exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2005-12-03

StackOverflow-Examples.txt
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Source code for all the examples used in tutorials 1 through 4 of 'Writing Stack Based Overflows On Windows'.

tags | paper, overflow
systems | windows
SHA-256 | 860b53e6a362f1432b875fd79227494b5d512c72cfa9e23132fc2648cd5ae25e
StackBasedOverflows-Windows-Part4.pdf
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part IV: Shellcode creation and exploitation an application remotely.

tags | paper, overflow, shellcode
systems | windows
SHA-256 | 8574a8998f8d62e5c51157c0cfca653779fe111f04fd2362565eb53dd4584fb2
StackBasedOverflows-Windows-Part3.pdf
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part III: Walking through a stack based overflow and writing an exploit for a local overflow.

tags | paper, overflow, local
systems | windows
SHA-256 | f90a0115f7445c95c71fa6878bcc43ebb6802fec3409da9bbdfa11726c784353
iwar-0.06.tar.gz
Posted Dec 3, 2005
Authored by Da Beave | Site softwink.com

Iwar is a war dialer written for Unix type (Linux/OpenBSD/etc) operating systems. It supports a nice curses based front end, ASCII/MySQL logging, system identification, multiple modems support, random/sequential dialing, key stroke logging, and more. Note: this is the source tarball for use under Unix variants.

Changes: Various small fixes. Added tone detection. Added more banners.
tags | tool, wardialer
systems | linux, unix, openbsd
SHA-256 | b8064ef9ba605903a94cb9f7f62d0bb616599319b1493c3bda8118af85f4ddb0
iwar-0.06-DOS.zip
Posted Dec 3, 2005
Authored by Da Beave | Site softwink.com

Iwar is a war dialer written for Unix type (Linux/OpenBSD/etc) operating systems. It supports a nice curses based front end, ASCII/MySQL logging, system identification, multiple modems support, random/sequential dialing, key stroke logging, and more. Note: this is the Cygwin version.

Changes: Various small fixes. Added tone detection. Added more banners.
tags | tool, wardialer
systems | linux, unix, openbsd
SHA-256 | f751be6be7256e79d683cb0cac49edc8019bb7913147b8871645a6168abb41a3
nufw-1.0.16.tar.gz
Posted Dec 3, 2005
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This is a security release. The NuFW team has identified a problem that could lead to Denial of Service from legitimate users of the authentication service. The bug was found in user packet parsing.
tags | tool, remote, firewall
systems | unix
SHA-256 | 89930c14ca97923365a142ba62a5972ef30ba14cce65eebb429f42d1bdc95051
arpalert-0.4.15.tar.gz
Posted Dec 3, 2005
Authored by Thierry Fournier | Site perso.numericable.fr

arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.

Changes: One bug fix and some code rewrites.
tags | local
systems | unix
SHA-256 | 8808dfc169757701cdb0c29529dd1b913bd7e9c782a794f0a4b161062047ac20
Openwall Linux Kernel Patch
Posted Dec 3, 2005
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Minimal changes.
tags | overflow, kernel
systems | linux
SHA-256 | bef89e4d59252dc6292974f13587c0a88fbec212e15d455e4d4d2d27d188a956
Nixory_0.3.5.zip
Posted Dec 3, 2005
Authored by Alfredo Spadafina | Site nixory.sourceforge.net

Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.

Changes: Various improvements. See changelog for full list.
SHA-256 | 6335c16eff0984a0b215a95c774388110f6efa38efcc7eb1d9d383c7d0a415ce
Mandriva Linux Security Advisory 2005.223
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

tags | advisory, remote, web, denial of service, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2005-3912
SHA-256 | 0fee6cfab26096bc7f6d51ca1fae2f550ceb001780b74a0358d40e8fb8ca3888
Mandriva Linux Security Advisory 2005.222
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Scrubber.py in Mailman 2.1.4 through 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. In addition, these versions of mailman have an issue where the server will fail with an overflow on bad date data in a processed message.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2005-3573
SHA-256 | f425e7c90ac8f9e309cae39b0cabc54364500222c5a30f89b8265ff017246c54
Mandriva Linux Security Advisory 2005.221
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients, which triggers a bus error in Perl.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2005-3351
SHA-256 | 9f7417bbb2d00f88c7609d6aef727ad016083afc9856bfd4c2dad15e077d16ce
zencart_126d_xpl.html
Posted Dec 3, 2005
Authored by rgod | Site retrogod.altervista.org

Zen-Cart versions 1.2.6d and below are susceptible to blind SQL injection and remote command execution attacks. Exploit included.

tags | exploit, remote, sql injection
SHA-256 | 16d5983a9f0364ddea49421fbc4f0e240f1760df33699aa25fd6e85b9567fb3d
freeHelpInject.txt
Posted Dec 3, 2005
Authored by BiPi_HaCk | Site NightmareSecurity.net

It appears that the Free Help Desk software by Help Desk Reloaded leaves the install.php file in place post installation, allowing remote attackers to create accounts without any authentication or access.

tags | exploit, remote, php
SHA-256 | 804b6bf95c701fc3e436588dcb9bb2b6c18779f0bb612923c56a2ad5eb75b375
SEC-20051202-0.txt
Posted Dec 3, 2005
Site sec-consult.com

SEC-CONSULT Security Advisory 20051202-0 - GMX Webmail when used with Microsoft Internet Explorer lends itself to cross site scripting attacks.

tags | advisory, xss
SHA-256 | 2a6711c44f9c685e8b7cc7212fd8144d93f917d56b960b6843bd977d8b2481f7
Ubuntu Security Notice 222-1
Posted Dec 3, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-222-1 - Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2005-3962
SHA-256 | bfe55a56e657241ef7dc2839ec85a1d525daa274af5d85c1db814fa6967a6512
perl-format-string.txt
Posted Dec 3, 2005
Authored by Steven M. Christey

Format String Vulnerabilities in Perl Programs - Whitepaper discussing all the attack and impact details of recent discussions surrounding format string exploitation in perl. Provides further insight on how these flaws can be manipulated and has examples.

tags | paper, perl, vulnerability
SHA-256 | 1f644276a53775b2a1efbef6e98a60ccf369cc0a40fb16ff4f0877b18aea1d03
Debian Linux Security Advisory 915-1
Posted Dec 3, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 913-1 - An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2629
SHA-256 | e179e51f3e9797508dd52404da38fedbe35d0ebe8081da2653062dcb8be36066
AD20051202.txt
Posted Dec 3, 2005
Authored by Sowhat | Site secway.org

WinEggDropShell Eternity version 1.7 is susceptible to preauth stack overflows. Proof of concept denial of service exploit included.

tags | exploit, denial of service, overflow, proof of concept
SHA-256 | 2ec95ea1eb4e9a0c406b4c6e8ae0c57a3f64aba3b51d781bc5062ceb434bc713
phpMyChat0146.txt
Posted Dec 3, 2005
Authored by Louis Wang | Site fortinet.com

phpMyChat version 0.14.6 is susceptible to cross site scripting flaws in start_page.css.php, style.css.php, and users_popupL.php.

tags | exploit, php, xss
SHA-256 | ab6d9e1e48b89ca2d7a166ddce989029d13c54b332b9e4bcad235e469d3ca99a
xfocus-SD-051202.txt
Posted Dec 3, 2005
Site xfocus.org

Openmotif version 2.2.3 is susceptible to multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | f305a8bd59f1f7cadacd438fb87151f8341629efdbb056c1ebaf294c3af53637
pbnj-1.10.tar.bz2
Posted Dec 3, 2005
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

tags | tool, scanner
systems | unix
SHA-256 | d75cad2daadc7fb0d9557d8ab4ba0d92ff4bb341606471f81dd36e99e6420cc3
Cisco Security Advisory 20051201-http
Posted Dec 3, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a 'show buffers' command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. This security advisory applies to all Cisco products that run Cisco IOS Software versions 11.0 through 12.4 with the HTTP server enabled.

tags | advisory, web, xss
systems | cisco
SHA-256 | 714b1c38572020e3ea7316ed9c36d2d58449b24d1be80a093082f494f0ad0cd2
EdgewallSQL.txt
Posted Dec 3, 2005
Authored by David Maciejak

Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.

tags | exploit, sql injection
SHA-256 | 0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279
GameFlyXSS.txt
Posted Dec 3, 2005
Authored by Matthew Benenati

GameFly, the popular online video game rental service, suffers from a cross site scripting flaw.

tags | exploit, xss
SHA-256 | ce3987d843bd39dcd1478bb5df3c15e8d042e5a41f5b48309878a478c11ec86a
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close