exploit the possibilities
Showing 1 - 25 of 80 RSS Feed

Files Date: 2004-10-27

Posted Oct 27, 2004
Authored by nemo | Site neil.slampt.net

New Macintosh OS-X rootkit that is roughly based off of adore. It hides itself from kextstat, netstat, utmp and wtmp. Further revisions to include a reverse shell triggered by ARP and DNS packets.

tags | shell
systems | apple, osx
MD5 | 57d1312f1e101f52b9b08e4d557a2f99
Posted Oct 27, 2004
Site pacsec.jp

IEEE1394 Specification allows client devices to directly access host memory, bypassing operating system limitations. A malicious client device can read and modify sensitive memory, causing privilege escalation, information leakage and system compromise.

tags | advisory
MD5 | 4bba568b0006c290097ea5f555c29e0f
Posted Oct 27, 2004
Authored by muts

MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.

tags | exploit, overflow, shell, python
MD5 | d6dd28c628338cf2a4fd72d146a34c47
Secunia Security Advisory 12853
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpCodeGenie, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 31af6fa5b4bffbb91cb605d12fbd17a4
Trustix Secure Linux Security Advisory 2004.50
Posted Oct 27, 2004
Site trustix.org

Trustix Secure Linux Bugfix Advisory #2004-0050 - This bug fix discusses vulnerabilities in the packages gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, and postgresql. Previously unreleased information for groff exists here.

tags | advisory, perl, vulnerability
systems | linux
MD5 | 0dc620df1b9006e869e1c8a83508552d
Posted Oct 27, 2004
Site uniras.gov.uk

NISCC Vulnerability Advisory 841713/Hummingbird - The first issue with Hummingbird Inetd32 allows a user to run an application in the context of the Local System user. The second issue is a buffer overflow in XCWD that causes a denial of service condition and requires valid user credentials to invoke.

tags | advisory, denial of service, overflow, local
MD5 | 758be0c78f2e3a84328ca516b5afa8e2
Secunia Security Advisory 12969
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Novell ZENworks for Desktops, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Remote Management Agent invoking the ZENworks Remote Control Help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs with escalated privileges.

tags | advisory, remote, arbitrary, local
MD5 | a222fa04d6b6f7eb2cc756b8281629a7
Secunia Security Advisory 12980
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Phorum, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 3ae5e11887096bec6e6f4ad1d2287b7d
Secunia Security Advisory 12973
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the der_chop script creating temporary files insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user executing the vulnerable. The vulnerability has been reported in versions 0.9.6m, 0.9.7d, and 0.9.7e. Other versions may also be affected.

tags | advisory, arbitrary, local
MD5 | 9a5eb82b7b4b465cc57f27fe71b2c279
Posted Oct 27, 2004
Authored by infamous41md

The GNU tftp client in the inetutils-1.4.2 is susceptible to buffer overflow attacks. Due to untrusted data from DNS resolved hostname being copied into finite static buffers without any bounds checking, several buffers can be overflowed in the .bss. Arbitrary code execution is possible.

tags | advisory, overflow, arbitrary, code execution
MD5 | d2064ef8191770931d94dcb6c07d7330
Posted Oct 27, 2004
Authored by infamous41md

Improper verification of header fields lets an attacker make the pppd server from ppp-241 access memory it isn't allowed to, resulting in a crash of the server. There is no possibility of code execution, as there is no data being copied, just a pointer dereferenced.

tags | advisory, code execution
MD5 | 71d4cc7fc3b54237ca3ba0d2e1ecd78b
Posted Oct 27, 2004
Authored by infamous41md

Local exploit tested against libxml2-2.6.12 and libxml2-2.6.13 that makes use of libxml remotely exploitable buffer overflows.

tags | exploit, overflow, local
MD5 | 3f896e0895c275d9d12a6d912519e5ea
Posted Oct 27, 2004
Authored by infamous41md

There is an integer overflow when allocating memory in the routine that handles loading PNG image files with the GD graphics library versions 2.0.28 and below. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Exploit to create a working PNG for this enclosed.

tags | exploit, overflow, arbitrary
MD5 | a9ef50ba7e6bf0c378184aaf0ff1ca30
Posted Oct 27, 2004
Authored by Peter Kruse | Site csis.dk

CSIS Security Advisory [CSIS2004-5) - Mozilla Firefox, Web-browser built for 2004, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple. The Mozilla Firefox ships with several bugs, making it possible to crash the browser, eat up virtual memory, simply by hosting a binary renamed as html, on a remote website.

tags | advisory, remote, web
MD5 | 78ca9ea062edb15ad3e9dae58785404b
Gentoo Linux Security Advisory 200410-25
Posted Oct 27, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-25 - The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

tags | advisory, arbitrary, local
systems | linux, gentoo
MD5 | eeedf131e6bfe9a1386e95b4ff411b69
Secunia Security Advisory 12955
Posted Oct 27, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Elac has discovered a vulnerability in dadaIMC, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 77df106892de12c6587988e06fc14b6f
Posted Oct 27, 2004
Authored by Ryan Rounkles

A vulnerability in LANDesk Management Suite 6.x through 8.x allows for a denial of service attack.

tags | advisory, denial of service
MD5 | 39b7d6ed8cba46b6d239259e78cc44c8
Posted Oct 27, 2004
Authored by Mike Kershaw | Site kismetwireless.net

Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.

Changes: Major improvements and fixes.
tags | tool, wireless
systems | cisco, linux, freebsd, openbsd, apple, osx
MD5 | e9cf06f6bb41b150ebdf7cd0c01afb34
Posted Oct 27, 2004
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

mangleme is an automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers (Mozilla / Firefox / Netscape, Konqueror / Safari, MSIE, lynx, [e]links, w3m, elvis, etc), as reported on BUGTRAQ.

tags | exploit, web
MD5 | 007232c9d9431f12d7c1d3dcbca3a5d6
Posted Oct 27, 2004
Authored by roma | Site ap-utils.polesye.net

Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.

Changes: Decreased timeouts in SNMP engine. Updates to build on Solaris. Now works with SysV curseslib. Many bugfixes. Ukrainian and French translation updates.
tags | tool, wireless
systems | linux, unix, freebsd, openbsd, aix, osx
MD5 | 15b3ee8ae8f5e501ffa6dd8ced9c528d
Posted Oct 27, 2004
Authored by Leandro Sagliocco | Site logiman.com

Speaker Alarm Dir watches a selected directory and plays a custom PC speaker sound when a file is added or removed.

systems | unix
MD5 | 079cf0e7e59c3c4da051639e2252307a
Posted Oct 27, 2004
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

systems | unix
MD5 | ab6aa3e6336538df81d964c90989fe16
Posted Oct 27, 2004
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: A couple minor bug fixes and improvements.
tags | tool, integrity
systems | windows, unix
MD5 | 4f1d74837c692e1bb92adb73caa32b70
Posted Oct 27, 2004
Authored by Corvus V Corax | Site motiontrack.sourceforge.net

Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.

Changes: Speed and documentation improvements, executables have been renamed, the sectorcheck now outlines sectors with detected movement in its output image.
systems | linux
MD5 | f364521a0d693e5e165b79670b46b8a2
Posted Oct 27, 2004
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked entries during signature checking and serial number lookup. Various other fixes and some additions.
tags | encryption, protocol
MD5 | a8777164bca38d84e5eb2b1535223474
Page 1 of 4

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By