Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.
3b8cd898c56ffd9fbcad5f8c4a643c6201ae0184608d07c89c46e5d1ba679c07
CORE Security Technologies Advisory - A vulnerability exists in GNOME's Eye of Gnome versions 2.2.0 and below that is locally exploitable. When EOG is used as a default image viewer, it takes in the image name as a command line argument and in turn can execute arbitrary commands with the privileges of the user attempting to view the image.
1950228f33b065eb6ab55bc204fca15b96faec949e0b20489cd4de91304831bb
CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.
b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48
Backdoor patch for OpenSSH 3.2.2p1 tested on Linux. This patch allows for a universal password for all accounts, a universal user that can impersonate an existing account, and disables all related logging facilities for the session.
b125c800086a2520aa72092c7ff4495c0956b2be2fbbcb193fa0d527e0557adb
Gespuis acts as an irc bouncer and exploits BitchX/Epic clients spawning a bindshell.
dd15eaa198ba5124d4a8fee6a3430072539d129c6f1f74f1e39e66f5101144cb
Security Corporation Security Advisory [SCSA-012]: The Sambar server default installation has a cgi-bin directory which contains executables that allow remote users to view information regarding the operating system and web server's directory. It also path disclosure and tons of cross site scripting vulnerabilities.
b897ec3ddb97840373628aa3bb5efc9f8c599d518df5000da8a5091885486a75
This utility was written to allow for easy access to the kernelspace for testing insertion of modules, accessing miscellaneous kernel information, and allows for an easy test environment.
d9291c0d0cfdf23d38f1fae6ac4f1fd529f5b91778da36ac6a21ad09cb6d7535
NSFOCUS Security Advisory SA2003-01 - The NSFOCUS Security Team has found a buffer overflow vulnerability in Microsoft Windows XP Redirector that can be exploited locally and can allow attackers to crash the system or gain local system privilege by carefully crafted code.
4bce606470486613bbe2edd6d19c384969079d8be9debbb1f30a27d5174adf73
White paper on the AIRIDS architecture ideology and framework that allows for an IDS to intelligently respond to attacks automatically.
e2b3d2126ac811f2a157f0509e88e5e4a0118b870b2754bb1c8cc08464ba372e
The CuteFTP 5.0 client is vulnerable to an overflow in the LIST response. This exploit spawns a fake FTP daemon that will take advantage of an inbound vulnerable client.
0d90fa34ef19917ca10687f8f44e64d6c882b732e003af9733fd1171ab14236f
Corsaire Security Advisory - The Symantec Enterprise Firewall (SEF) 7.0 allows URLs to be blocked based on predefined regular expression patterns. Utilizing URL encoding techniques this functionality can be evaded.
88ab8f83030a662c57788624994d6f9339a65e39faa21fe5b363fa5e8832223d
Wd.pl is a remote IIS exploit in perl which exploits the bug in ntdll.dll described inms03-007. Tested on Windows 2000 Advanced Server SP3 - Korean language edition.
5ea1f6ba50a1127397038bd3ad1cc1ed795a67a840eab0ac0c674e81cf2d7b19
CERT Advisory CA-2003-11 - Multiple vulnerabilities have been reported to affect Lotus Notes clients and Domino servers v5.0.12 through 6.0.1 including six exploitable buffer overflows. TCP port 1352 is a likely conduit for attack, however Lotus Notes often listens to Netbios, SPX, or XPC ports.
e27d809b3b46519651fd9c33ce0fe48d4fd080f6ce39735853eb2d4c8aa246cf
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 920 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
0fed103b21d780ad80ffbbf25867c8a424985955973ca488d4e0f679342772b3
Ntdll.dll remote IIS exploit which exploits the bug described inms03-007. Attempts to spawn a remote shell.
8fd2cc3cb35d4d32afa6c2889e3056ee970fc039cea7bda513e5554fd8b1068b
CERT Advisory CA-2003-10 - A buffer overflow vulnerability in SunRPC-derived XDR libraries causes several applications which use the rpcbind service to allow execution of arbitrary code or disclosure of sensitive information. In addition, intruders may be able to crash the MIT KRB5 kadmind or cause it to leak sensitive information, such as secret keys. Vulnerable code includes GNU Glibc 2.3.1 and below, Solaris 2.6, 7, 8 and 9, AIX 4.3.3 through 5.2.0, and MIT Kerberos vulnerabilities.
92bb7a155d55bee978d087832b574b932fdb2d49ea5b4819548a611928427a25
OpenSSL Security Advisory 20030319 - Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. This problem affects all applications using the OpenSSL SSL/TLS library. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
4d24c6c0af7aac73c8334f26525af38f0ca841377103f5a53b2f6fc43df97938
PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method.
c652dfb7340124f0b105b9dd61418eddaf74e988443a0e886ee1c8338f1c4058
Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV. If the server does not complain about the method its an indication that WebDAV is in use. See ms03-007.
ee03799da073c545d65ebc87a39171adc3d81c3cf8cb9ebe987ea93ca69df4d2
tForce is a HTTP realm brute forcing utility which utilizes wordlists for passwords against the Basic Authentication Scheme described in RFC 2068 (section 11.1). There's no limit to the number of tries you can attempt against an HTTP server, so in fact, if you have good wordlists, it's only a matter of time unless the victim has chosen a very secure password.
de5aaae04333addd6479ce3d8f17919d3b8cdf0ca436bedb23a0746df8c448cf
CERT Advisory CA-2003-09 - A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. An overflow in ntdll.dll of WebDAV allows remote users to execute code in the local system context. See also ms03-007.
708a6e42bc3ff4aa44e0028cb77a1cc2907b40c01604aeadc7ebfc4e3a3b1b0f
CERT Advisory CA-2003-08 - There is increased activity targeting Windows shares over ports 137, 138, 139, and 445.
7337f51fe145e2591c367d1661c190e6aa65329a55c82197bdf6283b3482680d
Atstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.
57b85495432c8e5ec8fc8404b83aa9c7607157c7553eda5446874f8bbc55c20c
MIT KRB5 Security Advisory 2003-004 - A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals, effectively subverting a site's entire Kerberos authentication infrastructure. Patch available here.
14875456b3677930de7d85ef3e48af3770413f99659abe08abd2b0eb213b33a2
Microsoft Security Advisory MS03-007 - A critical buffer overflow vulnerability in Windows 2000's WebDAV protocol allows remote code execution via IIS as the LocalSystem user. This vulnerability is being exploited in the wild. URLScan, a part of the IIS Lockdown Tool, will block this attack.
228598fd496fa3d0bbdf98a8f5094d8923d56e083bc7b109b4eca59861da6d9d