exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2002-10-17

Posted Oct 17, 2002
Authored by David A. Wheeler | Site dwheeler.com

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.

Changes: Improved the default output, added a short tutorial to man page, fixed some bugs.
systems | unix
SHA-256 | 0e19a4e720dde7ffecd44a4c768523adb201e18f887931bea2b955fd064a3168
Posted Oct 17, 2002
Authored by RATS Team | Site securesoftware.com

RATS, the Rough Auditing Tool for Security, is a security auditing utility for C, C++, Python, Perl and PHP code. RATS scans source code in order to find potentially dangerous function calls. The output generated by RATS can be used as a good starting point for performing manual security audits. Readme available here.

Changes: Bugs fixed.
tags | perl, php, python
systems | unix
SHA-256 | ec9fac2765b655c03cede8c5920de3226581f1e626be314bce95f4d0ac9aadd9
Posted Oct 17, 2002
Authored by Olaf Schulz | Site dcert.de

Apache Tomcat 3.3 and 4.0.4 for Windows NT and 2000 remote denial of service exploit. Uses device names like AUX, LPT1, CON, and PRN to crash the server.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | 94c4b0af4cbf43c74551511e4b7add50079f58d7cc12c2d49c1a688a33f492bf
Posted Oct 17, 2002
Authored by NTFX | Site legion2000.security.nu

Kitkat.pl exploits a directory traversal bug in webMathematica v1.0.0 and

tags | exploit
SHA-256 | ed213517eb41ae2eb5c3e956b331ee03c620fe4a18d9b0c0ece669e049ae58c8
Posted Oct 17, 2002
Site savannah.gnu.org

The Tiger Scripts are security tool designed to perform audits of UNIX systems. It's useful as an security check tool and as a host intrusion detection tool (if configured to run through cron and by sending e-mail reports).

Changes: Fixed some OS specific bugs. New checks have been added also to the current codebase and some others have been improved. Also 'autoconf' is now used to configure/install Tiger. Over 2200 lines (of code and documentation) have been added to the codebase.
tags | tool, scanner
systems | unix
SHA-256 | 6bec4f9482ccc6e38aab95cd2ccff74b8b35100a469c8d9f06d3eff54269058e
Posted Oct 17, 2002
Authored by Paul Drain | Site cipherfunk.org

The cipherfunk Patched Linux Kernels provide patch sets that focus on security enhancements, optimizations, and bugfixes to the current stable Linux Kernel. They are suitable for workstation or high-end server use in both production and development environments.

Changes: Merged the IDE layer from the -ac tree and added Andre Hedrick's Serial ATA changes, FreeS/WAN updated to 1.98b plus X.509 interoperability, AES and NULL cipher and NAT implementation patches, grsecurity has been updated to 1.97.
tags | kernel, patch
systems | linux, unix
SHA-256 | 38701ebda4f18218aae3b6ffd83ed51cdc2a72b3626206c718aa2c0dec83e570
Posted Oct 17, 2002
Authored by Tobias Oetiker | Site people.ee.ethz.ch

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. Check http://www.ee.ethz.ch/stats/mrtg for an example. MRTG is based on Perl and C and works under UNIX and Windows NT.

tags | tool, web, perl
systems | windows, unix
SHA-256 | e1e45b3c11f9281b8c8bee3ab2b05ff54f89189048ef0fbce943a3dc0575d1cf
Posted Oct 17, 2002
Authored by Balazs Scheidler | Site balabit.hu

syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful. Requires libol.

Changes: New stable release and Security Update - If templated filenames or templated output is used, it is possible to overflow a buffer. The number of bytes exceeding the allocated buffer depends on the exact template being used.
tags | system logging
systems | unix
SHA-256 | 219999e21d63f786e34485f82ed02b7920da3ccf4151939fc4b2c771024ef394
Posted Oct 17, 2002
Authored by Frederic Raynal | Site arp-sk.org

Arp-sk is an ARP packet generator for Unix designed to illustrate ARP protocol flaws and applications such as ARP cache poisoning and MAC spoofing. It gives complete control of link and network level data. See arp-sk.org for further information.

Changes: This new version fixes 2 bugs in address lookup and should work properly under any BSD.
tags | spoof, protocol
systems | unix
SHA-256 | b7f60d991af47dd4d8ab5d1b66a5ad577cea56280802a585b722deea083f3855
Posted Oct 17, 2002
Authored by Laurent Constantin | Site laurentconstantin.com

Lcrzoex is a toolbox for network administrators and network hackers. Lcrzoex contains over 200 functionalities using network library lcrzo. For example, one can use it to sniff, spoof, create clients/servers, create decode and display packets, etc. The Ethernet, IP, UDP, TCP, ICMP, ARP and RARP protocols are supported. Lcrzoex and lcrzo were successfully installed under Linux, FreeBSD and Solaris. This archive contains Lcrzo and Lcrzoex. Windows binaries available here.

