USSR Advisory #41 - HP Web JetAdmin web interface server directory traversal vulnerability. HP Web JetAdmin Version 5.6 for Windows NT and 2000 (tcp port 8000) allows an attacker to read any file outside of the intended web-published filesystem directory. Exploit URL included.
34a2c44b058e084b3e456e3f6fa27bcde80cc025fec19e5da65ab6189b9027a1Ping Analysis Tool II (PAT) performs icmp echo scans on a range of ip addresses as fast as physically possible. Features a dual-threaded scanning process and allows you to scan from a list of IP's.
8439bbaf530edef8540c0a91d5e8db14e343611eef1a9c0d9de2ea4f516e736eSAINT is the Security Administrator's Integrated Network Tool. It gathers as much information about remote hosts and networks as possible by examining all network services and potential security flaws. The collected data can then be analyzed using a simple rules-based system (or via other included interfaces). In Exploratory Mode, SAINT will examine the avenues of trust and dependency and iterate further data collection runs over secondary hosts.
a11fb20b7483f408d30ebabbfbf9d4fa739174d8f83dcd85e0c9d975b5737093There is a remote denial of service exploit against tcpdump. Tcpdump interprets UDP packets on port 53 as DNS traffic, however, domain names in DNS packets use a compression scheme that jumps to a particular offset in the packet to avoid multiple occurances. Sending a packet that has the offset set to a particular location and if a program trying to decompress the domain name does not have a strategy for avoiding infinite loops, tcpdump may fall into an infinite loop.
3cb11869215cdb4a624ad46e732b853b543df65c25669d3daa61fa3108233ad0Simpsons CGI Scanner v1.1 - Windows based CGI / web server vulnerability scanner with a simpsons theme. Tested on Windows 95/98/2000/NT. Allows use of your own CGI database.
eccab2ea264b74d35a86a8974f46766f2f878add00bf8ca13d7e4f6fff37b1bbBufferOverflow Security Advisory #5 - Remote shell via Qpopper2.53. qpop_euidl.c exploit included. Requires a qpop account and gives UID mail.
3b9258be6be245c764411f6a0fb9887e6d3353efa7d0f966e6a4b94561a41ad0Cisco IOS Router DOS attack via a specially formatted web get request.
46a1c083fa6d3a214e4d19120ba7ff3d0e614a13e73bbee75c39e927cf55ca4eCisco Auditing Tool - Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.
83f0404b49b0651b5b06b1a0938a579429b8de76f749a2b92532493f0ecbdcfcAnti-spoofing lkm for OpenBSD via setsockopt() - detects and logs IP header manipulation.
fca4eaa52977935a2efb9a116a709ae0a74a82aa8047fb6d7c04baf8fddfd9e4socket-dos.c is a local ssh-1.2.27 exploit which creates a UNIX domain socket with an arbitrary file name anywhere in the filesystem on some machines.
7bdb442b497c168920cf7dcefe4563db3d8741d098266c65dd84c6cadc0ad94aCRYPTO-GRAM May 15, 2000. In this issue: More on Microsoft Kerberos, Trusted Client Software, ILOVEYOU Virus, Computer Security: Will We Ever Learn?, Counterpane Internet Security News, and the Cybercrime Treaty.
42d10ab0dec9914d8b3833d78c6cbc4a2c76fc43734f36d7457fdc1d684c3a08Sniffit 0.3.7Beta Remote Exploit - sniffit has to be running (-L mail) flag set for this to work. Tested on RedHat 6.0.
b573a5413280903555b0ee0798458bf852149647ac3a38ccab820bebcba4ba44Total obscurity for BPF Promisc Mode. OpenBSD Port.
4075e9176076c0914106ea44b5e66b037da9891ef3eb9c883807688ff1af19b2killsentry.c shows that automatic firewalling is a bad idea by sending spoofed FIN packets from different hosts in an attempt to confuse Portsentry. Tested on FreeBSD 3.2.
53c616376a8cf4e338ec21587c689c67facb4791006565268125022e9ce67769cisconuke.c reboots cisco routers which have the web-server interface open by sending invalid data to port 80.
331f4fdea18bb2834318576aef12a0dbaa6325ac46b29b1e080265dea8743c64Ascend remote denial of service - Upon receiving a packet with non zero length tcp offsets ascend terminal servers will crash. Linux based exploit included.
1c9d5ce7aadfbcbc5a0f59fb1a4d4366d8f996bd3022ebe70ecda1d75003f9cfinduce-arp.pl is a working remote OS detection program which uses ARP fingerprinting. By inducing ARP requests it is possible to guess the other OS's of machines on your local network. Since ARP is a broadcast protocol this is effective in switched networks as well. Includes a HTML document explaining the ARP-based stack fingerprinting process.
ca96f7b1a22f95beefe6a08395853df01380d327b3cda165290aaae9ad7eb0d0Many windows based SMTP servers have problems handling with "mail from: 4k_junk" or just "4k_of_junk". Servers that tested vulnerable include Lotus Domino ESMTP Services running Version 5.0.3, the CMail Server version 2.4.6, and the Argosoft Mail Server version 1.2.1.0. Perl demonstration code included.
6981ec5d382606b4beca0cbf358e062bc54741f52bea2b1d33bd0b5f58454f56hellex.c is a local buffer overflow exploit for the Hellkit 1.2 shellcode generation package. Tested on Red Hat 6.0.
75f3c0bf13b260cd50665dcaca0b38166d372b5a1943a6e8675717b85338e5adLinux Security Magazine May 22 - In this issue: Slackware users, upgrade lynx!, Netscape 4.73 fixes SSL bugs, Many buffer overruns in Kerberos, Several problems in xemacs, gnapster/knapster - remote users to view local files, Lynx ports contain numerous buffer overflows, SUSE Kernel Vulnerability in the udp and ftp masquerading code, OpenLDAP 1.2.9 and earlier Vulnerability, An Introduction to IP Masquerading, Watching Your Logs by Lance Spitzner, Security Scanners for Linux, New DDoS tools developed, and much more.
b40de288e76e74e1d413613ac66dc1aa8ff276cc6af1c95bc09702d89772afa7Guide to Anonymity with MS-Windows. This little tutorial will explain step by step how to add support for socks chains to all your windows programs like telnet, ftp, irc, http, portscanners... (even if they don't support socks).
85308b2f270d88709f59694d106453e931539131e8c90481eecf4eaf7cd32881sscan was given to buffer0verfl0w security by jsbach for the project to be continued for jsbach. From now on sscan will go as sscan2k. sscan2k now has updated vulnerability checks along with all the other great features it had before, improved OS detection (user can update the fingerprints by editing Osdefs.ms [which comes in sscan2k scripting language]), etc.
a6f61002b67b260dd9f801c9a629380896d815e51bf747ee8b98e09a42b77705Pirch98 irc client ident/fserve daemon DoS overflow attack. Ported to Windows by Digital Monkey.
a1a158686a2877d6f2ffce956e41e66fcf83f693988305ba95026f257df4ab67Exile 2000 International Coding Team. Documentation about native raw socket programming.
ca82664b05cae82e6ef3f5ce15318146d5dd3596467fc2c0dd90043411341f95kshux.c -- krshd remote root exploit. This program exploits a vulnerability in the 'krshd' daemon included with the MIT Kerberos distribution. All versions are apparently vulnerable. This exploit is for Linux/x86 with Kerberos version 1.0.
21dbac49e32798d882c9cc979e90d774e5d8ce9558b1930028784d9a54094e1b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed