An introductory paper for would-be hackers. It could also prove useful for network admins and hackers that want to improve themselves. Chapters include: The OS, Understanding TCP/IP, Becoming a Hacker, WHOIS Databases, Basic Tracerouting and Path Analysis, Mapping with DNS and Geolocation and more.
b4e91f313fa1cce8a5f8538e82a63ea7ab2d08cf63b8afe5a744d2e88801afa3libShellCode is a library that can be included when writing Linux and BSD i386 based exploits by providing functions that generate shellcode with user given parameters during runtime.
62dc05ebdc7b74df8811246fb68046d2fcd9f998a5c37747b2183c8dd2035545open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848An example of a return into libc exploit that possibly works though grsecurity patch protection.
3d52d2bc3578ca63d91d157654640485e25d9bb02f962aa6d3f5f5cfb99a6f01Linpha 1.1.0 suffers from a XSS vulnerability.
f7e3f5d7e4eb3b1bc3ee23685ee770c5e7307dd23fd9a66a2f4042defa1f53b3FlexBB 0.5.5 remote SQL login bypass exploit.
8ec957f077965343b237cb624658ab727dbed83ca28cd9460e3a4489e4d2e1b8Neon Responder 5.4 for Windows suffers from a DOS - sending it a specially crafted "Clock Synchronization" packet causes it to crash. POC included.
00308f6b50521d1c774a89502ee9de291b104713e6c78d55efed7ad64f9478bdRechnungsZentrale v2 suffers from SQL Injection and Remote File inclusion Vulnerabilities.
199f60d5a50ae67e551c0a6e37b12a5cd7446cbdbfe0fa75e2ffcebfaec62501Findnot.com DNS Privacy Breach, DNS Spoofing Exposure, and ISP Monitoring Vulnerability - Several vulnerabilities have been reported in Findnot.com's SSH Proxy Service which can cause all DNS requests for lookup of sites visited to be resolved using local DNS servers.
a31794b9b3bd88d68a780c393eeb2de80a451637e98988ab84f8fef14ed66b8cFindnot.com IP Address Privacy Breach and Unencrypted Data Vulnerability - Several vulnerabilities have been reported in Findnot.com's Microsoft PPTP VPN Service Client, which can cause intermittent immediate loss of anonymity and privacy while using the service.
c0752cb8fe102e220a572433d2dce33f44c4db45a14e50386da67dfd2e8bc542SnmShred Mail Shredder - A perl script designed to exploit the RCPT function of sendmail to flood a mail server.
cce6ffec509ff19248173998ae0f248d9ec996a9de28ed4954b65b709b198d89Defacing The Art Of Hijacking Spamming And EMail Viruses - A paper analyzing the methodology of hijacking a users web browser focusing mainly on Internet Explorer.
a19d8c74cf6da99ca80f6b3a1494254c3e49702f0a7e4c81583dd174eeb52bf6Web Management Port Scanner - a portscanner written in perl to find open web management ports.
8cad85f4aa0349fabc4af990c1d5409313e9fa2e773e2125d265b5db72cf634cNetProx Proxy Redirector - a proxy redirector written in PERL for connection redirection between remote machines.
7bb571bfb44fe6f5af0880fd8cc2ca70bcb72f15d7bc2483d40bae54f239f0f2phpMyAgenda 3.0 Final suffers from a Remote File Include Vulnerability in agenda.php3.
0127ffa3f68c50522dd1e30f8420f3e869bbb31c79e98814dd7ee96be5025be1bloggage suffers from a SQL injection vulnerability. POC included.
7a2ffb82807a4c80dfb88bf703c3f20e81c36ea5204da378e2d297a46d82a022Mini-NUKE v2.3 suffers from a SQL injection vulnerability.
114b0a0ebc035da9aeb614dc226952c5976517fc0db78b6fd4b1da9be7fdc486SUSE Security Announcement SUSE-SA:2006:021: various security problems in Mozilla based browsers.
857b5ed50fab95079142b787cc274b3bfa52988e5f7f05515ae658bda0a46019It is possible to bypass any website that is in the "Uncategorized" Websense Category simply by adding a question mark at the end of the URL.
55611f0cd7905eaaa26e929be292f5754311b45644f74b51d8641148f109ba74ActualAnalyzer suffers from a remote file inclusion vulnerability if register_globals = On.
d7ae65095b07e73a72f7307ef4ec2e3ffe376ec82b513e546dfba79ea5074470exploit for Oracle 10g 10.2.0.2.0.
5bdd48609fbc48eaa4e5f651c41fd237a9522c5bd339aa23e7688596c66c5426A perl script to bypass the OCR Shop XTR vvlicense validation scheme.
c421e21e1e3ad1e1c704a942563a1fcee8fa3f7a4e02ebabb0989d3873c8b188CuteNews 1.4.1 suffers from XSS.
5907095f8019149d125aa50509e94635b6c059595842c80febd4cd0ce81f8ad4Remote file open flaw in Firefox 1.5.0.2: It is possible by a malicious web site to open local content in the browser by tricking a user into right-clicking and +choosing "View Image" on a broken image, which is referencing a local resource (e.g. via the file: URI handler).
e147a304405ebb3f6d93391f1d2bd171363d6a3d926e7a0a8292f58a0b83dc2dMambo / Joomla do not properly validate user-supplied input in rss.php.A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation Path or force the script to create Tons of superfluous xml files which in some cases results in remote DOS attacks against target.
db42190082b571f33f9fecedb2b59dcaab5850e3a505040dbd582a73a9528652
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed