what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2000-11-26

SUPassConvert.tgz
Posted Nov 26, 2000
Authored by J Noonan | Site 2cic.com

The following is a utility I wrote to quickly convert the unix style passwords in a Serv-U.ini file into standard unix password style for cracking. Serv-U Ftp uses standard unix password encryption which can be cracked with most unix password crackers. I have included a java class file and a windows executable.

tags | java, cracker
systems | windows, unix
SHA-256 | bd53a0f1da06b52cfa763dd0a9ea301fa8b7ce85645ce817d57a0ea4143f1bc0
firestarter-0.5.1.tar.gz
Posted Nov 26, 2000
Authored by Tomas Junnonen | Site firestarter.sourceforge.net

The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.

Changes: Bug fixes and small improvements.
tags | tool, firewall
systems | linux
SHA-256 | f13cae4614bf69300320cbdc04f3906e8a5a37c047075c357ffe69292d9313f7
ms00-080
Posted Nov 26, 2000

Microsoft Security Bulletin (MS00-080) - Microsoft has released a patch that eliminates the "Session ID Cookie Marking" vulnerability in IIS which allows malicious users who can sniff network traffic to hijack another users's secure web session. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | dd99b68c2850550c33777077cac8a1c492af6d47de24e415f9b25f4cf2466b19
avx4icq.exe
Posted Nov 26, 2000
Site avx.com

AVX for ICQ is a FREE utility which uses new technology to intercept; filter, and virus scan all files sent during an ICQ chat session. The new proprietary technology incorporates features found on enterprise-class corporate firewalls. AVX for ICQ uses the same powerful virus protection scan engine incorporated into the AntiVirus eXpert Professional (AVX), a full-featured virus protection application for desktops. If you are an ICQ user this utility is highly recommended.

tags | virus
SHA-256 | 87d0e755c2ccb758b96ed6b0815ce5cf831165ee31c7ea74117be3b27e0b9791
FreeBSD Security Advisory 2000.76
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:76 - The csh and tcsh code creates temporary files when the double less than operator is used, however these are created insecurely and use a predictable filename based on the process ID of the shell. An attacker can exploit this vulnerability to overwrite an arbitrary file writable by the user running the shell. The contents of the file are overwritten with the text being entered using the double less than operator, so it will usually not be under the control of the attacker, limiting the scope of this vulnerability to denial of service.

tags | denial of service, arbitrary, shell
systems | freebsd
SHA-256 | be8f6c3e160a0ea83173f5e5486851ebfb012f33ef4d42e7b67502790ec59fc2
FreeBSD Security Advisory 2000.68
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - The ncurses library, which comes with the base install of FreeBSD, contains exploitable buffer overflows. /usr/sbin/lpc, /usr/bin/top, and /usr/bin/systat link against ncurses and may be exploitable.

tags | overflow
systems | freebsd
SHA-256 | 6e2f643e0e68e2fe8e83e3707adb527bf755e474093377e4e504f6b2a2f21ed4
FreeBSD Security Advisory 2000.69
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:69 - A denial of service attack in telnetd has been found. When changing the TERMCAP environment variable, it can be tricked into searching for termcap entries in any file on the system, taking up CPU resources. A valid account is not required.

tags | denial of service
systems | freebsd
SHA-256 | c10b2eda2360930b488077073a58a118e5d945a59df23d21ef8f67775aa6fb3c
FreeBSD Security Advisory 2000.75
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:75 - The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerability that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini.

tags | remote, web, arbitrary, php
systems | freebsd
SHA-256 | 6208a915ee52a59e988f0b678651fb6acdef1d0677c5b028ebdf9315a9ff99fe
FreeBSD Security Advisory 2000.73
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:73 - The thttpd port, versions prior to 2.20, allows remote viewing of arbitrary files on the local server. The 'ssi' cgi script does not correctly restrict URL-encoded requests containing ".." in the path. In addition, the cgi script does not have the same restrictions as the web server for preventing requests outside of the web root. These two flaws allow remote users to access any file on the system accessible to the web server user (user 'nobody' in the default configuration).

