Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, sunRPC scanning, reverse-identd scanning, and more.
4c9cb2a6a8c1bf58251b9e7976b690741e13813f3a85b79b11751d4a272dd128Internet Security Systems (ISS) X-Force has identified a backdoor password in the Red Hat Linux Piranha product. Piranha is a package distributed by Red Hat, Inc. that contains the Linux Virtual Server (LVS) software, a web-based GUI, and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha that may allow remote attackers to execute commands on the server. If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may login to the LVS web interface. From here LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.
61d620c67900aae2e66e83528048b341915c2605077b43b58e0a2baedc393854incognitomail2.c sends fake mail using a wingate proxy to obscure the true origin of the message.
2db83f0aa98b6e3f8d8a8da4354b8fb4d3e12832b720864635806f9cb449ef61LCDproc is a system to display system information and other data on an LCD display which uses client / server communication. The server is vulnerable to remote buffer overflow allowing an attacker to remotely execute arbitrary code or cause the LCDproc server to crash. Patch available here.
14eb38e3f0574a9702bdc7ae0cfe610a25f981b43a50cbfb49142d570cf2b5a2Cerberus Information Security Advisory CISADV000420 - Windows NT/2000 cmd.exe overflow. Web servers that will execute batch files as CGI scripts on behalf of a client are therefore opened up to a Denial of Service attack. By providing an overly long string as an argument to a CGI based batch file it is possible to crash the command interpreter in the "clean up" stages.
0dcbdc1ab5da7d7148582f2f06ad1011474b95363fe58c05094dfee1821bee25Windowmaker 0.62.0 buffer overflow exploit - Although wmaker is not suid by default, this code will overflow the $DISPLAY environment variable.
b98763e09a49cfb34054e919d503acf4584f861224878015ea7919bd5bb66904Porkbind retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
01a44bdfaa6dfb80b04ef2c830604c4afaa45a6a9b4cae13d918a5c240ce64eeBufOverA is a set of small Linux kernel patches which detect and block buffer overflows. The archive includes a whitepaper.
6873b3b05bf24f3ad3363c6fe3363bb5cd9821c8371ec918495eede637eb5e40Cisco Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability. A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security vulnerabilities by security scanning software programs. The defect can be exploited repeatedly to produce a consistent denial of service (DoS) attack. Vulnerable releases include 11.3AA, 12.0(2) up to and including 12.0(6), and 12.0(7).
c2a046bca26844dbd75fc3680a4d278a190f831a1a15035f2023514a4fc60462Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability. Cisco Catalyst software permits unauthorized access to the enable mode in the 5.4(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password.
2d3c392effc4cfb5fa8f42000720057f1235a6fe463f1b5a07f2fc28ba873093Microsoft Frontpage CERN Image Map Dispatcher (/cgi-bin/htimage.exe) comes by default and has three vulnerabilities. The full path to the root directory is revealed, a buffer overflow was found - remote code execution may be possable, and files on the server may be accessed.
b0db99f7c34bff25675016b7d686dc44f9d1f5c8eb5ad9df8136433793fbd28aNo information is available for this file.
3908fa0feb2cffe5b002a944b067e1833c7d826002be6ef1240ffec9a4908f80Seawall is an ipchains firewall that supports IP masquerading and can be used on a standalone system, on a dedicated firewall system or on a multi-use gateway/server. It supports VPN via IPIP tunnels and PPTP, has an easy to edit configuration file, and can be extended without modifying the base product. It also includes realtime monitoring with an audible alarm that sounds when suspect packets are detected.
c6b7ecad2f952ce2c74e786d6f6d7be95a099120087e94f981c5f8b643938bc3Novell Netware 5.1 Remote Administration Service contains a buffer overflow that could allow an attacker to launch a denial of service attack against the system, or possibly inject code into the operating system for execution. DoS exploit included.
daeeaaf07bbd7be2d103ab1cd49ffde2eb56484860d53f34ddeeccce4add2867RUS-CERT Advisory 200004-01: GNU Emacs 20 - Several vulnerabilities were discovered in all Emacs versions up to 20.6, including allowing unprivileged local users to eavesdrop the communication between Emacs and its subprocesses, Emacs Lisp tempfile problems, and the history of recently typed keys may expose passwords. The following systems were tested vulnerable: Linux, FreeBSD (and probably other *BSD variants), HP-UX 10.x, 11.00, and AIX 4. Solaris and DG/UX are unaffected.
fe08f79241b1678c1e36b5f1440264f0c9a684e418e8196b305527daa89884beBindView RAZOR Team Analysis of DVWSSR.DLL - The risks of having dvwssr.dll are not as severe as originally reported in media outlets Friday morning, but still severe enough that system administrators responsible for NT systems to investigate. The risks involve whether or not a certain DLL is loaded, how rights are set, and potentially how Front Page 98 is used.
8ae1ac958cdd839a071092f69cb028444e52101f3979ebfa78fac418bae535d2Panda Security 3.0 for Windows 95 and 98 can be bypassed. Panda Security 3.0 is vulnerable to indirect registry key modifications, which allow Panda Security keys to be manipulated by any logged-on user. Because of a lack in system integrity checks, the entire software package could be uninstalled by a user. This zipfile contains demonstration exploit code.
4b4ab65d6eacf95103362259811926559f9117aa0fb5e6e59d149556106746a2regback.asm is a backdoor for NT written in pure asm.
bd616e1d07cd327035e514a318277f4e261bebd2ecf13fd9c7c0b7b66b029a75The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
2707d108aa34be6d15b939d6e07fd00586e3b50f6bcb2e2ddeecb06a9e8e9ab4rdist-bsd.c is a /usr/bin/rdist local exploit for freebsd.
3c39ee0b6efc6bfe91006e554d30a0bbd9c36dc3d95f708823389f5965f0fa06ypghost is a remote NIS exploit that spoofs UDP packets. Uses libpcap.
bb87cfbb877aa971c1b35751bd4906f5ec29a359da65516c007562b506662dabsunkill.c - Remote solaris 2.5.1 dos exploit. Opens a telnet connection on the victim machine and sends a few bad telnet negotiation options, then flooods the port with lots of ^D characters, using all available kernel memory.
8fe99b8546ca54ea717e39b38445c9396fcd270d2358ac63e6f901fe719dcd3dhupux.sh hp-ux 09.04 local exploit - Takes advantage of default world writable /usr/local/bin.
ff4ceda14a87f72936c2cccf417ed823558617ad5fcbae45178ab2582ae2440bUSSR Advisory #38 - Remote DoS attack in Real Networks Real Server. The Ussr Labs team has recently discovered a memory problem in the RealServer 7 Server. By sending specially-malformed information to port 7070 the proccess containg the service will die.
767c71c7cc59bbd6cb2d7075cf31625110e4ad3bfc58b5529615f609cce8ae9cMicrosoft Security Bulletin (MS00-028) - Procedure Available to Eliminate "Server-Side Image Map Components" Vulnerability. The FrontPage 97 and 98 Server Extensions include two components, Htimage.exe and Imagemap.exe, both contain unchecked buffers that could be used to run arbitrary code. Although part of the Server Extensions, these components also install as part of several other web server products. Microsoft FAQ on this issue here.
2e69640f35ba3d473e24e33b8187613991fb8153ebd7058644650e4f8fd410c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed