exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 243 RSS Feed

Files Date: 2000-10-01 to 2000-10-31

safer.001026.EXP.1.8
Posted Oct 28, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien | Site safermag.com

S.A.F.E.R. Security Bulletin 001026.EXP.1.8 - iPlanet Web Server 4.x for Solaris, Linux, and Windows NT contains a remotely exploitable buffer overflow if server side parsing is enabled with the "parsed html" option.

tags | web, overflow
systems | linux, windows, solaris
SHA-256 | 22b7bfa6cd36594ff96d31ea269f256e311351303fa334059f3529b110ff1068
ipac-1.10.tar.gz
Posted Oct 27, 2000
Authored by Moritz Both | Site comlink.apc.org

ipac is an IP accounting package for Linux which collects, summarizes, and nicely displays IP accounting data. The output of ipac can be a simple ASCII table, an ASCII graph, or even images with graphs showing traffic progression. ipac can be used for IP traffic analysis and for accounting purposes.

Changes: ipac now allows the generation of png images with a new libgd. There are several small bugfixes in this release.
systems | linux
SHA-256 | a6f62d6aa0e7b07dcb2ab92217170a7b58d4cfcf0f45f323683cdc5a61a31d71
ethereal-0.8.13.tar.gz
Posted Oct 27, 2000
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: New home page, New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were re-written, and many other dissectors were updated and improved. The wiretap library enables Ethereal to read Nokia-firewall tcpdump files, Shomiti Surveyor 3.x files, pppd log files (pppdump format), and NetXRay ATM files.
tags | tool, sniffer, protocol
systems | unix
SHA-256 | 05c361000494e7c814b3487515841ea9474cc7e29134d3ebbbf528b150cce3d2
ms00-081
Posted Oct 27, 2000

Microsoft Security Bulletin (MS00-081) - Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM) that originally was discussed in Microsoft Security Bulletin MS00-011. Like the original vulnerability, the new variant enables malicious web site operators to read files from the computer of a person who visited his site or read web content from inside an intranet. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | 53bcca2df1f42da2a54f88ae83696eb750ff3c84cd952521ddb5b5711ddc32fb
godmessageIV.zip
Posted Oct 27, 2000
Authored by The Pull

Godmessage 4 Revision 5 is an implementation of Georgi Guninski's recent ActiveX exploit for Internet Explorer which attempts to install a trojan on any machine which views the included HTML.

Changes: Revision 5 has all of the rest of the bug updates, plus includes an encrypted version, and denial of service versions (to force the user to reboot and shut down the server). It also includes an important hints section, and generally has been the work of the three developer's and a ton of testers. Warning: Do not view the included HTML files with an unpatched browser if you run Windows.
tags | exploit, trojan, activex
SHA-256 | 4169810d4b2ebb4d39ec0d7dcc8a86bacb18f9009719e1fafc944364097eda78
inbusdos.c
Posted Oct 27, 2000
Authored by Incubus | Site securax.org

Denial of Service attack against an Intel InBusiness eMail Station. Will send a 630 char buffer to the pop server as argument of a USER command. The little box needs to be "powered off" and -on again.

tags | exploit, denial of service
SHA-256 | 097d217d961c8d8bf396fe40cca2df3a255ed805abb39c1fe873baf76da9a46a
ntop-src-Oct-26-2000.tar.gz
Posted Oct 27, 2000
Site www-serra.unipi.it

Ntop is a very useful Unix / Windows network sniffing tool that shows the network usage, similar to what the popular top Unix command does. Has an interactive mode and a web mode for greater functionality and options, shows network traffic sorted according to various criteria, displays traffic statistics, shows IP traffic distribution among the various protocols, analyses IP traffic and sorts it according to the source/destination, displays IP Traffic Subnet matrix (who's talking to who?), reports IP protocol usage sorted by protocol type.

