what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 192 RSS Feed

Files Date: 2001-01-01 to 2001-01-31

ms01-002
Posted Jan 26, 2001

Microsoft Security Bulletin MS01-002 - A serious vulnerability in Microsoft Powerpoint allows remote code execution when a user is enticed into visiting a malicious website, viewing a specially crafted email message, or opening a malformed PowerPoint 2000 file. A parsing routine executed when PowerPoint 2000 opens files contains a buffer overflow vulnerability which allows attackers to crash or cause arbitrary code to run on the user's machine. Microsoft FAQ on this issue available here.

tags | remote, overflow, arbitrary, code execution
SHA-256 | 01c54da2fbcf20212d99f8f315627f0b72ecbe4d335a180d1785676c2723b7d8
tct-1.05.tar.gz
Posted Jan 26, 2001
Authored by Dan Farmer, Wietse Venema | Site porcupine.org

TCT is a collection of tools which are geared towards gathering and analyzing forensic data UNIX system after a break-in. TCT features the grave-robber tool which captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. TCT is tested on Linux, BSD, Solaris, and SunOS. For more information see the handouts from Dan Farmer and Wietse Venema's computer forensics analysis class.

Changes: Fixes for the grave robber, added more switches, SunOS support added, and lots more misc fixes!
tags | tool
systems | linux, unix, solaris, bsd
SHA-256 | e4438d2f382400b4536a7defbae70fd2a6c1e333051c013b1c5bebb0630a46cd
pwdump3.zip
Posted Jan 26, 2001
Site ebiz-tech.com

Pwdump3 combines the functionality of pwdump by Jeremy Allison and pwdump2 by Todd Sabin. It is capable of extracting the password hashes from a remote Windows NT 4.0 or 2000 box whether or not syskey has been installed. This is accomplished by injecting a process onto the remote system, extracting the hashes, then copying the hashes back to the local system. This is a useful tool for checking password strength.

tags | remote, local, cracker
systems | windows
SHA-256 | e131651d88bd0a5dde39f2b83e0a0f5ad713930148b2a5effc6cb2288f53b5af
tcpbroker-1.1.tar.gz
Posted Jan 26, 2001
Site members.tripod.com

Tcpbroker does TCP port forwarding with a twist - it connects two incoming sockets together. Tcpbroker allows you to telnet out from behind a firewall to another system also behind a firewall via a proxy host running the broker. All you need to do is remote command the far system to make the outgoing connection to the broker. Tcpbroker includes a secure authentication mechanism via Tiny SRP. A version without authentication is also included.

Changes: A fix for a broken Makefile.
tags | tool, remote, tcp
systems | unix
SHA-256 | bb01a2350398d36711df365103717a05d1a97a3d9f35d80b971b6c6da5308b3d
safer.010123.EXP.1.10
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - A remotely exploitable buffer overflow has been found in the Lotus Domino SMTP Server on all versions up to and including v5.05 which allows a remote attacker to execute code with the privileges that the SMTP server is running as. Perl exploit code included. Fix available here.

tags | remote, overflow, perl
SHA-256 | e31bff4434d6413796577845681d26eb776527907f1c66eaef50e9daf1f86b9c
xscreensaver-3.27.tar.gz
Posted Jan 25, 2001
Authored by Jamie Zawinski | Site jwz.org

XScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock.

Changes: This release adds the new hacks "zoom" and "whirlwindwarp", GL improvements, bug fixes, and more.
tags | root
systems | unix
SHA-256 | ba2078017e6d6f38d974728dc241de75ccd242b114dcfc6d1781f53c12f8cf50
nessus-1.0.7.tar.gz
Posted Jan 25, 2001
Authored by Renaud Deraison | Site nessus.org

Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 531 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.

Changes: Bug fixes and additional options have been added. Http virtual hosts can now be tested, detached scans can now be stopped from the client, and XML support has been improved.
tags | tool, remote, scanner
systems | linux, windows, unix, solaris, bsd
SHA-256 | 61c6d45e1c8b933d29c7dbae5715c8763d2fce69c63e640b7d8e23371672a85a
ramenfind.v0.2.gz
Posted Jan 25, 2001
Site sans.org

Ramen worm local detection tool. Still in beta.

tags | worm, denial of service, local
SHA-256 | 2007b10e2daa210941ac3eb39c5d0a26bb0cd5d8a08d8e284cf209ff5a7b36eb
debian.sash.txt
Posted Jan 25, 2001
Site debian.org

Debian Security Advisory DSA-015-1 - Versions of sash prior to 3.4-4 did not clone /etc/shadow properly which lead into readable files for anybody.

systems | linux, debian
SHA-256 | 4a91fe87514f32378d3d56bc970cc2f666c5b4964833bfb0ee1cb8b95a928053
spitvt.c
Posted Jan 25, 2001
Authored by Michel MaXX Kaempf

SplitVT v1.6.4 and below local format string exploit which overflows the -rcfile command line flag. Tested on Slackware 7.1, Debian 2.2.

