exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2004-01-08

afick-1.6-0.tgz
Posted Jan 8, 2004
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: Two new options were added - One detects changed files during program scan and the other is to display CPU stats. Bugs were fixed.
tags | tool, integrity
systems | windows, unix
SHA-256 | ae526f6650d9c0196964d717e60afd17c16aa9578ea1efe526350d8ed132e695
Openwall Linux Kernel Patch
Posted Jan 8, 2004
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Ported to kernel v2.4.24. Upgrade for users of linux-2.4.23-ow2 is not needed.
tags | overflow, kernel
systems | linux
SHA-256 | b575a8e739d48ad27b6b4dc9343c808e52914c5a74122670e3a75df2390e9386
void11-0.2.0.tar.bz2
Posted Jan 8, 2004
Authored by Reyk Floeter | Site wlsec.net

void11 is a 802.11(b) wireless network penetration utility. It implements basic attacks like de-authentication flooding (network dos) and authentication flooding (access point dos). void11 automatically searches and attacks target networks, stations or access points configurable by simple match-list expressions. It is possible to deny all 802.11(b) wireless service in a range, because of it's "roaming" capability. void11 has been built on top of the Linux hostap daemon and provides a simple command-line interface and a clicky-bunty gtk+-2 interface.

tags | tool, wireless
systems | linux
SHA-256 | 08d588ce0731d0c0e55a1cac35acf019e1b735d0f75f16962adfeb4fefd69441
KpyM_advisory.txt
Posted Jan 8, 2004
Authored by NoRpiUs | Site norpius.altervista.org

KpyM telnet server versions 1.05 and below for Microsoft Windows NT/2000/XP fail to properly clean up when disconnecting users, allowing for a remote attacker to commit a denial of service attack.

tags | advisory, remote, denial of service
systems | windows
SHA-256 | 19e35a6c61741ea60049be9453fbe6a7585f49c0838bab33bf7140182a1fa39e
DSA-418-1
Posted Jan 8, 2004
Authored by exploiting this vulnerability

Debian Security Advisory DSA 418-1 - A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script.

tags | advisory, root
systems | linux, debian
SHA-256 | 4e3d0b09bcb99b7635e1eb4f2bebfd98614a76ce4634492ec2f5b1e61da12109
Cisco Security Advisory 20040108-pa
Posted Jan 8, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040108 - The Cisco Personal Assistant may permit unauthorized access to user configurations via the web interface. Once basic access is granted, normally disallowed user preferences and configurations can be manipulated.

tags | advisory, web
systems | cisco
SHA-256 | 628a208955b5e277f41a8d8eb77f6ceeaa449f088f78b6f236beca3b0d90cdee
yahooIM.txt
Posted Jan 8, 2004
Authored by Tri Huynh

Yahoo Instant Messenger versions 5.6.0.1351 and below are susceptible to a buffer overflow when an attacker sends a specially crafted long filename to a user and that user attempts to download the file.

tags | advisory, overflow
SHA-256 | 8a0568beb5a1a37fb1a16c64cfd423fa7d1133bc74bcb6d5c52c8088b581d4d8
inn240.txt
Posted Jan 8, 2004
Authored by Russ Allbery, Katsuhiro Kondou

A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN versions 2.3.x and below are not affected.

tags | advisory, overflow
SHA-256 | 9befdf456af553054592d9d0d38512343a4fd2cc6e31c329cb87acae468e35eb
SwitchOff.c
Posted Jan 8, 2004
Authored by Mr. Nice | Site coromputer.net

Switch Off 2.3 remote exploit that achieves SYSTEM privileges from a buffer overflow in the message parameter. Tested on Windows 2000 SP0 and XP SP0.

tags | exploit, remote, overflow
systems | windows
SHA-256 | e54fec05fd0efa2a99593973e3e0cf9ad815cbabc28848e318cb57aea61d0731
httprint_paper.zip
Posted Jan 8, 2004
Authored by Saumil Shah | Site net-square.com

White paper on an introduction to HTTP fingerprinting. Related tool demonstrating these methodologies are available here for the following operating systems: FreeBSD. Originally presented at Blackhat Briefings 2003 in Singapore.

tags | paper, web
systems | freebsd
SHA-256 | 980a3c96680ee532ba354fa497246bd0736f113aaec93e415df2136f774f2f3b
httprint_win32_200.zip
Posted Jan 8, 2004
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.

tags | web
systems | windows
SHA-256 | 639d3993e85249f4454870b45cb15fa6102718ffcc4f325c2ac38168f321f738
httprint_macosx_200.zip
Posted Jan 8, 2004
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Mac OS-X release.

tags | tool, web, scanner
systems | unix, apple, osx
SHA-256 | 36662b9eb3f03ccd325eec8cf24b5a5c34d8e45f43c8f7e1beb8c37e2780a50d
httprint_linux_200.zip
Posted Jan 8, 2004
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Linux release.

