exploit the possibilities
Showing 26 - 50 of 243 RSS Feed

Files Date: 2000-10-01 to 2000-10-31

Posted Oct 28, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien | Site safermag.com

S.A.F.E.R. Security Bulletin 001026.EXP.1.8 - iPlanet Web Server 4.x for Solaris, Linux, and Windows NT contains a remotely exploitable buffer overflow if server side parsing is enabled with the "parsed html" option.

tags | web, overflow
systems | linux, windows, nt, solaris
MD5 | b5639f7fc4bc82a7402ad36ea1fd1225
Posted Oct 27, 2000
Authored by Moritz Both | Site comlink.apc.org

ipac is an IP accounting package for Linux which collects, summarizes, and nicely displays IP accounting data. The output of ipac can be a simple ASCII table, an ASCII graph, or even images with graphs showing traffic progression. ipac can be used for IP traffic analysis and for accounting purposes.

Changes: ipac now allows the generation of png images with a new libgd. There are several small bugfixes in this release.
systems | linux
MD5 | f85f99bb64c13fe76742544f92249978
Posted Oct 27, 2000
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: New home page, New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were re-written, and many other dissectors were updated and improved. The wiretap library enables Ethereal to read Nokia-firewall tcpdump files, Shomiti Surveyor 3.x files, pppd log files (pppdump format), and NetXRay ATM files.
tags | tool, sniffer, protocol
systems | unix
MD5 | 27c799d82573a4d88354938aba0c6325
Posted Oct 27, 2000

Microsoft Security Bulletin (MS00-081) - Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM) that originally was discussed in Microsoft Security Bulletin MS00-011. Like the original vulnerability, the new variant enables malicious web site operators to read files from the computer of a person who visited his site or read web content from inside an intranet. Microsoft FAQ on this issue available here.

tags | web
MD5 | eac133f74bfb99c54f8e84a7e3a1db2e
Posted Oct 27, 2000
Authored by The Pull

Godmessage 4 Revision 5 is an implementation of Georgi Guninski's recent ActiveX exploit for Internet Explorer which attempts to install a trojan on any machine which views the included HTML.

Changes: Revision 5 has all of the rest of the bug updates, plus includes an encrypted version, and denial of service versions (to force the user to reboot and shut down the server). It also includes an important hints section, and generally has been the work of the three developer's and a ton of testers. Warning: Do not view the included HTML files with an unpatched browser if you run Windows.
tags | exploit, trojan, activex
MD5 | 8e5db743f337d4d85b3f115ab59a48c5
Posted Oct 27, 2000
Authored by Incubus | Site securax.org

Denial of Service attack against an Intel InBusiness eMail Station. Will send a 630 char buffer to the pop server as argument of a USER command. The little box needs to be "powered off" and -on again.

tags | exploit, denial of service
MD5 | f84758925a7c9c001c3b79d421dc7792
Posted Oct 27, 2000
Site www-serra.unipi.it

Ntop is a very useful Unix / Windows network sniffing tool that shows the network usage, similar to what the popular top Unix command does. Has an interactive mode and a web mode for greater functionality and options, shows network traffic sorted according to various criteria, displays traffic statistics, shows IP traffic distribution among the various protocols, analyses IP traffic and sorts it according to the source/destination, displays IP Traffic Subnet matrix (who's talking to who?), reports IP protocol usage sorted by protocol type.

Changes: Fixed a remotely exploitable stack overflow in ntop -w. New interactive command shell!
tags | tool, web, sniffer, protocol
systems | windows, unix
MD5 | 8cec1bf314ed2ced4b421221aa197b21
Posted Oct 27, 2000
Authored by JW Oh

Ntop -w v1.2a1 remote stack overflow exploit. Ntop in web mode (-w) contains an overflow when a long filename is requested. Fix available here.

tags | exploit, remote, web, overflow
MD5 | abb80e9bb02c833b5ddf7f8b1f693065
Posted Oct 27, 2000
Authored by Ben Layer, Aaron Newman | Site xforce.iss.net

ISS Security Advisory - Oracle listener program releases 7.3.4, 8.0.6, and 8.1.6 on all platforms contains remote vulnerabilities which allow an attacker to gain access to an operating system account. Fix available here.

tags | remote, vulnerability
MD5 | d68a5327986ff62710b677cf2379e499
Posted Oct 27, 2000
Authored by Zorgon

Riven is a CGI scanner which uses RFP anti-IDS tactics, flase browser / referer, and a perl/GTK interface.

tags | cgi, perl
systems | unix
MD5 | 80be40e874f75a011003990b38d9d684
Posted Oct 27, 2000
Site sunsolve.sun.com

Sun Microsystems Security Bulletin #198 - A specific web browser certificate from Sun may have received outside exposure and needs to be removed if it has been accepted.

tags | web
MD5 | b07ced7e1eeca89988e2034e853724d4
Posted Oct 27, 2000
Authored by Chris Martino | Site smirks.org

SysWatch is a perl / cgi script that allows you to view current system information, disk utilization, resource utilization all in your web browser.