Changes: Bugs fixed. Created module lcrzo_kbd dealing with keyboard and pipe redirection.
tags | udp, spoof, tcp, protocol, library
systems | linux, windows, solaris, freebsd
SHA-256 | d57dce6be7b5e5d2d28e9715a4e1e8075b992b1ba8d0b42895f4304f09284107
Posted Oct 17, 2002
Authored by Zeen

cb-r00tkit.tgz is a rootkit which backdoors quite a few things, wipes logs, etc.

tags | tool, rootkit
systems | unix
SHA-256 | 6582a93af3efb8e2b4b5232628521124237397ec7868667e1a8f244c4e6d2592
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-061 - Microsoft SQL Server 7.0 and 2000 contain stored procedures which allow low privileged users who are able to authenticate to a SQL server to delete, insert or update all the web tasks created by other users. In addition, the attacker can run already created web tasks in the context of the creator of the web task, usually the SQL Server Agent service account.

tags | web
SHA-256 | b64e0c0e18bee283ad6b70b6b0638fbfd75ccd565bbd4d21fec435e3209cbf49
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-060 - A security vulnerability is present in the Windows XP version of Help and Support Center allows attackers to construct web pages that, when opened, deletes files on the users hard drive.

tags | web
systems | windows
SHA-256 | 7fd300a5f568ea4dbdca3c00aab247ea5f22c0354638b8fd443cb1de1f00538d
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-059 - A flaw in Microsoft Word and Excel's external updates can lead to information disclosure. A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware. Certain events can trigger field code and external update to be updated, such as saving a document or by the user manually updating the links. A specially crafted field code or external update can be used to trigger an update without any indication to the user, allowing attackers to create documents that, when opened, would update themselves to include the contents of a file from the user's local computer.

tags | local, info disclosure
SHA-256 | 3c394c60eefd40045fbec1e9b03a88f1507434bed7c4a0b450028ad3a778056e
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-058 - A vulnerability in S/MIME parsing allows Outlook Express to run code of the attackers choice. While creating a digitally signed email and editing it to introduce specific data, then sending it to another user, an attacker can exploit the bug.

SHA-256 | 381fe6cc2a71e90f90c589641a28ff19abeb2a32a3f3964429f2b63358329863
Posted Oct 17, 2002
Authored by Serus | Site getad.chat.ru

GetAd.c is a new Windows 2000 local exploit which gains Local System rights on Win2k SP1-3 be taking advantage of the NetDDE window of winlogon with a shatter attack. Binaries available here.

tags | exploit, local
systems | windows
SHA-256 | f0ac7e8f306dbf2ad785b46866e7bf6fd5024e87b5b16c1a26b0c959a95ae2df
Posted Oct 17, 2002
Authored by Abraham Lincoln Hao | Site nssolution.com

Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that lets attackers consume all available CPU and Memory resulting in a denial of service attack which is exploited via Synflooding. Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 is also vulnerable with spoofed SYN's. To fix, install the latest Zone Alarm security patch.

tags | denial of service, spoof
SHA-256 | 61bc020a517f730b4064771a9c20367eee00e3638b4e774e8e529caa57d0a253
Posted Oct 17, 2002
Authored by Tamer Sahin, David Endler | Site idefense.com

iDEFENSE Security Advisory 10.16.02 - Sabre Inc.'s Desktop Reservation Software for Windows is a legacy travel agency program that several travel agencies and major airline travel call centers use. In versions 4.4 and below, sabserv listening on TCP port 1001 contains denial of service vulnerabilities which can slow or halt production, often in a high volume call center.

tags | denial of service, tcp, vulnerability
systems | windows
SHA-256 | a017f00edd60977676a9409188c6d8d92995e4dcd54b1e57b4e69667381ac52f
Posted Oct 17, 2002
Authored by Robert Osterlund | Site pikt.org

PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.

Changes: New stable release - Now can keep backups. Implemented multiple alert timing specs. Overhauled the PIKT exit code and error messaging schemes; error messages are now much more informative. Introduced a new utility, pikth (for "PIKT help")--an on-line help system. Fixed some bugs.
tags | tool
systems | unix
SHA-256 | a8d1912a720cabe874d1c4b83551dbbe6082e89a0c8d6fe2ef6198d05de34aa0
Posted Oct 17, 2002
Authored by GreyMagic Software | Site security.greymagic.com

Internet Explorer 5.5 SP2 and Internet Explorer 6 allow the oIFrameElement.Document reference to return a document with no security restrictions, allowing remote attackers to steal cookies from any site, gain access to content in sites (forging content), read local files and execute arbitrary programs on the client's machine. Exploit HTML included which reads the client's google.com cookie. IE6 SP1 is not affected. Four demonstration exploits are available here.

tags | exploit, remote, arbitrary, local
SHA-256 | edee121c0f0aa5b69ff4f7f5dfedea6a19e4da0a66f54e210fe0ff60e1f71964
Page 1 of 1

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By