fwdumpd is a daemon which communicates with the kernel firewall using the netlink socket interface and copies packets marked for outputs to user space (usually using the -o of ipchains) to a binary capture file. This file is compatible with tcpdump and several other analysis programs. It is now possible to inspect all those denied packets.
04bf40765b8fa11dd16646a392b15afae060f3e050c0293c3c6f343862495986ITS4 is a command-line tool for statically scanning C and C++ source code for security vulnerabilities. ITS4 scans through source code for potentially dangerous function calls that are stored in a database. Anything that is in the database gets flagged. ITS4 tries to automate a lot of the grepping usually done by hand when performing security audits.
4f3470bd8a732a09f17144b08fa4ad2594e198f6a2e9af019b394c95c6d94fc1This script sniffs traffic on the network watching for ebay userids and passwords. This is only possible because (as of this writing), ebay does not encrypt passwords -- they are sent in the clear.
047eb7cf864eff046548ebc72fe5010637e84aa5fe2d26b6f6c2a5b387b08d88Exploit for recent FW-1 FTP problems - Demonstrate a basic layer violation in "stateful" firewall inspection of application data (ftp within IP packets). Checkpoint alert about this vulnerability here.
105b9db1985030576cb537ea4954c1985eb1a0c41554c114e8d7e40766964ac2Qpop3.0b30 and below buffer overflow exploit. Remote, but requires username and password.
5bb66376ba934f2d28de1c8aeb6fd8c5a2ffc62e7eeb4f7942ea86aa3d8efd43pcapmerge can be used to extract part of a binary packet capture file or merge several capture files. It is similar in scope to the tcpslice(1) program.
d6293544b2a8d52671262898d84da55fc238322abd2bef3276bc737edd3d5f36slipwire.pl v1.1 is the first iteration of a filesystem integrity checker. It compares the MD5 hashes of files to an initial state and alerts the user of any changes.
dc845bdc2c286c64e4e25ef76ed2d31d286b284b13dafc146ad73c3ba66ee6e6slipwire.pl is a simple filesystem integrity checker. It compares the SHA-1 hashes of files to an initial state and alerts the user of any changes.
daaae031940c7c22dd5e6516ffd418ec4e9210a88aa495f534346ff76d915c43Network Associates Security Advisory - A vulnerability in the ARCserve agent script allows local attackers to obtain root privileges and overwrite/insert data into arbitrary files.
fc4a12c72a4a1e54e091198085a56de890639e906f761c3922f184b0a5144490Frontpage-PWS32/3.0.2.926 (probably others) allows reading of any file on the system by putting /.../ into the url.
137d1427da44a3a1678c34f2c5e6d18c442d4b292586eb2186b4a6d260aca401On AIX 4.2 and 4.3, the SNMP daemon is enabled by default and two community names are enabled with read/write privileges. The community names are "private" and "system", but are only allowed from localhost connections. Nevertheless, a local user may install an SNMP client, and modify sensitive variables.
fca6ebe0cf09746cd05366bd5c1a1506252c063978e36c0e845128326548d809During the installation process of Windows 2000 professionnal anyone can connect to the ADMIN$ share as ADMINISTRATOR whithout any password.
28171d26faf3930c1a79b869e75aa51800e46d3d335d294936646c2ceee5982cMany devices come from the manufacturer configured with snmp enabled and unlimited access with *write* privledges. It allows attacker to modify routing tables, status of network interfaces and other vital system data, and seems to be extermely dangerous. To make things even worse, some devices seems to tell that write permission for given community is disabled, but you can still successfully write to it. This is a list of devices with default writable configurations.
64b8dfa2a60e46777335afd3866fb129ffab8f3f3c77ea49b736b92fb1b23445Patch for the Linux ipchains firewall to log source MAC address and TCP flags for all packets that get logged.
17bfd672bb0d3f6422803d89a8b47d00776cc840c1048f0d170cac34268fe89cmd-webscan is a high quality CGI vulnerability scanner. It is well written, easily extensible, and has a few nifty options.
4f436b5fe5116f0a5cf4116654ebdadc92d8a10ebd99c1569e9c3ce2d00d02b1md-webscan is a high quality CGI vulnerability scanner. It is well written, easily extensible, and has a few nifty options.
92e28833b15ad0ce6b9339a83e8b994deb37e1f6eba383e5fdfc64907ec4c28eVanish is a log wiper that cleans WTMP, UTMP, lastlog, messages, secure, xferlog, maillog, warn, mail, httpd.access_log, and httpd.error_log. Tested under SuSE.
2fabe2b5a6c22520710726c13fac0311577cbc303f7d2a6dc078df36af4e65acDeCSS is a handy Perl script which removes CSS tags from HTML pages.
af863c73e060f195d1e618e1dc2acb77e380c52919b6075c0108c2e2f7bfb9f2Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 320 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them.
8888891aec58ed227d88c863beaa2571d0125a10e020edc2fcceaa3a521cd294History Kill 2000 for Windows removes all traces of history in both Netscape and IE by removing URL drop-list history, detailed history file, cache, and cookies. 21 day evaluation.
49a94b1becb5e12ee9f6babd8f857ef6cbaf4be0d9fbbab3f8656055dddd8e39Fwctl is a program that intends to make it easier to configure a tight firewall. It provides a configuration syntax that is easier to use and more expressive than the low-level primitives offered by ipchains. It supports multiple interfaces, masquerading and packet accounting. Fwctl doesn't replace a good security engineer, but it can make the job of the security engineer simpler.
3a41caf6e736dcf2018b27cd203759d9a48d5e1e797e7312d502c25ab1e673b5syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful.
8febeac3a3fc42944a890455ccea5b7faf7ea2d39675da8150d4d1ed5b9ae50eFAQ on implementing a Network Based IDS in a heavily switched environment.
cc66b70318c7efd394059454a0d70109b701ba98a36ee39ee4fb3c3150644b34SUID Advisory #5 - DCFORMS98.CGI Advisory - Anyone can create / truncate any file owned by the web server user.
622d24605c915932cd5a7cb660b480ecd49f2adef13453625c046a4da0b01370Narrow Security Scanner 2000 searches for 297 remote vulnerabilities. Written in perl, tested on Redhat, FreeBSD, and OpenBSD, Slackware, and SuSE.
cbf5dbf759a6a030ab9ce87d2def68d57adcbc9526f9099ec608606574c2616d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed