Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, sunRPC scanning, reverse-identd scanning, and more.
4c9cb2a6a8c1bf58251b9e7976b690741e13813f3a85b79b11751d4a272dd128
Internet Security Systems (ISS) X-Force has identified a backdoor password in the Red Hat Linux Piranha product. Piranha is a package distributed by Red Hat, Inc. that contains the Linux Virtual Server (LVS) software, a web-based GUI, and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha that may allow remote attackers to execute commands on the server. If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may login to the LVS web interface. From here LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.
61d620c67900aae2e66e83528048b341915c2605077b43b58e0a2baedc393854
incognitomail2.c sends fake mail using a wingate proxy to obscure the true origin of the message.
2db83f0aa98b6e3f8d8a8da4354b8fb4d3e12832b720864635806f9cb449ef61
LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here.
14eb38e3f0574a9702bdc7ae0cfe610a25f981b43a50cbfb49142d570cf2b5a2
Cerberus Information Security Advisory CISADV000420 - Windows NT/2000 cmd.exe overflow. Web servers that will execute batch files as CGI scripts on behalf of a client are therefore opened up to a Denial of Service attack. By providing an overly long string as an argument to a CGI based batch file it is possible to crash the command interpreter in the "clean up" stages.
0dcbdc1ab5da7d7148582f2f06ad1011474b95363fe58c05094dfee1821bee25
Windowmaker 0.62.0 buffer overflow exploit - Although wmaker is not suid by default, this code will overflow the $DISPLAY environment variable.
b98763e09a49cfb34054e919d503acf4584f861224878015ea7919bd5bb66904
Porkbind retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
01a44bdfaa6dfb80b04ef2c830604c4afaa45a6a9b4cae13d918a5c240ce64ee
BufOverA is a set of small Linux kernel patches which detect and block buffer overflows. The archive includes a whitepaper.
6873b3b05bf24f3ad3363c6fe3363bb5cd9821c8371ec918495eede637eb5e40
Cisco Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability. A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security vulnerabilities by security scanning software programs. The defect can be exploited repeatedly to produce a consistent denial of service (DoS) attack. Vulnerable releases include 11.3AA, 12.0(2) up to and including 12.0(6), and 12.0(7).
c2a046bca26844dbd75fc3680a4d278a190f831a1a15035f2023514a4fc60462
Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability. Cisco Catalyst software permits unauthorized access to the enable mode in the 5.4(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password.
2d3c392effc4cfb5fa8f42000720057f1235a6fe463f1b5a07f2fc28ba873093
Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed.
b0db99f7c34bff25675016b7d686dc44f9d1f5c8eb5ad9df8136433793fbd28a
No information is available for this file.
3908fa0feb2cffe5b002a944b067e1833c7d826002be6ef1240ffec9a4908f80
Seawall is an ipchains firewall that supports IP masquerading and can be used on a standalone system, on a dedicated firewall system or on a multi-use gateway/server. It supports VPN via IPIP tunnels and PPTP, has an easy to edit configuration file, and can be extended without modifying the base product. It also includes realtime monitoring with an audible alarm that sounds when suspect packets are detected.
c6b7ecad2f952ce2c74e786d6f6d7be95a099120087e94f981c5f8b643938bc3
Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
daeeaaf07bbd7be2d103ab1cd49ffde2eb56484860d53f34ddeeccce4add2867
RUS-CERT Advisory 200004-01: GNU Emacs 20 - Several vulnerabilities were discovered in all Emacs versions up to 20.6, including allowing unprivileged local users to eavesdrop the communication between Emacs and its subprocesses, Emacs Lisp tempfile problems, and the history of recently typed keys may expose passwords. The following systems were tested vulnerable: Linux, FreeBSD (and probably other *BSD variants), HP-UX 10.x, 11.00, and AIX 4. Solaris and DG/UX are unaffected.
fe08f79241b1678c1e36b5f1440264f0c9a684e418e8196b305527daa89884be
BindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used.
8ae1ac958cdd839a071092f69cb028444e52101f3979ebfa78fac418bae535d2
Panda Security 3.0 for Windows 95 and 98 can be bypassed. Panda Security 3.0 is vulnerable to indirect registry key modifications, which allow Panda Security keys to be manipulated by any logged-on user. Because of a lack in system integrity checks, the entire software package could be uninstalled by a user. This zipfile contains demonstration exploit code.
4b4ab65d6eacf95103362259811926559f9117aa0fb5e6e59d149556106746a2
regback.asm is a backdoor for NT written in pure asm.
bd616e1d07cd327035e514a318277f4e261bebd2ecf13fd9c7c0b7b66b029a75
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
2707d108aa34be6d15b939d6e07fd00586e3b50f6bcb2e2ddeecb06a9e8e9ab4
rdist-bsd.c is a /usr/bin/rdist local exploit for freebsd.
3c39ee0b6efc6bfe91006e554d30a0bbd9c36dc3d95f708823389f5965f0fa06
ypghost is a remote NIS exploit that spoofs UDP packets. Uses libpcap.
bb87cfbb877aa971c1b35751bd4906f5ec29a359da65516c007562b506662dab
sunkill.c - Remote solaris 2.5.1 dos exploit. Opens a telnet connection on the victim machine and sends a few bad telnet negotiation options, then flooods the port with lots of ^D characters, using all available kernel memory.
8fe99b8546ca54ea717e39b38445c9396fcd270d2358ac63e6f901fe719dcd3d
hupux.sh hp-ux 09.04 local exploit - Takes advantage of default world writable /usr/local/bin.
ff4ceda14a87f72936c2cccf417ed823558617ad5fcbae45178ab2582ae2440b
USSR Advisory #38 - Remote DoS attack in Real Networks Real Server. The Ussr Labs team has recently discovered a memory problem in the RealServer 7 Server. By sending specially-malformed information to port 7070 the proccess containg the service will die.
767c71c7cc59bbd6cb2d7075cf31625110e4ad3bfc58b5529615f609cce8ae9c
Microsoft Security Bulletin (MS00-028) - Procedure Available to Eliminate "Server-Side Image Map Components" Vulnerability. The FrontPage 97 and 98 Server Extensions include two components, Htimage.exe and Imagemap.exe, both contain unchecked buffers that could be used to run arbitrary code. Although part of the Server Extensions, these components also install as part of several other web server products. Microsoft FAQ on this issue here.
2e69640f35ba3d473e24e33b8187613991fb8153ebd7058644650e4f8fd410c7