iisex.c is a remote command execution exploit for Microsoft IIS 4.0 and 5.0, as discussed in iis-unicode.txt which attempts to provide an interactive cmd.exe shell.
4750ce76fa11a85f6f1ef97478408066fedff3d6adc705ce98126be2563f7cf6Godmessage Creator allows you to implement the Godmessage IV activeX attack with any binary you supply. Archive password is set to p4ssw0rd. Use at your own risk.
8b751618680d29f8d2831c34ab44c59ad158f04b6ca06ab2dc7bf54d2d4588e6Red Hat Security Advisory - A local security hole has been found in GnoRPM due to insecure temp file handling.
d484269415fd23af6271b90b6a96a8bf90b91f1e7aaa58b0b16ce78876b0e252/usr/sbin/userhelper / kbdrate local root exploit - works only at console. Works well for people you know.
f306e4b3197582d95675db9964fb45bc371416bf6ee9795a7888f293e8872bc3Dafinger.pl attempts to find valid logins on hosts which run a finger service by guessing common user names.
6d3af756916b44a5a8ac832750e947c87afeeb71ab8ead63340b4bd1f2ec398dSlackware Linux's ppp-off command uses /tmp insecurely by writing ps output to /tmp/grep.tmp, allowing an unprivileged user to overwrite any file as root.
1e2516ab243a13e088be91f759a25f88ce099f7410487a4e595a22b99aeb688cUSSR Advisory #55 - A buffer overflow has been discovered in HyperTerminal which can cause arbitrary code from a HTML mail message to be executed via a telnet: URL, as described in here.
85ca8996cd03accb38cdecb208c7ce2df6f76e5c8106f0d4a14a2bdfa8b528fcBastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat Linux 6.0/6.1. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.
58d37442f50e88aa2e4c0f0ae4c0a1fe63bef24975555d4b2b8f126acc97c632DNS Spy v 2.2 is a shell scripted DNS lookup scanner for class C networks which uses the host command.
64ab5933273234e032683c7bfeba9215aef8356ee7c6f85a756073d7c425881eUSSR Advisory #54 - TransSoft's Broker FTP Server versions prior to v4.3.0.1 contains a buffer overflow which results in denial of service. Fix available here.
f9f7ee2052ff2f54cc841d28d2c8aeb4d677ca0e0a287718e145b7322f9a35f3The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.
321410a4245baf94d24899baac40728a163cf83df38b90575b4aac920f73f359Auction Weaver LITE 1.0 - 1.04 contains remote vulnerabilities which allow users to read any file on the filesystem, and delete arbitrary files. Fix available here.
7321c9d080577203ab8456a7016142136aeefd6b6f8b4e04f589c76bd7ab1aa9Atstake Security Advisory (updated) - iPlanet's iCal, a multiplatform calendaring server, introduces a number of vulnerabilities to the system in which it is installed on. These vulnerabilities, ranging from poor file permissions to insecure programming practices allow local attackers to obtain root access, and remote attackers to monitor keystrokes. Includes obtain-ics.sh, a simple proof of concept local exploit.
9cb5d1d8417dd354b9437abf1dbd4e8347b3b25d0144afcd99dc883675a69423Red Hat Security Advisory - Potential security problems in ping have been fixed. An 8 byte buffer overflow was fixed, a static buffer overflow was fixed, and root priviledges are now dropped after acquiring a raw socket.
48ed726f392d820a268f5a923b847720b6b6045ad3de9acb60f37da02749ed8eGeorgi Guninski security advisory #24 - IE 5.5, Outlook, and Outlook Express has a serious security vulnerability which allows remote users to read local files, arbitrary URLs, and local directory structure after viewing a web page or reading HTML message. The problem is that you are allowed to specify an arbitrary codebase for an applet loaded from here.
4c84e6a9bab5f1f849dc508650403150f24b823501e7ecc02ccf5a7182a26dbc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed