Cobalt's RAQ 4 server has three remote vulnerabilities. The service.cgi script has a cross site scripting vulnerability because it incorrectly parses the incoming searches and includes HTML tags and Javascript in the result. A directory traversal vulnerability allows attackers to read restricted files or passwords and profiles the users. In addition, a very long URL string will crash the service. Exploits included.
5ff610883de6c62b6e21a04a4afd2e050469e4e36cf69e6665831f6d3baaed70
Microsoft Security Advisory MS02-012 - The Windows 2000 mail server, Exchange 2000, has a denial of service vulnerability which allows remote attackers to stop the service. Microsoft FAQ on this issue available here.
153a883ababdef694da321c2bf0472884fc0224d83e8a9d48ca3d60c87799db4
Microsoft Security Advisory MS02-011 - The Windows 2000 and Exchange 5.5 mail servers have an authentication flaw which allows remote users to send spam. An attacker who exploited the vulnerability would gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service as a mail relay. Microsoft FAQ on this issue available here.
79af169e4d6ac71e1a111e5ec5b5584d6b3e277a9eb407a38f5a63ff072620fe
Packet Storm new exploits for February, 2002.
ed69a11111642e3b223c9b986d9533726b008bb1153321a113321f53f96bb6b4
Apache 1.3.x + php 4.0.6 proof of concept exploit for the multipart/form-data POST requests bug. This exploit crashes the daemon.
4897e0f6a9cd3079e9c2afb645eaaff987ec37ff48d79cea6eb16c6f1c26b858
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
cc3b61764681686be8c3e715adb04a29ac05b47f6bebb64b9583a9ec4a088a62
The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
c604733b221cf15992fc4be7277bbce44eb1dc57d8a1b87d3db28fe0d44d3d40
IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
a3afeb5aebdaaa49e7b56ecea8828b2d96e067556aacd7872fbec7a7fe34bba0
ICMP-Chat is an encrypted console chat program that uses ICMP packets. ICMP-Chat uses enigma (crypt) for encryption. It is a peer-to-peer chat program that enables you to hide your chat or to chat through many firewalls.
4a3ec04f141c9a704bcb190947bafe80875b15eeef129610e6e9ab193361743d
John the Ripper is a very fast password cracker which is available for many flavors of Unix, DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
0e24f68123f72cf7001de29610336072d3f3d5d4474d5cbabab21159e041d5d7
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
c008eac3d2554dc81f2595d129bb97e0f0e99fb87982471f26d0ea16ce0e1d9a