Changes: Fixed a remotely exploitable stack overflow in ntop -w. New interactive command shell!
tags | tool, web, sniffer, protocol
systems | windows, unix
SHA-256 | 68f68ac1624813bc5785e9933a7196661afd840f0d98d27e7588fb330bf8e72b
ntop-w-exp.c
Posted Oct 27, 2000
Authored by JW Oh

Ntop -w v1.2a1 remote stack overflow exploit. Ntop in web mode (-w) contains an overflow when a long filename is requested. Fix available here.

tags | exploit, remote, web, overflow
SHA-256 | ce04a0904b889efb589dd7afd4461f07739d833d857e3149af3cf2126d26ec8e
Internet Security Systems Security Advisory October 25, 2000
Posted Oct 27, 2000
Authored by Ben Layer, Aaron Newman | Site xforce.iss.net

Internet Security Systems (ISS) X-Force has discovered a vulnerability in the listener program in Oracle Enterprise Server. It is possible for a remote attacker to gain access to the Oracle owner operating system account and the Oracle database, and to execute code in various operating systems.

tags | remote, vulnerability
SHA-256 | 56a9846b839261c36ea3bf7d4d00b3a6525142283821baca682d5ef473d0d305
riven-1.0.1.tar.gz
Posted Oct 27, 2000
Authored by Zorgon

Riven is a CGI scanner which uses RFP anti-IDS tactics, flase browser / referer, and a perl/GTK interface.

tags | cgi, perl
systems | unix
SHA-256 | 019a8748eaa49d241b60bb6fe6e9a2db8eba78d1cebf024f19f604827be4eb21
SUN MICROSYSTEMS SECURITY BULLETIN: #00198
Posted Oct 27, 2000
Site sunsolve.sun.com

Patch advisory for Sun Microsystems. Please read for details.

tags | web
SHA-256 | ac5a483433c40d7b7830bdbf1e5be780f67892c00ad1b278e4bacbe27f5f7062
syswatch-1.4.3.tar.gz
Posted Oct 27, 2000
Authored by Chris Martino | Site smirks.org

SysWatch is a perl / cgi script that allows you to view current system information, disk utilization, resource utilization all in your web browser.

Changes: Bug fixes and enhancments.
tags | tool, web, cgi, perl
systems | unix
SHA-256 | f574e4230b263c4a6f91e5e6e427e4305fd263cec5bc31fa8c687cd738348f32
core-sdi.mysql
Posted Oct 27, 2000
Site core-sdi.com

Core SDI Advisory CORE-20001023 - The "MySQL Database Engine" uses an authentication scheme designed to prevent the flow of plaintext passwords over the network and the storage of them in plaintext. For that purpose a challenge-response mechanism for authentication has been implemented on all versions of MySQL. The authentication mechanism is not cryptographically strong. Each time a user executes this mechanism, information allowing an attacker to recover this user's password is leaked. Fix available here.

tags | sql injection
SHA-256 | 0da0ee191f40700e2b923a6e12d334f1e0e930fd9cb2f89a2bfd92adeafda30e
rhsa.2000-086-05.ypbind
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access.

tags | local, root
systems | linux, redhat
SHA-256 | e2bc8aaefde02362fb2ac9bbc2b600f1dc777f40f304caf14d43b4a03937deae
rhsa.2000-092-01.curl
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - A bug in some versions of curl would cause it to incorrectly parse error responses from FTP servers. A malicious FTP server could use this bug to crash its client.

systems | linux, redhat
SHA-256 | 6e2391e0dd98aa5ea6b0bdd5a4deb92efc6e3d76dcb3ae579ee35b9362294747
rhsa.2000-088-04.apache
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - A vulnerability in the mod_rewrite module and vulnerabilities in the virtual hosting facility in versions of Apache prior to 1.3.14 may allow attackers to view files on the server which are meant to be inaccessible. Format string vulnerabilities have been found in PHP versions 3 and 4.

