exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 184 RSS Feed

Files Date: 2002-10-01 to 2002-10-31

lodowep-src-1_2_1.zip
Posted Oct 30, 2002
Site cqure.net

Lodowep 1.2.1 is a tool for analyzing password strength of user accounts on a Lotus Domino webserver system by using dictionary attacks. Lodowep is multi-threading and supports both session- and basic-authentication. The binary version of this tool can be found here.

tags | cracker
SHA-256 | 6727d64ad82e79f3764155a45794ca62eef0577e01799a0911c24cd18d66ff74
CSSA-2002-041.0.txt
Posted Oct 30, 2002
Site stage.caldera.com

Caldera security advisory CSSA-2002-041.0 - Versions of the pam_ldap module prior to 144 include a remote exploitable format string bug in the logging function. Caldera released fixed packages for OpenLinux 3.1.1 and 3.1 configurations.

tags | remote
SHA-256 | c98cc4086624aa5d7ab9ed4caeeb7af1bae87e9ae7f7e2603f11c0243e0a66b1
CSSA-2002-040.0.txt
Posted Oct 30, 2002
Site stage.caldera.com

Caldera security advisory CSSA-2002-040.0 - The uudecode utility created output files without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files.

tags | local
SHA-256 | 17b624f9cfffccb177e0b88e25c290f97b79a5ad62cb2697c7da6dbe12278fd9
gentoo.uudecode.txt
Posted Oct 30, 2002
Site gentoo.org

Gentoo Linux security advisory - The uudecode utility created output files without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files.

tags | local
systems | linux, gentoo
advisories | CVE-2002-0178
SHA-256 | 2e321043840954828eed6a4661750d95d6569c8b92f3c15243f6dd92bbc794a8
rpfcd-0.10.tar.gz
Posted Oct 30, 2002
Site insecure.dk

Remote pf control daemon allows remote control and monitoring of OpenBSD packet filter. It communicates with clients using RPFC protocol running on top of SSL (Secure Socket Layer). The protocol is designed to be relatively forgiving and easy to use.

tags | tool, remote, sniffer, protocol
systems | openbsd
SHA-256 | ba80d44427050977f437bdf51c2b91230416624ea757a1ffd13e9595e54426ac
mod_ssl-2.8.12-1.3.27.tar.gz
Posted Oct 30, 2002
Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: Fixed a cross site scripting security bug. Now allows 8192 bytes of shared memory data size.
tags | encryption
SHA-256 | d81ff092eb20a093798adc8dc23fcdddff2470ab896990c01eec1b764c5f3cd7
logwatch-4.2.1.tar.gz
Posted Oct 30, 2002
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | b59f8fce17ec94112c407edf3a795fca1fb1f4aa2672c4972cfd8158bdf6f65d
packit-0.4.5.tgz
Posted Oct 30, 2002
Site packit.sourceforge.net

Packit offers the ability to monitor, manipulate and inject IPv4 (and soon IPv6) traffic (TCP/UDP/ICMP) on and into your network. This can be valuable in testing firewalls, intrusion detection systems and in general TCP/IP auditing. At the comment Packit can be run using one of two modes. packet capture, and IPv4 packet injection. Packit is dependent on libnet 1.1.0+ and libpcap and has been tested with numerous FreeBSD and Linux kernels.

Changes: Bug fixes, updates.
tags | kernel, udp, tcp
systems | linux, unix, freebsd
SHA-256 | 57e410b1fd791781549d092a78a7fd1fc671f061693de33995e9f45c9eb67c5d
ws_ftp-3.1.3.txt
Posted Oct 30, 2002
Authored by Low Halo

WS_FTP v3.13 and below is vulnerable to the classic FTP bounce attack as well as PASV connection hijacking. Examples and solutions included.

SHA-256 | a32a5fa264703e56db66786e30814b463e79b578ff79f6776efc9d9d2e9399a2
CA-2002-29.kerberos
Posted Oct 30, 2002
Site cert.org

CERT Advisory CA-2002-29 - Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges.

tags | remote, overflow, root
SHA-256 | ade1559565293ec2b2c9c928b2296eda39bf2a45e36ead198be63f16931f4850
Oracle9iAS.dos.pl
Posted Oct 30, 2002
Authored by deadbeat

Oracle9iAS Web Cache Denial of Service exploit in perl, as described in Atstake advisory a102802-1.

tags | exploit, web, denial of service, perl
SHA-256 | b04f91f65d13ef5a37fc7fa56dcbc09b494c14e7d26b988206b52a9aaff32e39
cuts-0.01.tar.gz
Posted Oct 30, 2002
Site codewar.net

CUTs (cellphone unix terminal) is a procmail hack that allows you to use a normal cellphone's messaging capability as a Unix/Linux terminal from anywhere.

tags | telephony
systems | linux, unix
SHA-256 | 6b97954c1327229ea2592dd4975f3c2479382c79b144dbb644628ef26cc40328
solarhell
Posted Oct 29, 2002
Authored by Deloitte and Touche SSG (Security Services Group) | Site deloitte.co.za

Solarhell is a remote root exploit shell script which abuses the Solaris /bin/login bug by using telnet. Solaris 2.6, 2.7 and 2.8 (7.0 and 8.0) is vulnerable. More information available here.

