exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 217 RSS Feed

Files Date: 2000-11-01 to 2000-11-30

debian.cupsys.txt
Posted Nov 21, 2000
Site debian.org

Debian Security Advisory - CUPS allows remote users to abuse print services.

tags | remote
systems | linux, debian
SHA-256 | 4977a46d21f2a0e14563bee4ed0429b67dc83a2bc56fa7dc5b82bd15789138ff
pocketpc-portscan.zip
Posted Nov 20, 2000
Authored by Russ Spooner | Site interrorem.com

A fully functional TCP port scanner for the PocketPC. Screenshot available here.

tags | tcp
SHA-256 | 0ea25351b6ce5dfe7a013a9400eafdcdb7374203fd7c10271a66dbe442c27b29
floppyfw-1.9.2.img
Posted Nov 20, 2000
Authored by Thomas Lundquist | Site zelow.no

floppyfw is a router and simple packet filtering firewall on one single floppy. It uses Linux ipchains firewall capabilities and includes a simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines using both static IP and DHCP. It is simple to install, you only need to edit one file on the floppy.

Changes: This is the first working beta of floppyfw with the 2.4 kernel and iptables.
tags | tool, firewall
systems | linux
SHA-256 | da32687d5453c84b323aa879cfb47a4cc986ce84cda01c919cdc11acf11fbde1
oracle.security.txt
Posted Nov 19, 2000
Authored by Daemon Root

Lots of good information on Oracle Database security. From the packet storm forums.

tags | paper
SHA-256 | 9c21cda33e2fe82137f1e4b5cf476e37e568b8ae5be7497d8dae89cdc093a286
shellinabox.tar.gz
Posted Nov 19, 2000
Site shellinabox.com

Shell In A Box provides shell access to a server from within any Java-enabled Web browser. Requests are tunneled over HTTP using the same proxy settings that the browser uses. On the server, it installs as a CGI program, and there is no client-side installation necessary. It sports full VT102 emulation with Unicode support, international font files, ANSI colors, a scrollback buffer, mouse position reporting, clipboard support, and user-configurable emulation modes. All user preferences are stored as cookies in the client's browser.

tags | java, web, shell, cgi
SHA-256 | bab597954c3f02125d4b13bcb88954599602b33329b4ce52df6299fcffb5f9ea
sping-1.1.tar.gz
Posted Nov 19, 2000
Authored by Tim J Robbins | Site box3n.gumbynet.org

sping sends ICMP ECHO requests to network hosts to determine whether they are 'alive'. It is a small and hopefully secure implementation of the common ping utility that offers far less control over the packet options that may be specified (packet size, delay between packets, etc.) - this is a feature, for both security and bandwidth reasons. sping has been tested on Linux 2.4.0-test8 but should work on other operating systems.

Changes: Drops privileges, checks packet source, and adds improved docs.
tags | tool
systems | linux, unix
SHA-256 | 5d18db6fc500692b383fc05fbd67e5b833897c35d8f847c4b2f4fe0487aa229b
tetrinet-1.13.dos.txt
Posted Nov 19, 2000
Site m4dskill.org

Tetrinet v1.13 has a denial of service vulnerability which is caused by telnetting to the tetrinet port and pressing enter once, freezing the game.

tags | exploit, denial of service
SHA-256 | ed11e968ca11f1ec388ea80f84379db00319fe1bf75648088cf4b43c2f6bc74f
iis4_nt4sec.txt
Posted Nov 19, 2000
Site shebeen.com

IIS and NTS 4.0 Hardening Guide v1.1 - Detailed instructions on tightening down the security on an IIS 4.0 web server. Includes install and setup details, server configuration, hardening, registry edits, securing permissions, firewall ACL's, and SSHD. This hardening procedure should NOT be used on general-purpose NT servers on an internal LAN as it removes several of the services that NT uses for default functionality.

