what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2005-12-03

StackOverflow-Examples.txt
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Source code for all the examples used in tutorials 1 through 4 of 'Writing Stack Based Overflows On Windows'.

tags | paper, overflow
systems | windows
MD5 | be840faace1a6e3c9e0965a9261c328b
StackBasedOverflows-Windows-Part4.pdf
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part IV: Shellcode creation and exploitation an application remotely.

tags | paper, overflow, shellcode
systems | windows
MD5 | 02bd4588eddd075cfa4719ee16a3accf
StackBasedOverflows-Windows-Part3.pdf
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part III: Walking through a stack based overflow and writing an exploit for a local overflow.

tags | paper, overflow, local
systems | windows
MD5 | acfe032bffa059a6c9f793e1747f209d
iwar-0.06.tar.gz
Posted Dec 3, 2005
Authored by Da Beave | Site softwink.com

Iwar is a war dialer written for Unix type (Linux/OpenBSD/etc) operating systems. It supports a nice curses based front end, ASCII/MySQL logging, system identification, multiple modems support, random/sequential dialing, key stroke logging, and more. Note: this is the source tarball for use under Unix variants.

Changes: Various small fixes. Added tone detection. Added more banners.
tags | tool, wardialer
systems | linux, unix, openbsd
MD5 | 6cf18f2f0b03201fd5045612a70785f7
iwar-0.06-DOS.zip
Posted Dec 3, 2005
Authored by Da Beave | Site softwink.com

Iwar is a war dialer written for Unix type (Linux/OpenBSD/etc) operating systems. It supports a nice curses based front end, ASCII/MySQL logging, system identification, multiple modems support, random/sequential dialing, key stroke logging, and more. Note: this is the Cygwin version.

Changes: Various small fixes. Added tone detection. Added more banners.
tags | tool, wardialer
systems | linux, unix, openbsd
MD5 | 834a1f3db0bc8077592a524feb6e9aae
nufw-1.0.16.tar.gz
Posted Dec 3, 2005
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This is a security release. The NuFW team has identified a problem that could lead to Denial of Service from legitimate users of the authentication service. The bug was found in user packet parsing.
tags | tool, remote, firewall
systems | unix
MD5 | 29d97b9b200d45691729d2308b708cc7
arpalert-0.4.15.tar.gz
Posted Dec 3, 2005
Authored by Thierry Fournier | Site perso.numericable.fr

arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.

Changes: One bug fix and some code rewrites.
tags | local
systems | unix
MD5 | 17fc94a321ab0831a9e880a98f2e17b3
Openwall Linux Kernel Patch
Posted Dec 3, 2005
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Minimal changes.
tags | overflow, kernel
systems | linux
MD5 | df21f0f080b6f9a612a3318fc0a28218
Nixory_0.3.5.zip
Posted Dec 3, 2005
Authored by Alfredo Spadafina | Site nixory.sourceforge.net

Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.

Changes: Various improvements. See changelog for full list.
MD5 | 85330c76c4eb8c79ff5b4c6af9b9fdc7
Mandriva Linux Security Advisory 2005.223
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

tags | advisory, remote, web, denial of service, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2005-3912
MD5 | 66abe429c0df5d19461509447439b29b
Mandriva Linux Security Advisory 2005.222
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Scrubber.py in Mailman 2.1.4 through 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. In addition, these versions of mailman have an issue where the server will fail with an overflow on bad date data in a processed message.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2005-3573
MD5 | 706ea3a6b476dd3a90ffd9067b5b2cf5
Mandriva Linux Security Advisory 2005.221
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients, which triggers a bus error in Perl.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2005-3351
MD5 | 8b8cb52ae124a2246b55332649702cec
zencart_126d_xpl.html
Posted Dec 3, 2005
Authored by rgod | Site retrogod.altervista.org

Zen-Cart versions 1.2.6d and below are susceptible to blind SQL injection and remote command execution attacks. Exploit included.

tags | exploit, remote, sql injection
MD5 | a507099ecbfb1ccd22d23ed6ed3eca57
freeHelpInject.txt
Posted Dec 3, 2005
Authored by BiPi_HaCk | Site NightmareSecurity.net

It appears that the Free Help Desk software by Help Desk Reloaded leaves the install.php file in place post installation, allowing remote attackers to create accounts without any authentication or access.

tags | exploit, remote, php
MD5 | 59d3001cc14911fe89d6c74dc9fab115
SEC-20051202-0.txt
Posted Dec 3, 2005
Site sec-consult.com

SEC-CONSULT Security Advisory 20051202-0 - GMX Webmail when used with Microsoft Internet Explorer lends itself to cross site scripting attacks.

tags | advisory, xss
MD5 | dc306c45840f9ccdb6a180ba56339292
Ubuntu Security Notice 222-1
Posted Dec 3, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-222-1 - Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2005-3962
MD5 | 41a2e2dc77707edebd2ec901f3321d66
perl-format-string.txt
Posted Dec 3, 2005
Authored by Steven M. Christey

Format String Vulnerabilities in Perl Programs - Whitepaper discussing all the attack and impact details of recent discussions surrounding format string exploitation in perl. Provides further insight on how these flaws can be manipulated and has examples.

tags | paper, perl, vulnerability
MD5 | ff51ff0694b291ce947b9effb9227978
Debian Linux Security Advisory 915-1
Posted Dec 3, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 913-1 - An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2629
MD5 | a5bcb89c503fe646c789100bbd5cb4de
AD20051202.txt
Posted Dec 3, 2005
Authored by Sowhat | Site secway.org

WinEggDropShell Eternity version 1.7 is susceptible to preauth stack overflows. Proof of concept denial of service exploit included.

tags | exploit, denial of service, overflow, proof of concept
MD5 | e2a03f701231a1f11975df0e44fadadb
phpMyChat0146.txt
Posted Dec 3, 2005
Authored by Louis Wang | Site fortinet.com

phpMyChat version 0.14.6 is susceptible to cross site scripting flaws in start_page.css.php, style.css.php, and users_popupL.php.

tags | exploit, php, xss
MD5 | aca7825d44871757fae3eb67dd784b18
xfocus-SD-051202.txt
Posted Dec 3, 2005
Site xfocus.org

Openmotif version 2.2.3 is susceptible to multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 2598c0641934e454c93c76286dc8f23c
pbnj-1.10.tar.bz2
Posted Dec 3, 2005
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

tags | tool, scanner
systems | unix
MD5 | 5a5b347106e5419259e62c5943687bdb
Cisco Security Advisory 20051201-http
Posted Dec 3, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a 'show buffers' command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. This security advisory applies to all Cisco products that run Cisco IOS Software versions 11.0 through 12.4 with the HTTP server enabled.

tags | advisory, web, xss
systems | cisco
MD5 | 9f642d055752130f19c1eebb816439a6
EdgewallSQL.txt
Posted Dec 3, 2005
Authored by David Maciejak

Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.

tags | exploit, sql injection
MD5 | 7df147c2ac1998ed9869129658f50506
GameFlyXSS.txt
Posted Dec 3, 2005
Authored by Matthew Benenati

GameFly, the popular online video game rental service, suffers from a cross site scripting flaw.

tags | exploit, xss
MD5 | fd363324b7ba22cd1ed151f9e8b1cda4
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close