what you don't know can hurt you
Showing 1 - 25 of 155 RSS Feed

Files Date: 2003-09-01 to 2003-09-30

Posted Sep 29, 2003
Site echu.org

GuppY versions 2.4p1 and below are susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | d9b975da70fae430922d7527eeb5c876
Posted Sep 29, 2003
Site cert.org

CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.

tags | advisory, vulnerability
MD5 | 902f66495c6bec7e8a9822254d048fd1
Posted Sep 29, 2003
Authored by ThEcYnicaLonE

Simple tone generator script that will play the 2600Hz blue box tone on an HP39G graphical calculator.

tags | telephony
MD5 | d228321d2321dc6a43c908c8c454b154
Posted Sep 29, 2003
Authored by Ulf Harnhammar, Richard R. Vasquez, Simon Cornelius P. Umacob | Site sourceforge.net

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

tags | denial of service, overflow, php, xss
systems | unix
MD5 | d13edb1630ed39dbda47b125e8546620
Nikto Web Scanner 1.31
Posted Sep 29, 2003
Authored by Sullo | Site cirt.net

Nikto 1.31 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.

Changes: LibWhisker 1.8, additional configuration options, enhanced multiple-host scanning, and multiple bug fixes and more.
tags | remote, web, local, cgi, perl, vulnerability
systems | unix
MD5 | cb6719d7e0fd4659cb826f821f01cd64
Posted Sep 29, 2003
Authored by Todd MacDermid | Site synacklabs.net

Stegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.

Changes: Added a reliable file transfer mode using Hamming-style error correction, and removes the requirement for a proxy IP address on some operating systems.
tags | encryption, tcp, steganography
MD5 | 80c70d10da7721c3ded5b931a18f9e03
Posted Sep 29, 2003
Site synacklabs.net

Packet Purgatory is a library the provides a portable API for intercepting, rewriting, and otherwise mangling flows of packets. It provides multiple mechanisms through the same interface for tweaking these packets, all without the local host's kernel being aware, or requiring any kernel modules. It enables odd packets to be modified in arbitrary streams without requiring the use of specialized client software.

tags | arbitrary, kernel, local, library
MD5 | 3095b395329d4489a3549d78453a40e0
Posted Sep 29, 2003
Site debian.org

Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2003-0832, CVE-2003-0833
MD5 | 594440944622894635b9d3e601e21be9
Posted Sep 29, 2003
Authored by Brett Moore SA | Site security-assessment.com

Version three of this paper discussing more shatter attacks that are possible using progress bars. Related information available here.

tags | exploit
MD5 | 1135794bd92aa08169c33e449387a87c
Posted Sep 29, 2003
Authored by Lorenzo Hernandez Garcia-Hierro | Site security.novappc.com

Geeklog versions 2.x and below are susceptible to cross site scripting vulnerabilities and various SQL injection attacks.

tags | exploit, vulnerability, xss, sql injection
MD5 | 5e292ac0ff2be42ecabd916e479a3305
Posted Sep 29, 2003
Authored by jsk

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Binds a shell to port 26112. Tested against RedHat.

tags | exploit, remote, overflow, shell
systems | linux, redhat
MD5 | cc32ba54fe67a178fcd9b423342f3643
Posted Sep 29, 2003
Authored by rosiello

Contest ELF binary of arcs

MD5 | 682d04789bcfb445a70b722dcc9a7125
Posted Sep 29, 2003
Authored by rosiello

Contest file that has been encrypted with A.R.C.S. This file has a special message inside. Once cracked, utilize the instructions to redeem a free t-shirt.

MD5 | 04e33771caa9c31d42facdde52ddc5c3
Posted Sep 26, 2003
Authored by Juan Manuel Pascual Escriba | Site concepcion.upv.es

Local root exploit for IBM DB2 Universal Database version 7.2 for Linux/s390 which makes use of the db2licm binary that is setuid by default.

tags | exploit, local, root
systems | linux
advisories | CVE-2003-0758, CVE-2003-0759
MD5 | 66f6d20f27d150e451308763e3f84b2f
Posted Sep 26, 2003
Authored by 0x333, nsn | Site 0x333.org

Backdoored version of OpenSSH 3.7.1p2 that uses a magic password referenced via an md5 hash in a file, logs logins and passwords to a specified file, and can run without the backdoors being active.

tags | tool, rootkit
systems | unix
MD5 | 008690b0235471672d814b9db06d94f4
HexView Security Advisory 2003-09-02.01
Posted Sep 26, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2003-0746
MD5 | a72c97334ef625ae17f2020de747904a
Posted Sep 26, 2003
Authored by _6mO_HaCk

Exploit that causes a denial of service against the SMC2404WBR BarricadeT Turbo 11/22 Mbps wireless cable/dsl broadband router by sending random UDP packets to multiple ports.

tags | exploit, denial of service, udp
MD5 | cd13536a95ff8f037417abe72891e053
Posted Sep 26, 2003
Authored by Gabucino

MPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.

tags | advisory, overflow, arbitrary
MD5 | edd046118752e03e9d2712cdc196fbc4
Posted Sep 26, 2003
Authored by Knud Erik Hojgaard | Site dtors.net

Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.

tags | exploit, remote, overflow, shell
systems | freebsd
MD5 | bec7a5ae73b4eb63bb76d5151e18f80b
Posted Sep 25, 2003
Authored by r-code

Remote exploit for atphttpd version 0.4b and below on Linux x86 that binds a shell to port 65535. Tested against Debian 3.0 and RedHat 8.0.

tags | exploit, remote, shell, x86
systems | linux, redhat, debian
MD5 | 12201535f967d9970d38c353615b22a4
Posted Sep 25, 2003
Authored by Arnaud Jacques | Site securiteinfo.com

MyServer 0.4.3 is susceptible to a directory traversal attack that allows access to files and directories outside of the web root.

tags | exploit, web, root
MD5 | b0cc267b208678ec8492add73805049f
Posted Sep 25, 2003
Authored by Nick Cleaton

The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.

tags | advisory, overflow
MD5 | 2a07b5b43930873626586fb1305d5015
Posted Sep 25, 2003
Authored by e2fsck | Site eightone.mafiadodiva.org

sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.

tags | advisory, cgi
MD5 | 3b51d9073cab3e83dd79fb1c7efe05d8
Posted Sep 25, 2003
Authored by Sylvain Descoteaux

Remote MIRC proof of concept exploit that makes use of an overflow in the USERHOST reply to the mirc-client.

tags | exploit, remote, overflow, proof of concept
MD5 | 0c6308f424c2487217ea6a89f381c512
Posted Sep 25, 2003
Authored by Niels Provos | Site vomit.xtdnet.nl

Vomit, or voice over misconfigured internet telephones, is a utility that converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file.

tags | telephony
systems | cisco
MD5 | c81cd977ade651d9050f98326879dea0
Page 1 of 7

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By