NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.
54067ee210fce9b8f593df9b701aad1f9b7f8d14e93cc22925ce3b332df7bdb6
NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.
f1596ac171952997d68b570e48c7d33e603793b70bb773d5a05f225bd2eec995
Cisco Security Advisory: Multiple vulnerabilities have been found in the Cisco VPN 3000 Concentrator series which includes models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The enabling IPSec over TCP, malformed SSH initialization packet, and malformed ICMP traffic vulnerabilities are discussed.
af88958829ec7097e77e47c07920a93812b55c63f638f0ac556a6c8a32743dc5
Amap V2.1 is a scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
a2fcff73f3df3c1bcf73d1501e95403b8c981c8c823a2d9d6763f52252bbb3ad
Multiple buffer overflow vulnerabilities have been found in FTGate Pro Mail Server v. 1.22 (1328). The SMTP server for FTGate has unchecked buffers for the MAIL FROM and RCPT TO commands that allows for a remote attacker to overwrite the stack pointer and can lead to remote code execution.
95f83e228cdce2e2eb8f46c216a792e6251d913be395c5a856648d63f75cb23a
Core Security Technologies Advisory ID: CORE-2003-0303 - Six vulnerabilities have been found in the Mirabilis ICQ Pro 2003a client that are both locally and remotely exploitable. Use of these allow for remote code execution and a denial of service.
0991a1824e78e4c8354e6a13a23e4dcb0744e6f23f88a6827fb82c4a80bcd380
Kerio Personal Firewall 2.1.4 and below remote code execution exploit that makes use of a replay attack against the channel for remote administration. Tested against Windows XP SP1.
3ca9f3eea820f2361bf7253796cca6fd61159fdc6ca8ad10ea7dabecfed4483e
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
b5be5bfa828be1c68450348d02809caf817e12c59cdcf0ec56bdc7565e5b200c
OpenSSH <= 3.6.1p1 user identification remote exploit shell script which tells you whether or not a user exists by using a timing attack. Accurate against Redhat.
7cbb2545e6b122031cbd298d8d2d101b7363a0226a88a977a69b64ab2dadea68
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
2f92e31dc859835ac31579a09caf9af18f6e7780da3a77274ad367a809014f13
Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
f781412191baf12ef79ac3cdaec2132fe5e8e0d619b6c7eed2afd923de116151