tags | tool, web, scanner
systems | linux, unix
SHA-256 | a170b75c08b54cd8676fd860bd198ebb83b98e23f6e2f5a611fc9e59f5d937f0
httprint_freebsd_200.zip
Posted Jan 8, 2004
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.

tags | tool, web, scanner
systems | unix, freebsd
SHA-256 | 4344b6a71aa29a1b1a2c4dfb67d7e5a724b4f5256714494e8303ba148388d401
Back_orifice.EXE
Posted Jan 8, 2004
Authored by Cirucorporation

This is a hacked version of back orifice which has been changed with ResHack so it is not yet detectable as a trojan. Archive password is set to p4ssw0rd. Use at your own risk.

tags | trojan
SHA-256 | 7813bb70942bddf91873aec8411d89c6d32a72c7ce712cc75ed22c2aef90c84d
Secunia Security Advisory 10561
Posted Jan 8, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA10561 - FSP Suite 2.x has two vulnerabilities. One allows malicious attackers to gain system access and view files outside of the web root. Another is an unspecified boundary error that can be exploited to cause a buffer overflow with the possibility of arbitrary code execution.

tags | advisory, web, overflow, arbitrary, root, vulnerability, code execution
SHA-256 | 3b71545731cea57ae4e250f6c7a638b2257a71a5353a11f5291b7162f94a393e
Secunia Security Advisory 10544
Posted Jan 8, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA10544 - A vulnerability has been identified in mpg321, allowing malicious people to execute arbitrary code. The problem is that certain strings in mp3 files are not properly verified before being used in a printf() function call. This could potentially be exploited to execute arbitrary code through malicious mp3 files and HTTP streams.

tags | advisory, web, arbitrary
SHA-256 | 78644f6aea25c8c32857c7a3337c4341fad3091687c4600a62cc20379ac2d75c
postcal.txt
Posted Jan 8, 2004
Authored by Klavs Klavsen

PostCalendar version 4.0.0 is susceptible to SQL injection attacks via its search functionality.

tags | advisory, sql injection
SHA-256 | 1a2c7aa20973af02d5af4ed28004504abcdfe546c0885a30933405efccb5680a
01032004.html
Posted Jan 8, 2004
Authored by James Bercegay | Site gulftech.org

PostNuke version 0.726, and possibly earlier releases, are open to SQL injection and cross site scripting attacks due to a lack of proper parameter sanitizing.

tags | advisory, xss, sql injection
SHA-256 | 307fc789ac7baf754c526ec507e9ec95ce669371ebffc34964b0347615a87b33
gtsTsXp4.0.103-adv.txt
Posted Jan 8, 2004
Authored by Donato Ferrante | Site autistici.org

GoodTech Telnet Server 4.x for Microsoft Windows NT/2000/XP is susceptible to a denial of service attack when attempting to handle an overly long input string.

tags | advisory, denial of service
systems | windows
SHA-256 | 5c871cf563cc5cef0a8599c21076c25db7e87a2d6615675ca13014051d04ff28
uniqueid-0.4.2.tar.gz
Posted Jan 8, 2004
Authored by Alan De Smet | Site highprogrammer.com

Unique ID is a Perl CGI that calculates and reverse engineers driver's license numbers. Given your name, birthday and gender, it will tell you your license number. Given the number it will tell you your birthday, gender, and take educated guesses at your name. It currently supports Florida, Illinois, Maryland, Michigan, Minnesota, New Hampshire, Washington, and Wisconsin. It's likely that similar systems are used in other states.

tags | cgi, perl
SHA-256 | bca4b7f1f575c5f4794346bc1f17461fc8a0978a5b9153f722045999b9748b08
phorum345.txt
Posted Jan 8, 2004
Authored by Calum Power

Multiple cross site scripting and SQL injection vulnerabilities lie in Phorum versions 3.4.5 and below.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | ce4d046825486555efd93f2110f9b7992cef09964eb5fe0fa25ef24f3a1b770b
phpgedview.txt
Posted Jan 8, 2004
Authored by Vietnamese Security Group | Site security.com.vn

PHPGEDVIEW version 2.61 has flaws in multiple files where input variables are not sanitized allowing a remote attacker to execute code from a remote site on the server.

tags | exploit, remote
SHA-256 | 094b03352c5b18b33d01d1e8130f34dc9ebd3a1a84468e7051f67ce4e422685f
firstclass71.txt
Posted Jan 8, 2004
Authored by Richard Maudsley

FirstClass desktop client version 7.1 is susceptible to having a user click on a maliciously crafted link that will result in local file execution.

tags | exploit, local
SHA-256 | 90f0edc8228124ace30c38c3037cdfa7dfcb12f5761ae4148ef93bfa1ce3808e
lotus602linux.txt
Posted Jan 8, 2004
Authored by l0om | Site excluded.org

Lotus Notes version 6.0.2 on Linux installs with faulty permissions on its notes.ini file which would allow local attackers to compromise the system.

tags | advisory, local
systems | linux
SHA-256 | 99641299508cfd2408eb78d99c4ead40d71cad304a5188181956419b494672ec
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close