Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
44d770ea27a8490f768df00ddd53357cee60223940c04a835e294debe42339e3THC-Shagg is an application to bruteforce check digit algorithms. It analyzes a given list of serial numbers and tries to find a matching algorithm and its setup. If such a setup is found, THC-Shagg is able to generate (extrapolate) new serial numbers, e.g. VISA and MasterCard credit card numbers, EAN numbers, IMEI, UPC or even EFT routing numbers.
beaebc61b99d81db0fc58c65787d826e2032df6e00662b4ca2b8413ed3611e9dLocal root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow. Includes both Linux and FreeBSD targets.
afa4cb86c25ccd524dc32cd373bbf79e895145dd4fd8d42831a2f91bc8fc0f25CERT Advisory CA-2003-17 - CERT announces that an exploit has been circulating for the denial of service attack against Cisco routers and switches.
fa0af4778d17e41df7ea8f2bf792a21ec1560902617a294199be862d998c9393Remote exploit that will cause a denial of service against Cisco routers and switches. Warning: Broken.
b71891bc30993e6966706f90564e4f9b83853b36b2f7b37f73045a53631830d8Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.
57d65d13bc4302634c3ef691392ac36a6a8919bb4af7265e422ac3ab66718ebeNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
071e544d27a7d17915f0f5b5cade353e16bfcd3f2c72d68a1126dc9b64ca7bc5NetTerm-NetFTPD 4.2.2 suffers from multiple buffer overflows that can cause a denial of service against the server and possibly execute arbitrary commands.
5a306efd007be6e93b46a57ca18e8723f5dbb426b9df29199030f5864f8bfe0dCERT Advisory CA-2003-16 - A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
b9bb753690553d6b31adc50199b09cdd488ccbf24144a64753c7c243ee7add0aA massive security vulnerability has been discovered in all recent versions of the Microsoft operating systems. There is a buffer overflow vulnerability that exists in an integral component of any Windows operating system, the RPC interface implementing Distributed Component Object Model services, or DCOM, that allows remote attackers to obtain unauthorized access to vulnerable systems.
a2ab7e1ad93e552958685d18447336ec08b35a14099950c3e45ea405d5917eafCERT Advisory CA-2003-15 - A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device.
af2755db813b1d4f9af9eda1bf413ce515f313ada93635dacefd03868b8b3d34Advisory that discusses exploitation of the University of Minnesota Gopherd version 3.0.5 and below that makes use of the do_command() buffer overflow vulnerability.
41cd532c2317311e30c49cbcf529fbe61127eae9f335f83232fabbf1837663edCisco Security Advisory: Cisco routers and switches running the IOS software are vulnerable to a denial of service attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full.
ef0504594a7ab6822dce58c8ba0c82480259ebe0b5d86f0f970b4e558f0f7b36omniHTTPD 2.10 suffers from cross site scripting vulnerabilities that could lead to session hijacking.
52b5848c269b6da5f3724ecbe6e5ea940b8b8a3fbcfd5bff25bae930f4ebc792SGI Security Advisory 20030702-01-P - It has been reported that logging into an IRIX 6.5 machine while particular environment variables are set can lead to /usr/lib/iaf/scheme dumping core. Since scheme is suid root, this could potentially lead to a root compromise.
cf55ec3e1e580ca7b85e91d22604fd9c68c6799680b2b730027f68cf4fe308deSGI Security Advisory 20030701-01-P - Multiple vulnerabilities have been found in the Name Service Daemon, or nsd, on IRIX below version 6.5.21.
b6218821e51de97c515742f76bc0a7393297d398e8dfbefd71584ac16e407becZone-H Security Advisory ZH2003-11SA - Elite News version 1.0.0.0-1.0.0.3 Beta allows direct access to various system files which enables an attacker to retrieve the administrator login name, then utilize that name on another page to set a cookie that will be referenced by yet another page that allows an attacker to post as the administrator.
15b0010175329a204e9968c5e50f2759f6d246f310258aa395f5fc303d0bc6e8The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0The Splatt Forum engine allows html code insertion for the post icon form input.
6a997a7fd6c6056a6317e6c215a6608c822b8076ec2b127e14bf5b37bb4e7d46Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.
ba080e1ee2b24295baccbce99c973d0e451004caf92506c8f54b87dc62b1a0d2The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65A threaded ssh banner scanner written in Java that takes in a list of IPs or hostnames. Written and tested for Linux and Windows.
668d3d6e3f251c2cee5ad3e449105439defd5cde59ca1389636980dc5106c36fLocal exploit that yields gid of games for /usr/bin/toppler. Tested against RedHat 8.0.
c92cab560b62bccb2088bbd7e1ee2b423795fe4783101d37181185d7c3dbad96Simpnews has an include file vulnerability that allows a remote attacker to load malicious PHP scripts.
3a1cb29b2d9407d519d17fe3a494ffe6d482069586256ca3aea9634a0659e949
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed