TWWWscan is a Windows based www vulnerability scanner which looks for 300 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.
85c1488d269fdad50572536aac20c1d395ceaafdbeafcfc1028143b4b42da470
Joe's Own Editor File Link Vulnerability - If a joe session with an unsaved file terminates abnormally, joe creates a rescue copy of the file being edited called DEADJOE. The creation of this rescue copy is made without checking if the file is a link.
81d90d5f00752f52b9f0c8ad8e4f3c8f10e765b68b658e3a52086b00f61ecc5a
Red Hat Security Advisory - modutils, a package that helps the kernel automatically load kernel modules when they are needed, can be abused to execute code as root. Modutils versions between 2.3.0 and 2.3.20 are affected.
d79f35e014cc137a2c1518dabb49bb3452dd651410f58f0abcc7a452fbc9522e
Core-SDI Advisory CORE-20001116 - A memory contents disclosure vulnerability was found on RealNetworks RealServer which will give out information about the server configuration, runtime memory data and tokens and authentication credentials. This information allows an external attacker to possibly obtain administrative access to the server or to data belonging to other user sessions. Fix available here.
c2d5b9a6f8bb847c26085737a31823a5af9c5e39178425d25ff41f683ab6f4fe
Vixie crontab local root exploit - an insecure fopen() call in Paul Vixie's crontab code is exploitable on systems where /var/spool/cron is user readable, such as Red Hat 6.1.
ab44f3d242c7a1c5af9df46eb9bdc3905efc1ef485b1406235d10775c03e5ede
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
8ccab09968ee0a51b065e5cb1f03da7de08d775b865641788eeee6286c8357b7
ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.
f080f220f8b9d818b398ddcdd55ec7394ef796c8aa7f72b1f99b1b887cc11e0d
Microsoft Security Bulletin (MS00-088) - Microsoft has released a patch that eliminates a vulnerability in the Microsoft Exchange 2000 and Exchange 2000 Enterprise Servers that could potentially allow an unauthorized user remote access to the server. Microsoft FAQ on this issue available here
8af01f46de113232f8ecc40c655029f971ded5ab4d37912f65aa209390c0ad1e
Microsoft Security Bulletin (MS00-087) - Microsoft has released a patch that eliminates the "Terminal Server Login Buffer Overflow" security vulnerability in Windows NT 4.0 Terminal Server. An unchecked buffer at the login prompt on tcp port 3389 allows malicious users to execute hostile code on the server. Microsoft FAQ on this issue available here.
c499d8dfb5f3e4b8b6955fbe0c424c103c447fc98129afd5a443c1626b2a665e