tags | exploit, remote, shell, root
systems | solaris
SHA-256 | 0bd999736b1b87d0e121e3d654eb28498297c1ba12b8a8a19116dde32cbdb820
mdaemon-dos.txt
Posted Oct 29, 2002
Authored by D4rkGr3y | Site dhgroup.org

A denial of service vulnerability found in Alt-n MDaemon v6.0.7 can allow malicious users to remotely crash this application. This vulnerability, which may also affect earlier MDaemon versions, resides in the method used by MDaemon's POP3 service to process user input that is received with the DELE or UIDL commands.

tags | denial of service
SHA-256 | 07650faab656a8d91cb8ed724f20ad9523b77e5bbbc62b13e94dbfcd3b31d987
2002alert43rev1.pdf
Posted Oct 29, 2002
Site otn.oracle.com

Oracle Security Alert #43 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests to this service. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the application. This vulnerability was reported to Oracle by Atstake and will be fixed in the 9.0.4 release of Oracle9i Application Server.

tags | web, denial of service, vulnerability
systems | windows
SHA-256 | a2419a5a6c66d45ec168e814a00a9c5905fb30f89c06ac4215603ae759ae590c
Atstake Security Advisory 02-10-28.1
Posted Oct 29, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.

tags | web, denial of service, vulnerability
systems | windows
SHA-256 | a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8
srm-1.2.6.tar.gz
Posted Oct 28, 2002
Authored by Matthew Gauthier | Site srm.sourceforge.net

secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: Bug fixes.
systems | unix
SHA-256 | b594a5b81e0dc6ba56b67976f4da094cacb2f8ea6d40325f041d0c0d0c62e1d0
StJude_LKM-0.22.tar.gz
Posted Oct 28, 2002
Authored by Tim Lawless | Site wwjh.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Redhat 8.0's attempt to stop module rootkits stopped StJude as well - added code to discover the sys_call_table during initialization on systems with a non-exported sys_call_table. Fixed some bugs and include problems.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 1d72affc7e06f7cbad96d2f3c0eab42e93abbff260cf5fbb62b13dfcbdf5468e
ABfrag
Posted Oct 26, 2002

ABFrag claims to be a Linux Kernel ( here. Encrypted with burneye. Archive password is set to p4ssw0rd. Use at your own risk.

tags | kernel, trojan
systems | linux
SHA-256 | 4a409ab08651f858cb482d323ece9e57db3d1416dd107332ff7696178e3dde98
suntd.c
Posted Oct 26, 2002
Authored by Jenkinz

SunOS telnetd scanner.

tags | tool, scanner
systems | unix, solaris
SHA-256 | 1dbb725c314099d98625d296ac68c35e8427a16ec8767286cd464fa8abaac5fb
Rapid7 Security Advisory 8
Posted Oct 25, 2002
Authored by Rapid7 | Site rapid7.com

Rapid 7 Advisory R7-0008 - IBM Web Traffic Express Caching Proxy server is vulnerable to cross site scripting. The Caching Proxy server allows script code to be injected into pages using standard cross-site scripting techniques. A second, variant attack allows the HTTP headers to be manipulated.

tags | web, xss
SHA-256 | 2b24d3cf784653c24b81047d80228ae940e783257cf9ce49567fa86d564bdaeb
Rapid7 Security Advisory 7
Posted Oct 25, 2002
Authored by Rapid7 | Site rapid7.com

Rapid 7 Advisory R7-0007 - The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.

tags | web, cgi
SHA-256 | d5444f4faa351e594a4559c2bf2fb5cf0491766c5ae89f6adfc2ce7c94802ffe
webserver4everyone.txt
Posted Oct 25, 2002
Authored by Tamer Sahin, David Endler | Site idefense.com

iDEFENSE Security Advisory 10.15.02 - RadioBird Software's WebServer 4 Everyone v1.27 and below contains denial of service and directory traversal vulnerabilities allowing any file on the system to be downloaded. Fix available here.

tags | denial of service, vulnerability
advisories | CVE-2002-1212, CVE-2002-1213
SHA-256 | ee7ce09231d4ce9d177866165f5d433f9b62ebfe59e76ea0613c5ecc5fd837e8
tftp.dos.pl
Posted Oct 25, 2002
Authored by D4rkGr3y | Site dhgroup.org

Solarwinds TFTP server v5.0.55 and below remote denial of service exploit in perl.

tags | exploit, remote, denial of service, perl
SHA-256 | 165893e2a72b6c7b01bf0b5e59020ebd0ef42cf6184037b8c607536b68ae7f46
ou-audit2002.msi
Posted Oct 25, 2002
Authored by Security Storm | Site securitystorm.net

Opticon Users 2002 is a simple tool to show administrators who is logged onto the network and from what workstation that user is accessing the network from. Information about the workstation used to logon from, the domain, the logon server, and the date/time of logon is also displayed. This tool makes it easy to spot unauthorized logons from a certain workstation or logons using an administrative account.

SHA-256 | 7363cf87bc3f361f4ba537b96a7a2040148781aaca2bceecd4a21b540aab2c6b
Page 1 of 8
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close