what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2003-05-28

Posted May 28, 2003
Authored by ORK | Site web.tiscali.it

libShellCodes is a library that can be included when writing linux/i386 exploits by providing functions that generate shellcode with user given parameters during runtime.

tags | shellcode
systems | linux
SHA-256 | 0f28982460de87d8f62063ea85d013e4d223262515b2f99aece144bbac5ce5a6
Posted May 28, 2003
Authored by SPI Labs | Site spidynamics.com

The SunONE application server on Windows 2000 suffers from multiple vulnerabilities. The server allows a remote attacker to view the source code of JSPs, only logs the first 4042 characters of a request URI which allows an attacker to hide their attempts in the last 54 characters, has a cross site scripting issue, and has the username and password to the administrative server kept in clear text in a world readable file.

tags | exploit, remote, vulnerability, xss
systems | windows
SHA-256 | 8e810afd7ea6e1de914b7fc988eb5076641d865e4b488deebe6df42e66995334
Posted May 28, 2003

OpenSSH 3.6p2 backdoor that logs all logins and passwords to a file. Original backdoor ported for 3.6p2 by ajax.

tags | encryption
SHA-256 | fc76952bae7a43cd39e265c73a1991f607bdef141017d52a421d6f5ade742d53
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

loaded version 0.21 is an IPv4 load balancer for Linux. It requires netfilter and the QUEUE target enabled in the kernel.

tags | kernel
systems | linux
SHA-256 | 289bf4facdf46653729a2bdb276ddbe1c97e51adb9d403a39f2cd8e30e4643c6
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

guess-who version 0.44 is a password brute force utility for SSH2.

SHA-256 | 214fd24fdc31ce0ae27321085714876bb3c2d68ef8c3cd97400ae0dbb86f3d8a
Posted May 28, 2003
Authored by Kee Hinckley

Amusing addition to the vulnerability found in the Axis Network Camera HTTP server. Apparently the de-facto e-mail address for SMTP alerts is set to mail@somewhere.com and if this feature is enabled without changing the destination address, somewhere.com gets some very amusing insight as to what is being watched. Original vulnerability information is posted here.

tags | advisory, web
SHA-256 | 225016262e5a5cb529003c7be0a202c691267391dccb9c88e1e937a94f4e7f81
Posted May 28, 2003
Authored by Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.

tags | exploit, remote, web, root
SHA-256 | 4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07fe
Nikto Web Scanner 1.30
Posted May 28, 2003
Authored by Sullo | Site cirt.net

Nikto 1.30 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: Now has multiple host/port scanning, username guessing via cgiwrap, NTLM auth support, CSV output format & more.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
SHA-256 | 9401d5ecd4143566eceebd085ced7e6cf9f66f2d489c0cc1739d4f948b8ed757
Posted May 28, 2003
Authored by thc | Site thc.org

THC-RUT (aRe yoU There) is a local network discovery tool developed to brute force its way into wvlan access points. It offers arp-request on ip-ranges and identifies the vendor of the NIC, spoofed DHCP, BOOTP and RARP requests, icmp-address mask request and router discovery techniques. This tool should be 'your first knife' on a foreign network.

Changes: New OS Fingerprint implementation by gathering tcp stack informations, banners, open/closed port characteristics and timing values and tosses them through a perl regular expression matrix to determine the OS with high accuracy.
tags | local, spoof
SHA-256 | f41eda1909b90b1e54ab9977d800ab9eacb0016df82f2180d5a8da02b160d2b1
Posted May 28, 2003
Authored by methodic | Site libpcap.net

orbs, or Omniscient Remote Banner Scanner, is a fast and light-weight banner scanner with features like telnet negotiation and HTML output.

tags | tool, remote, scanner
systems | unix
SHA-256 | 587587b93efbe2e955a8e2922e5771b538225af31eb2a6d241b989f651143547
Posted May 28, 2003
Authored by wsxz | Site Priv8security.com

Remote exploit for a buffer overflow in the Gnome Batalla Naval Game Server version 1.0.4. Gives user id of the account running the game server. Tested against Mandrake 9.0.

tags | exploit, remote, overflow
systems | linux, mandrake
SHA-256 | cde6233cf7588be614a0ea2f37489285004f595d61eea69313054f376fa2ca78
Posted May 28, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

bnc version 2.6.2 and below suffers from a denial of service vulnerability. Armed with a valid login and password, a remote user can kill the daemon.

tags | exploit, remote, denial of service
SHA-256 | df9ba77e9a022c665d0476f11eddc0d54a32d3a4c2c210cd53987e9a5bed8326
Posted May 28, 2003
Authored by Ramon Pinuaga Cascales | Site s21sec.com

S 2 1 S E C Advisory 017 - The Vignette Content Management and Application Portal software is vulnerable to a remote attacker accessing the SQL database without authentication by modifying a cookie. Affected versions: StoryServer 4 and 5 and Vignette V/5.

tags | advisory, remote
SHA-256 | 71e86e2b59d1310641859df7e5da7efd9c2cdd6dcc72e7971a5e708a03dbdc31
Posted May 28, 2003
Authored by Ramon Pinuaga Cascales | Site s21sec.com

S 2 1 S E C Advisory 016 - Vignette Content Management and Application Portal software has a vulnerability that allows a remote attacker to inject a server side include that could lead to remote command execution. Affected versions include, but are not limited to, StoryServer 4 and 5 and Vignette V/5 and V/6.

tags | advisory, remote
SHA-256 | 6e683b01ef73501f7cca1af2773c0055d0e02e01749b77df85c5932c64cee74a
Posted May 28, 2003
Site nii.co.in

The AnalogX Proxy server suffers from a buffer overflow when handed a URL that is greater than 340 bytes in size. A specially crafted URL allows for remote execution of arbitrary code.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 00acd9a86b5f532bc3c62df4b34c0948e2eab07919c6eb2747879cb3facc445d
Posted May 28, 2003
Authored by Matias Sedalo | Site shellcode.com.ar

Komahayown is a utility that makes use of the Syscall proxying idea using shellcodes. Instructions are in Spanish.

tags | shellcode
systems | linux
SHA-256 | 80398036a919ac30359581816ab62f59038ccbbc2ff56523db464c1d9f873c57
Posted May 28, 2003
Authored by Peter Winter-Smith

P-News versions 1.6 is vulnerable to a privilege escalation attack by allowing a remote attacker to populate strings with the | used for delimiting data stored about the account.

tags | exploit, remote
SHA-256 | 03e639c42ea8d778ec18f23eea9b43452efd029c4da46aeeeead26e57884221b
Page 1 of 1

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By