tags | paper, web, registry
SHA-256 | 6a460f07556c6f4e9eb5683f3c5badc17be689e406aa0c961ddd5f0fc7a47cc9
srm-1.2.2.tar.gz
Posted Nov 19, 2000
Authored by Matthew Gauthier | Site srm.sourceforge.net

secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: Minor bug fixes, -f now really does ignore nonexistent files now.
systems | unix
SHA-256 | 08c177f1c5eba6e4857fb8a5a55d96687448658c9bafbac14c6c38b672e4428d
sbo_ethereal.c
Posted Nov 19, 2000
Authored by JW Oh | Site hacksware.com

Ethereal v0.8.13 advisory and remote exploit for Linux x86. A stack overflow in the AFS packet parsing routine allows a spoofed packet to start a root shell bound to TCP port 36864.

tags | exploit, remote, overflow, shell, x86, root, spoof, tcp
systems | linux
SHA-256 | 5849011e1fbedaeca9f6469317a94d0d5df77b160e51dc2cfaf731ba6fdbc8e5
debian.cron.txt
Posted Nov 19, 2000
Site debian.org

Debian Security Advisory - The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race conditions in their deletion, allowed attacks from a denial of service (preventing the editing of crontabs) to an escalation of privilege (when another user edited their crontab). As a temporary fix, "chmod go-rx /var/spool/cron/crontabs" prevents the only available exploit; however, it does not address the problem - upgrade is needed.

tags | denial of service, local
systems | linux, debian
SHA-256 | 45066b5be833b8794dd17760df1ec1d6a414c23ede771168906f53a3c837a917
twwwscan06.zip
Posted Nov 17, 2000
Authored by TSS | Site search.iland.co.kr

TWWWscan is a Windows based www vulnerability scanner which looks for 300 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.

Changes: Redhat 7 webserver detection patch, Internet Information Server Sample Directory and file Search Scan-iissample, Netscape Enterprise Server Vulnerability Scan-nesscan, and Detail Windows NT/2k Patch Information.
tags | web, cgi, vulnerability
systems | windows, unix
SHA-256 | 85c1488d269fdad50572536aac20c1d395ceaafdbeafcfc1028143b4b42da470
wkit.joe.txt
Posted Nov 17, 2000
Authored by Patrik Birgersson | Site wkit.com

Joe's Own Editor File Link Vulnerability - If a joe session with an unsaved file terminates abnormally, joe creates a rescue copy of the file being edited called DEADJOE. The creation of this rescue copy is made without checking if the file is a link.

tags | exploit
SHA-256 | 81d90d5f00752f52b9f0c8ad8e4f3c8f10e765b68b658e3a52086b00f61ecc5a
rhsa.2000-108-02.modprobe
Posted Nov 17, 2000
Site redhat.com

Red Hat Security Advisory - modutils, a package that helps the kernel automatically load kernel modules when they are needed, can be abused to execute code as root. Modutils versions between 2.3.0 and 2.3.20 are affected.

tags | kernel, root
systems | linux, redhat
SHA-256 | d79f35e014cc137a2c1518dabb49bb3452dd651410f58f0abcc7a452fbc9522e
core-sdi.realserver
Posted Nov 17, 2000
Authored by Ivan Arce | Site core-sdi.com

Core-SDI Advisory CORE-20001116 - A memory contents disclosure vulnerability was found on RealNetworks RealServer which will give out information about the server configuration, runtime memory data and tokens and authentication credentials. This information allows an external attacker to possibly obtain administrative access to the server or to data belonging to other user sessions. Fix available here.

SHA-256 | c2d5b9a6f8bb847c26085737a31823a5af9c5e39178425d25ff41f683ab6f4fe
vixie-cron.sh
Posted Nov 17, 2000
Authored by Michal Zalewski | Site lcamtuf.na.export.pl

Vixie crontab local root exploit - an insecure fopen() call in Paul Vixie's crontab code is exploitable on systems where /var/spool/cron is user readable, such as Red Hat 6.1.

tags | exploit, local, root
systems | linux, redhat
SHA-256 | ab44f3d242c7a1c5af9df46eb9bdc3905efc1ef485b1406235d10775c03e5ede
lids-0.9.10-2.2.17.tar.gz
Posted Nov 17, 2000
Authored by Xie Hua Gang | Site lids.org

The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.