Changes: Bug fixes and enhancments.
tags | tool, web, cgi, perl
systems | unix
MD5 | 04e30c67049d5a590f8975486b7127c6
Posted Oct 27, 2000
Site core-sdi.com

Core SDI Advisory CORE-20001023 - The "MySQL Database Engine" uses an authentication scheme designed to prevent the flow of plaintext passwords over the network and the storage of them in plaintext. For that purpose a challenge-response mechanism for authentication has been implemented on all versions of MySQL. The authentication mechanism is not cryptographically strong. Each time a user executes this mechanism, information allowing an attacker to recover this user's password is leaked. Fix available here.

tags | sql injection
MD5 | 87539f864a1cc0d03a617d14b0c14b80
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access.

tags | local, root
systems | linux, redhat
MD5 | 8ed7c57b46ef41b7214a26c05d851f04
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - A bug in some versions of curl would cause it to incorrectly parse error responses from FTP servers. A malicious FTP server could use this bug to crash its client.

systems | linux, redhat
MD5 | 19148875d7acec8372ef49a014462d48
Posted Oct 24, 2000
Site redhat.com

Red Hat Security Advisory - A vulnerability in the mod_rewrite module and vulnerabilities in the virtual hosting facility in versions of Apache prior to 1.3.14 may allow attackers to view files on the server which are meant to be inaccessible. Format string vulnerabilities have been found in PHP versions 3 and 4.

tags | php, vulnerability
systems | linux, redhat
MD5 | 1232c435758b4f704602a9864f4c403b
Posted Oct 24, 2000
Authored by Kyong-won Cho | Site hackerslab.com

HP/UX crontab local shell script exploit.

tags | exploit, shell, local
systems | hpux
MD5 | 72fe8c27cd7887d51ae52692cf76956c
Posted Oct 24, 2000
Authored by rain forest puppy | Site wiretrip.net

whisker v1.40 with native SSL support. Adds a -x option which uses the Net::SSLeay perl module and OpenSSL. Whisker is what I've dubbed a 'next generation' CGI scanner. I've implemented anti-IDS checks into the scan. Includes over 200 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support. Can be used as a CGI.

Changes: SSL patch by H.D. Moore at http://www.digitaloffense.net:8000.
tags | cgi, perl
systems | unix
MD5 | f7dc98073ab34f8f2717f8dcda302b80
Posted Oct 24, 2000
Authored by Mike Ricketts | Site earth.li

SendIP is a commandline tool to send arbitrary IP packets. It has a large number of command line options to specify the content of every header of a TCP, UDP, ICMP, or raw IP packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

Changes: This release adds RIP-1 and RIP-2 support and various bugfixes.
tags | tool, arbitrary, udp, tcp
systems | unix
MD5 | d1bc457472504934643cea1d52bb5e43
Posted Oct 24, 2000
Authored by Boris Wesslowski | Site kyb.uni-stuttgart.de

fwlogwatch analyzes the ipchains packet filter logfiles and generates text and HTML summaries. Features realtime anomaly response capability and has an interactive report generator.

tags | tool, firewall
systems | unix
MD5 | 4c85c1c42f5cb999a741e79aa0d19e86
Posted Oct 24, 2000
Authored by Da Void

How to keep access to a rooted system.

tags | paper, root
MD5 | dbee7ae5916c85719e06bfe87ede69a9
Posted Oct 24, 2000
Authored by Shane Hird

This program exploits a flaw in the share level password authentication of MS windows 95/98/ME in its CIFS protocol to find the password of a given share on one of these machines, as discussed in ms00-072. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, protocol
systems | windows, 9x
MD5 | 8691a8f21656b3b1b40c329d078d9252
Posted Oct 24, 2000
Site videotron.ca

How to read ASP source code on an IIS 5 server using the recently discovered IIS vulnerability.

tags | exploit, asp
MD5 | 4fcd9732749541f1e336ff99602d743b
Posted Oct 21, 2000
Authored by Zen-Parse

Lpr lpr-0.50-4 and below contains vulnerabilities which allow local users to access other accounts, and sometimes root.

tags | exploit, local, root, vulnerability
MD5 | 2352a031e9126567695f639dfe2904c8
Posted Oct 21, 2000
Site redhat.com

Red Hat Security Advisory - A problem has been found in GnuPG versions (up to and including 1.0.3). Due to this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is invalid.

systems | linux, redhat
MD5 | 777b2e39581de7908a86e308049993e7
Page 2 of 10

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By