tags | php, vulnerability
systems | linux, redhat
SHA-256 | 6288e107de691c83bc02de5b7e3bf8d172637322deaeff1feb317db4036c5989
hp-ux.crontab.sh
Posted Oct 24, 2000
Authored by Kyong-won Cho | Site hackerslab.com

HP/UX crontab local shell script exploit.

tags | exploit, shell, local
systems | hpux
SHA-256 | 8db2472fc166d889f4791e2f620b41fb4436110f5536153e1ce57597db33ec00
whisker-1.4+SSL.tar.gz
Posted Oct 24, 2000
Authored by rain forest puppy | Site wiretrip.net

whisker v1.40 with native SSL support. Adds a -x option which uses the Net::SSLeay perl module and OpenSSL. Whisker is what I've dubbed a 'next generation' CGI scanner. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.

Changes: SSL patch by H.D. Moore at http://www.digitaloffense.net:8000.
tags | cgi, perl
systems | unix
SHA-256 | b08da8795124f5cedfed471dc8c6fdce6b7cc819512817bb29e50ed6a5ac34ce
sendip-1.1.tar.gz
Posted Oct 24, 2000
Authored by Mike Ricketts | Site earth.li

SendIP is a commandline tool to send arbitrary IP packets. It has a large number of command line options to specify the content of every header of a TCP, UDP, ICMP, or raw IP packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

Changes: This release adds RIP-1 and RIP-2 support and various bugfixes.
tags | tool, arbitrary, udp, tcp
systems | unix
SHA-256 | e6ff7c45faed15d89b54c2a93a9bddf0e81e813e597635cc976461475af89154
fwlogwatch-0.0.22.tar.gz
Posted Oct 24, 2000
Authored by Boris Wesslowski | Site kyb.uni-stuttgart.de

fwlogwatch analyzes the ipchains packet filter logfiles and generates text and HTML summaries. Features realtime anomaly response capability and has an interactive report generator.

tags | tool, firewall
systems | unix
SHA-256 | 046ebd4d6ca7d7a8a764f05c9c9bc0e05b10370daebb90f1fc4a4cc3864188ba
Retaining Root
Posted Oct 24, 2000
Authored by Da Void

How to keep access to a rooted system.

tags | paper, root
SHA-256 | 6aea0980f6199821d95be6e02ee15a897c546b8c86715b0601ed199651f116cc
pqwak.zip
Posted Oct 24, 2000
Authored by Shane Hird

This program exploits a flaw in the share level password authentication of MS windows 95/98/ME in its CIFS protocol to find the password of a given share on one of these machines, as discussed in ms00-072. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, protocol
systems | windows
SHA-256 | 84e85c9487fc7ab4b25b357ee23948e85add674c5c955c17a2f3230d2fe92178
iis.asp.txt
Posted Oct 24, 2000
Site videotron.ca

How to read ASP source code on an IIS 5 server using the recently discovered IIS vulnerability.

tags | exploit, asp
SHA-256 | fbbc4a903d4d14e72415134d1f5fec3c86d4c7566f7cc3e2e8f21160f8293dc4
redhat.lpr.txt
Posted Oct 21, 2000
Authored by Zen-Parse

Lpr lpr-0.50-4 and below contains vulnerabilities which allow local users to access other accounts, and sometimes root.

tags | exploit, local, root, vulnerability
SHA-256 | 6ab9815eb4979f4f020da0a0b9a0978875d632bc2a0951630c7aef34b390f59a
rhsa.2000-084-04.gnupg
Posted Oct 21, 2000
Site redhat.com

Red Hat Security Advisory - A problem has been found in GnuPG versions (up to and including 1.0.3). Due to this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is invalid.

systems | linux, redhat
SHA-256 | 1ab144da652cc58ee50c74503e5ec6b62d5b5b1ed4bfec784c0eee283a2b6ac6
Page 2 of 10
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close