blue Panda | Site bluepanda.box.sk

Wingate 4.1 Beta A and below allows users with access to read the logs to read any file on the filesystem by encoding the URL with escape codes, bypassing input validation. Includes wgate41a.c, proof of concept code. Fix available here.

tags | exploit, proof of concept
SHA-256 | d911de7376362eaa57534d66e1363dca6a222e4eac2a3b3c940f8173fb80d190
Posted Oct 17, 2000
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

Crypto-gram for October 15, 2000. In this issue: Semantic Attacks: The Third Wave of Network Attacks, News, Council of Europe Cybercrime Treaty -- Draft, The Doghouse: HSBC, NSA on Security, AES Announced, NSA on AES, and the Privacy Tools Handbook.

tags | cryptography, magazine
SHA-256 | 7c3f8790fcf1093735c62ec84aa0c538c534313880ca411050db9d2325ac0c88
Posted Oct 17, 2000
Site tcpdump.org

Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.

Changes: Remotely exploitable buffer overflows have been fixed! Incorporates Libpcap 0.5.2.
tags | tool, sniffer
SHA-256 | feea77e0e7734c56e23196e2fa8df8984bea08fe5cf699698ddbd514b9ebb51c
Posted Oct 17, 2000
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

tags | tool, sniffer
SHA-256 | dbc7ce2471a45a29dd2021db29a6b408bcb824055f027d542e1e778134e780a7
Page 1 of 1

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By