snort_stat.pl v1.14 (Feb 2001) does statistical analysis on snort logfiles. It's setup to process the syslog alerts that Snort creates and generate a bunch of relavent statistics about the current alerts. If you read the beginning of the script, it tells you how to activate the program as a cron job to provide daily reports of activity recorded by Snort.
a4c45ac3acbf3195301eebb8c676c82d9a38471e0f6293ebbe01990c23769b06RFP2101 - SQL hacking user logins in PHP-Nuke web portal. PHP-Nuke v4.3 contains authentication weaknesses in the SQL code which allows you to impersonate other users and retrieve their password hashes.
cc5049f1f163f63deea98dbb2a421e75f15ed91bb1c34e3487646b61d0d36b8dDc20ctrlex.perl is a FreeBSD 3.x/4.X /usr/local/bin/dc20ctrl local exploit which gives egid=dialer or root on non-freebsd systems. Tested against FreeBSD 4.2.
0ee7eafa568512a4b7334811bc84051fe517eb7fd32f411ca85392498b9a8296CERT Advisory CA-2001-03 - The "VBS/OnTheFly" malicious code is a VBScript virus that spreads via email to users of Microsoft Outlook who have not applied previously available security updates. When the malicious code executes, it attempts to send copies of itself, using Microsoft Outlook, to all entries in each of the address books. Outlook update available here.
857d86f779215cacaef6a95c16b3a5b35d2bc60ec5f355777384615d79db7342AnnaKournikova.jpg.vbs email virus source code. Warning - Do not rename.
3f6a109c57ebf27b61497acb4a5f4d0206d1eca264a1361f4a275872c2528c81FreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
c8d01ec11d4656a2768dbc2a418fdabf47ce3f917951c88bacd99e7807798064Vulnerabilities in Sun Clustering v2.x - Leaks sensitive information to local and remote users and has tempfile bugs. Includes proof of concept exploits.
dbeee965b3c61658c3bfd723ca3b21434d825f52fb5c0fbb7d1c989dca5d5abdRidentd is a stand-alone replacement for identd that uses a random selection of a ispell dictionary to use as fake ident responses. This server application is meant for the totally paranoid that need access to servers that require ident and don't want to give any information about local users to the remote server or its other users.
057acd7ce87652fce25702f1714a8b449af23591d096c9bc2c4a7b3904e349c1Debian Security Advisory DSA-030-1 - XFree86 3.3.6 contains local vulnerabilities - Upgrade to a patched version of 3.3.6.
4577b6838fe3788168afd91d4bfa18bfbe8248bf250e34bc0f13d7e40cd7b2bdISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.
cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06cccSecurax Security Advisory #14 - Symantec pcAnywhere 9.0 contains a remote denial of service vulnerability. Includes perl exploit.
f3aabfbdc4849e9d23de5fa5090f05eb0635dac8a1a39400e0f58a1b0dcc758aNoob 4 is a trojan which uses an IRC connection to control it, therefore bypassing firewalls. Uses ActiveX to install, similar to Godmessage. Victim must be running IE. Warning: Some AV software detects this as noob 3.0. Archive password is set to p4ssw0rd. Use at your own risk.
93782ca966b975224d8ab8f5f7f6d2cafc7eaf3d1d26961b2d44e2f605146baeAbyss/a-3k is a BitchX irc script.
c47a108c705af5c2bcf32982e4be0e9b5b60969ac2714cb60674f4b14c7667d1Tcb_noad.zip is a hack which removes the ad banners from AOL's Instant Messenger. ASM source available here.
c1d03bcbfa3b7604f26cd52545f9623709a82c6299dc38019c0b4b4d775c8023Microsoft Security Advisory MS01-007 - A vulnerability has been found in Windows 2000 Network Dynamic Data Exchange (DDE) which allows attackers to cause the Network DDE Agent to run code of her choice in Local System context, gaining control over the machine. Microsoft FAQ on this issue available here.
bb8d460f654c9e70b026ccc0a890cd748fef823b25d267fd7068393f7b895c5eUrdls.c is an unreadable directory lister for listing files in directories on the local machine without having permission to do so. Guesses all possible alphanumeric filenames and uses stat() to check for existence.
29bcbbdb8adad6126d66e865af9c6707e7c5b9e2bfeb2bf05da25629f38551deDc20ctrl local exploit for FreeBSD - exploits a call to getenv() in session.c giving a gid=dialer shell.
66bd4c24f5f56a75a4d1f6950e5eda0d35c0338ec42daeabfc61f4b912e0f790Debian Security Advisory DSA-027-1 - Versions of OpenSSH prior to v2.3.0p1 are vulnerable to a remote arbitrary memory overwrite attack which may eventually lead into a root exploit. New version available here.
fa8a26622c531bd07e194774ce7e48fe3af355a26aa8ea8f9ec8f6c92cd7d6beXScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock.
7dad256afd21d2c193470754c0aa2317f4ddfe1209a4500adaad5c2b5d512d9fscanssh scans a list of addresses and networks for running SSH servers and their version numbers. scanssh supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH servers in a company or the Internet as whole.
26b9da093a29a3715cc38e53e4d2d991e17b5fe6681dc3d376ce77e05b002050LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
11b08b5f7d8518e9a309ea8a78f0fbb230898917ee7b16e0843d2e22b202eb21Red Hat Security Advisory RHSA-2001:013-05 - Three security holes have been fixed in the kernel. One involves ptrace, another involves sysctl, and the last is specific to some Intel CPUs. All three security holes involve local access only (they do not provide a hole to remote attackers without a local account). The ptrace and sysctl bugs provide local users with the potential to compromise the root account. Fixed in kernel 2.2.18-pre9.
0bab4c7593987c858fbbb1affa932e778dae773014e6cbe56e38b52de9d9d599
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