tags | remote, web, arbitrary, local, cgi, root
systems | freebsd
SHA-256 | 1210c9a3793c9fb08ef4e606ba72b7bca4134f0c2984df6629ecd32948baebf5
FreeBSD Security Advisory 2000.72
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:73 - The curl port, versions prior to 7.4.1, allows a client-side exploit through a buffer overflow in the error handling code. A malicious ftp server operator can cause arbitrary code to be executed by the user running the curl client.

tags | overflow, arbitrary
systems | freebsd
SHA-256 | 46fd9282ad36acaec6a207f12d372b71771bbb5250c4d02f53c4ebeeef664a3f
FreeBSD Security Advisory 2000.71
Posted Nov 26, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-00:71 - The mgetty port, versions prior to 1.1.22.8.17, contains a vulnerability that may allow local users to create or overwrite any file on the system. This is due to the faxrunqd daemon (which usually runs as root) following symbolic links when creating a .last_run file in the world-writable /var/spool/fax/outgoing/ directory. This presents a denial of service attack since the attacker can cause critical system files to be overwritten, but it is not believed the attacker has the ability to control the contents of the overwritten file. Therefore the possibility of using this attack to elevate privileges is believed to be minimal.

tags | denial of service, local, root
systems | freebsd
SHA-256 | 7148bbf5711dfeabe1b1da003e0c40816ea594618c43fc3f0851614fb702aacb
debian.tcpdump.txt
Posted Nov 26, 2000
Site debian.org

Debian Security Advisory - During internal source code auditing by FreeBSD several buffer overflows were found which allow an attacker to make tcpdump crash by sending carefully crafted packets to a network that is being monitored with tcpdump. This has been fixed in version 3.4a6-4.2.

tags | overflow
systems | linux, freebsd, debian
SHA-256 | 981b5990cc1763ea7fa96ba1ea6c7d1929d17c49f3c800a820e0927f9e249b7f
f8-112000-bbr2.txt
Posted Nov 26, 2000
Authored by Loki, f8labs | Site f8labs.com

The here.

SHA-256 | 6fb960b4f5c3485bdbcec10301697c2f0a2a956ffe68740fa84a0411ce0bf4ee
ms00-089
Posted Nov 26, 2000

Microsoft Security Bulletin (MS00-089) - Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability allows malicious users to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy. Microsoft FAQ on this issue available here.

systems | windows
SHA-256 | c5ca4feca03c0462400fc89e184c518c60f6b5f209cc4765b26b05f65e794358
SynAttackProtect.txt
Posted Nov 26, 2000
Site videotron.ca

Windows NT 4.0 SP6a with SynAttackProtect set is vulnerable to a remote denial of service attack.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | 714cad616a29fdfca52b206e8783d4c79dbf59b9a095f42bcd9514ec4ce0f734
debian.ncurses.txt
Posted Nov 26, 2000
Site debian.org

Debian Security Advisory - The version of the ncurses display library shipped with Debian GNU/Linux 2.2 is vulnerable to several buffer overflows in the parsing of terminfo database files. The problems are only exploitable in the presence of setuid binaries linked to ncurses which use these particular functions, including xmcd versions before 2.5pl1-7.1.

tags | overflow
systems | linux, debian
SHA-256 | 336c3ce869efdf290246fbfd466b0f12bad351d1f302f870767531e91b7f3fc3
super-sadmin.c
Posted Nov 26, 2000
Authored by Optyx

Super Solaris sadmin Exploit - works with solaris 2.6/7.0 SPARC and x86, does the sp guessing (much like sadmin-brute.c).

tags | exploit, x86, add administrator
systems | solaris
SHA-256 | 1bc5ba57da0d2994c387df4be7a70b3d1a5261e3f76ef1792396e253ad6d576c
debian.xcmd.txt
Posted Nov 26, 2000
Site debian.org

Debian Security Advisory - The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance to remove these setuid flags, but did so incorrectly. A buffer overflow in ncurses, linked to the "cda" binary, allowed a root exploit. Fixed ncurses packages have been released, as well as fixed xmcd packages which do not install this binary with a setuid flag. The problem is fixed in xmcd 2.5pl1-7.1, and we recommend all users with xmcd installed upgrade to this release. You may need to add users of xmcd to the "audio" and "cdrom" groups in order for them to continue using xmcd.

tags | overflow, root
systems | linux, debian
SHA-256 | 8662a5a35e41d91673db0df0b3ae1f799f037290b1843aee1f582e633092e22e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close