Changes: Fixed umount filesystem bug, fixed NFSd and FTPd capability usages, and sys_sysctl() bugfixed.
tags | kernel, root
systems | linux
SHA-256 | 8ccab09968ee0a51b065e5cb1f03da7de08d775b865641788eeee6286c8357b7
its4-1.1.1.tgz
Posted Nov 17, 2000
Site cigital.com

ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.

tags | vulnerability
systems | unix
SHA-256 | f080f220f8b9d818b398ddcdd55ec7394ef796c8aa7f72b1f99b1b887cc11e0d
ms00-088
Posted Nov 17, 2000

Microsoft Security Bulletin (MS00-088) - Microsoft has released a patch that eliminates a vulnerability in the Microsoft Exchange 2000 and Exchange 2000 Enterprise Servers that could potentially allow an unauthorized user remote access to the server. Microsoft FAQ on this issue available here

tags | remote
SHA-256 | 8af01f46de113232f8ecc40c655029f971ded5ab4d37912f65aa209390c0ad1e
ms00-087
Posted Nov 17, 2000

Microsoft Security Bulletin (MS00-087) - Microsoft has released a patch that eliminates the "Terminal Server Login Buffer Overflow" security vulnerability in Windows NT 4.0 Terminal Server. An unchecked buffer at the login prompt on tcp port 3389 allows malicious users to execute hostile code on the server. Microsoft FAQ on this issue available here.

tags | overflow, tcp
systems | windows
SHA-256 | c499d8dfb5f3e4b8b6955fbe0c424c103c447fc98129afd5a443c1626b2a665e
1080r.c
Posted Nov 16, 2000
Authored by Doable | Site members.tripod.com

Socks5 v1.0r10 remote buffer overflow exploit. Tested against Turbolinux 4.0.5 and Redhat 6.0.

tags | exploit, remote, overflow
systems | linux, redhat
SHA-256 | 1a9303c0f97246dd3156fb56a5fa42a61bf599c1860acd6a5af0eb6f7dfe2135
defcom.catalyst.txt
Posted Nov 16, 2000
Authored by Defcom Labs | Site defcom.com

Defcom Labs Advisory def-2000-02 - The Cisco Catalyst 2900XL and 3500XL series switches web configuration interface lets any user execute any command on the system without supplying any authentication credentials if no enable password is set.

tags | web
systems | cisco
SHA-256 | fb3eb565b332a1d4716df6739f52f1c56170f54af3e8c1051420af084f828026
aim.caching.txt
Posted Nov 16, 2000
Authored by F3d

AOL Instant Messenger contains a caching vulnerability where once you have logged onto AIM with a screenname, you can permanently login with that screenname.

tags | exploit
SHA-256 | 082713c2e36c75c665e6bb56ba99874d4c5196b712c54fcc9aafe49eff7eae7f
bsdi_elm.c
Posted Nov 16, 2000
Authored by vade79, realhalo | Site realhalo.org

BSDI Elm 2.4 local buffer overflow exploit. Tested on BSDI/3.0, gives a group mail shell.

tags | exploit, overflow, shell, local
SHA-256 | 6a330ce2fc59bf584d239c77e5b345d9e7bb1abdf51acce4a1c2b43634c09ae2
crypto-gram-0011.txt
Posted Nov 16, 2000
Authored by Bruce Schneier, crypto-gram | Site counterpane.com

Crypto-gram for November 15, 2000. In this issue: Why Digital Signatures Are Not Signatures, SDMI Hacking Challenge, Microsoft Hack (the Company, not a Product), and more.

tags | cryptography, magazine
SHA-256 | dc772bbdbf2bb21adfae614b25f3926130299781ac432ce3c9207ebb4138a35b
Page 3 of 9
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close