fwlogsum summarizes and maintains a set of HTML reports, based on user-specified reports and Checkpoint FW-1 log entries. A few default reports are included, but users are invited to customize and create their own.
74c0066929fbf585ad3782a74cd3d1fb96b146f139ad3400ef2e14591fae9c2c
rootkeep.sh obtains root locally on Solaris via an included kcms exploit, and modifies the startup scripts so an account is added each time the machine is rebooted.
b31cab0f47180be89e3bf59a1a2676046fa41c7ed2eaf453f1356516a401c87d
CERT Advisory CA-2000-10 - Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT Advisory CA-2000-08, but they have a similar impact.
caa2d8e1fc0030e105ed4758efd2116e7096d4949c4c4cfa5c18509f8e8e48a8
scl is a collection of 8 stable shellcodes in asm source code format. Includes a shellcode to bind a shell to a port in 96 bytes, code to echo strings, print messages, run shell scripts in /tmp, and send a UDP packet to a host.
04ff5197ed0a33727f8ca1a051ed29e07341fe847c5b094c40ea40d11c6a93a1
Netwin ESMTP Server v2.7q linux x86 remote exploit. Tested on RedHat 6.1, binds a shell to TCP port 30464.
f6229c6e2a67eb3307f3fb307b27985b9446209516295d99dc899bca3fe60903
Microsoft Security Bulletin (MS00-039) - "SSL Certificate Validation" vulnerabilities. Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Explorer 4 and 5. The vulnerabilities involve how IE handles digital certificates, allowing a malicious web site operator to pose as a trusted web site. This patch also eliminates all vulnerabilities discussed in Microsoft Security Bulletin here.
37483c950618d1bae7f4c63a69010fd2d860585f497e0aa1a4a70a22e898cb40
KNmap is a new KDE frontend for Nmap which supports all the scan methods and a great deal of options. Screenshot here.
89d5eb2e72ddcc2d63c65247ac755005f5365a352355bf770139f9fe34243dd0
INND (InterNet News Daemon) 2.2.2 has a remotely exploitable stack overflow in the control articles handler. About 80% of usenet servers are vulnerable.
1fdab59692baa167e5e89c82010248721ee6cdb5b14cc48401a4a2cd02d49432
ipac is an IP accounting package for Linux which collects, summarizes, and nicely displays IP accounting data. The output of ipac can be a simple ASCII table, an ASCII graph, or even images with graphs showing traffic progression. ipac can be used for IP traffic analysis and for accounting purposes.
117e5b140da794467f5847e10a4d70560aa2ce0dd345de0e02413db8ae6cb9df
ouch.c is a local linux denial of service attack which runs ls -w with a large parameter, causing ls to take up all the available memory. Obfuscated source.
8c5ebdec1d772958f856e4516beced5151ab86d93861706df9cec590be032d1c
Narrow Security Scanner 2000 (unix / perl) searches for 534 remote vulnerabilities. Updated frequently for the newest vulnerabilities. Tested on Redhat, FreeBSD, and OpenBSD, Slackware, and SuSE.
701e2addd80ef7d2ba0be0634202b7f96d79d360186a9cbe1c29b70f8c881acf
silk.c allows you to craft custom HTTP requests. Makes it simple to set the method, vhost, referer, uri, agent, and http version.
35938e66281bbf6dfc683c4e3cf483e136f5cca7e60c03a024454edf01a8cec8
eSS is a remote security scanner for linux that scans remote nodes for known security flaws. It does some of the simple probing technics automatically like banner grabbing, OS guessing. Includes a multithreaded TCP portscanner.
41d0d71c307fbb3009e934f1b1d31435169484601f32dff56538de5770a42377
Apache DSO backdoor - A get request to a "special" url allows remote command execution.
d49407f8380be928bcc8cb57171d11ca41fd2ec1f61a4678089d8ce1b6f3aaa9
Debian Security Advisory - Majordomo will no longer be distributed with Debian linux due to licensing restrictions which do not allow a fixed version of Majordomo to be distributed. If you are using majordomo we recommend that you replace it with one of the many other mailing-list tools available such as fml, mailman or smartlist. Debian security homepage: http://www.debian.org
05be458888b11488009cce8158839b8086d482254e1862d1ef230b28bd791957
Microsoft Security Bulletin (MS00-037) - Patch Available for "HTML Help File Code Execution" vulnerability. Microsoft has released a patch for a security vulnerability in the HTML Help facility which ships with Microsoft Internet Explorer 4 and 5. The vulnerability allows a malicious web site to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site. Microsoft FAQ on this issue available here.
2a85b0eb44b421e06ad2885b46582cb0f459c6609e585227ee502531b4ab6fb8
gdm (xdmcp) remote root exploit. Tested against SuSE 6.2 and RedHat 6.2 running gdm-2.0beta1-4. Binds a shell to port 3879.
5f84108be835cb86e853f427609a8dabcca65b14019c0c0ca3b864c31c36179b
This advisory presents an analysis of several vulnerabilities in the TACACS+ protocol. Unfortunately, only some of the vulnerabilities can be fixed without breaking the interoperability. Thus, the main purpose of this advisory is to identify the weaknesses, to allow for a conscious decision to be made on how much trust to place into the encryption offered by TACACS+.
072ddc2bf221d5c240f48441f527c417d20180f2dd0752f271db6be05c4d6be2
Delphis Consulting Plc Security Team Advisory DST2K0003 - Buffer Overrun in NAI WebShield SMTP v4.5.44 Management Tool for Microsoft Windows NT v4.0 Server (SP6). Any user who can connect to tcp port 9999 can obtain a copy of the configuration. Secondly, if you pass an oversized buffer of 208 bytes or more within one of the configuration parameters the service will crash overwriting the stack but and the EIP with what ever was passed within the parameter.
5230eece683fd72a6c2495b32df00a21a3efe154506ea65502fe723b503ba75a
Delphis Consulting Plc Security Team Advisory DST2K0007 - Buffer Overrun in ITHouse Mail Server v1.04 for Microsoft Windows NT v4.0 Workstation (SP6). Sending an email via SMTP to an IT House Mail Server with a recipient's name in excess of 2270 bytes causes the IT House Mail Server to buffer overrun overwriting the EIP, allowing an attacker to execute arbitrary code on the the server.
04158d4a5fa3738aa4bbf98b226f6ad9e374d75fe9a62e42b5df8f4909473a59
Delphis Consulting Plc Security Team Advisory DST2K0008 - Buffer Overrun in Sambar Server 4.3 (Production). By using the default finger script shipped with Sambar server it is possible to cause an Buffer overrun in sambar.dll overwriting the EIP allowing the execution of arbitry code.
05b6dfa2ec29e75514de7fa8cbc730fb79c63434ccf49ad1b6c49e7cedffd1cb
xterm denial of service attack - By sending the VT control characters to resize a window it is possible to cause an xterm to crash and in some cases consume all available memory. This is a problem because remote users can inject these control characters into your xterm in many different ways. This sample exploit injects these control characters into a web get request. If an admin were to cat this log file, or happened to be doing a "tail -f access_log" at the time of attack they would find their xterm crashed. Tested against rxvt v2.6.1 and xterm (XFree86 3.3.3.1b(88b).
e795174a235a3f5459e6a457c90c55832ca2987bccf1247db19929754e389a0e
Windows Media Encoder 4.0 and 4.1 is vulnerable to a remote denial of service attack. This source causes the Windows Media Encoder to crash with a "Runtime Error". Tested on version 4.1.0.3920. This is the vulnerability described in ms00-038.
2ed47a5509b2f1b80d55fd6418bff28abd5d3f4d1ccef95b325aedc8176ceead
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
b9e878d60975e8423fe2f6fd111af65627f5ad6761a8ae20153c699859a24004
Tcpdump2ascii version 2.10 - Takes the hexadecimal output from tcpdump(8) and produces the ASCII equivalent side by side.
c06763c61879d769de62d6811f0ed8d7e74faf1172022eda699969c8ea307ca1