exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2002-03-04

Posted Mar 4, 2002
Authored by Alex Hernandez

Cobalt's RAQ 4 server has three remote vulnerabilities. The service.cgi script has a cross site scripting vulnerability because it incorrectly parses the incoming searches and includes HTML tags and Javascript in the result. A directory traversal vulnerability allows attackers to read restricted files or passwords and profiles the users. In addition, a very long URL string will crash the service. Exploits included.

tags | exploit, remote, cgi, javascript, vulnerability, xss
SHA-256 | 5ff610883de6c62b6e21a04a4afd2e050469e4e36cf69e6665831f6d3baaed70
Posted Mar 4, 2002

Microsoft Security Advisory MS02-012 - The Windows 2000 mail server, Exchange 2000, has a denial of service vulnerability which allows remote attackers to stop the service. Microsoft FAQ on this issue available here.

tags | remote, denial of service
systems | windows
SHA-256 | 153a883ababdef694da321c2bf0472884fc0224d83e8a9d48ca3d60c87799db4
Posted Mar 4, 2002

Microsoft Security Advisory MS02-011 - The Windows 2000 and Exchange 5.5 mail servers have an authentication flaw which allows remote users to send spam. An attacker who exploited the vulnerability would gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service as a mail relay. Microsoft FAQ on this issue available here.

tags | remote
systems | windows
SHA-256 | 79af169e4d6ac71e1a111e5ec5b5584d6b3e277a9eb407a38f5a63ff072620fe
Posted Mar 4, 2002
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for February, 2002.

tags | exploit
SHA-256 | ed69a11111642e3b223c9b986d9533726b008bb1153321a113321f53f96bb6b4
Posted Mar 4, 2002
Authored by Gabriel Maggiotti | Site qb0x.net

Apache 1.3.x + php 4.0.6 proof of concept exploit for the multipart/form-data POST requests bug. This exploit crashes the daemon.

tags | exploit, php, proof of concept
SHA-256 | 4897e0f6a9cd3079e9c2afb645eaaff987ec37ff48d79cea6eb16c6f1c26b858
Posted Mar 4, 2002
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: Fixes problems in the SNMP and LDAP dissectors and the layout of the capture dialog was vastly improved. NCP type 0x2222 packet type support was added to the randpkt utility, and a script to recreate packets from core dumps (pkt-from-core.py) was added to the source distribution. SNA over Ethernet and HiPath HDLC support was added. Dissectors receiving updates include 802.11w, 802.11, AARP, AFS, ARP, COPS, DCE RPC, EAP/EAPOL, GIOP, ICQ, iSCSI/SCSI, ISIS, LAPD, LDAP, M3UA, NBNS, NDMP, OSPF, Q.931, RADIUS, Raw IP, RX, SDB, SMB, SNMP, SSL, TCP, TPKT, UCP, WSP, and YP.
tags | tool, sniffer, protocol
systems | unix
SHA-256 | cc3b61764681686be8c3e715adb04a29ac05b47f6bebb64b9583a9ec4a088a62
Posted Mar 4, 2002
Site original.killa.net

The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.

Changes: Updated for kernel v2.4.18.
tags | denial of service, kernel, root, patch
systems | linux, unix
SHA-256 | c604733b221cf15992fc4be7277bbce44eb1dc57d8a1b87d3db28fe0d44d3d40
Posted Mar 4, 2002
Site sourceforge.net

IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.

Changes: The iptables method of working with ICMP was fixed. Problems with short and long chains names for iptables was fixed. Web interface was improved. Configure script options for database definition were added. An ipacsum switch for omitting zero-byte lines was added.
systems | linux
SHA-256 | a3afeb5aebdaaa49e7b56ecea8828b2d96e067556aacd7872fbec7a7fe34bba0
Posted Mar 4, 2002
Site mjm.gmc-online.de

ICMP-Chat is an encrypted console chat program that uses ICMP packets. ICMP-Chat uses enigma (crypt) for encryption. It is a peer-to-peer chat program that enables you to hide your chat or to chat through many firewalls.

Changes: A sessionID was added to packets and different ICMP types is now usable. icmp_codes now are defined during startup, not in config.h.
systems | unix
SHA-256 | 4a3ec04f141c9a704bcb190947bafe80875b15eeef129610e6e9ab193361743d
Posted Mar 4, 2002
Site openwall.com

John the Ripper is a very fast password cracker which is available for many flavors of Unix, DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: HP-UX tcb files support has been added, the default wordlist rules have been made Y2K-aware, and various minor fixes have been applied.
tags | cracker
systems | windows, unix, beos
SHA-256 | 0e24f68123f72cf7001de29610336072d3f3d5d4474d5cbabab21159e041d5d7
Posted Mar 4, 2002
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Fixed an x86-specific Linux kernel vulnerability where local users could abuse a binary compatibility interface (lcall) to kill processes not belonging to them, including system processes.
tags | overflow, kernel
systems | linux
SHA-256 | c008eac3d2554dc81f2595d129bb97e0f0e99fb87982471f26d0ea16ce0e1d9a
Page 1 of 1

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By