tags | exploit, overflow, local
systems | linux, slackware, debian
SHA-256 | f299f70b6ffdcec9e13edbdd986f8b689e08c195f243c6b64ba16a42b7184eea
debian.mysql.txt
Posted Jan 25, 2001
Site debian.org

Debian Security Advisory DSA-013-1 - A buffer overflow has been discovered in the Mysql server v3.22.32 which allows remote attackers to gain mysqld privileges.

tags | remote, overflow
systems | linux, debian
SHA-256 | dc755d42d48bf8868b36524579148fe22f5615172608a9f7252f421744e41965
zorp-0.7.13.tar.gz
Posted Jan 25, 2001
Authored by Balazs Scheidler | Site balabit.hu

Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize out of band authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).

Changes: Bug fixes and experimental support for security-related IP options.
tags | tool, tcp, firewall, protocol
systems | unix
SHA-256 | ac56034dcc9fde448c326fa9ff3019d557014ea6c0163a7f9572b678f906e650
debian.micq.txt
Posted Jan 25, 2001
Site debian.org

Debian Security Advisory DSA-012-1 - A remotely exploitable buffer overflow has been found in micq v0.4.6.

tags | overflow
systems | linux, debian
SHA-256 | 43116528780cb2ff1a68c96a70f84329c920d104a7163cb089feae26186a63ac
fwipe-0.25.tar.gz
Posted Jan 25, 2001
Authored by Len Budney | Site pobox.com

fwipe overwrites your file a specified number of times (default: 5) and then deletes it. It is extremely secure; it will not be confused by filenames containing special characters, and is suitable for use against law enforcement.

Changes: This release was overwriting with zeros but not ones, now uses unbuffered writes reducing CPU consumption, and overall performs the same since I/O is the limiting resource.
systems | unix
SHA-256 | e02b0dbbc54c63f8e142b659e4823a24664ccfd8fea6c5d8bd283ccf4772fa96
bfbtester-2.0.tar.gz
Posted Jan 25, 2001
Authored by Mike Heffner | Site bfbtester.sourceforge.net

BFBTester is a utility for doing quick, proactive security checks of binary programs by performing checks of single and multiple argument command line overflows and environment variable overflows. It will also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting initial mistakes that can red flag dangerous software. Tested on FreeBSD and Solaris.

Changes: New major rewrite of bfbtester! New features include the ability to watch created tempfiles, a new syntax for specifying binaries, and support for Solaris and Linux platforms. Also many bugfixes have been included.
tags | tool, overflow
systems | unix, solaris, freebsd
SHA-256 | a9e0e36682febbe97483e245092ec15a5879aca8f0d04dd113f8fa2f5e11b7eb
knetfilter-2.0.3.tar.gz
Posted Jan 25, 2001

Knetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.

Changes: New iptables paths have been added. The interface to nmap is much better now, since it can manage nmap options.
tags | tool, kernel, firewall
systems | linux
SHA-256 | 4591326a8e3ad2ff9c16ecb0f450e7edc1e1dd6d0e854028ed8f7c22624a5e66
ipa-1.0.3.tar.gz
Posted Jan 25, 2001
Site simon.org.ua

IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.

Changes: This release includes a fix for a security bug in the exec(user)-line parameter, and other bug fixes.
systems | unix, bsd
SHA-256 | 27a58e92c828066524cbaeff620fffd7cc17bccd6749cae3fb980730999ba752
hypersrc-3.0.3.tar.gz
Posted Jan 25, 2001
Authored by Jim Brooks | Site jimbrooks.org

hypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here.

Changes: Hypersrc now displays a tree view of function call relationships in the source code.
systems | linux
SHA-256 | 04047cfe613f5003f883a85b25857edb33b11c44b5d61921d4945554a5fb281b
gShield-2.0.2.tgz
Posted Jan 25, 2001
Authored by R. Gregory | Site muse.linuxmafia.org

Shield is an aggressive, modular firewall script for iptables which features easy configuration through a BSD-style configuration file, optional NAT support, TCP-wrapper-like functionality for service access, port forwarding, routable protection, DMZ support, and more.

Changes: This release has misc. cleanup and removal of misc. redundant entries. Logging options for reserved drops and dhcp have been added/enhanced. Full highport access is now a toggle. Transparent-proxy options, fixes for passive ftp, and options for bind/domain forwarding have been added. Services now use getservent to determine port selection. misc cleanup.
tags | tool, tcp, firewall
systems | linux, bsd
SHA-256 | d1d66087d42bbe78e58dfc2706c55877360b205e67d34778767cb20095d963ad
mcgi.tar.gz
Posted Jan 25, 2001

Mass CGI scanner. From Guile Cool.

tags | cgi
systems | unix
SHA-256 | f857e4619461a9b4523063d16ea8ad2465e813b9d0f75e62114c8d59f866e8c3
safer.010124.EXP.1.11
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".

tags | remote, web
SHA-256 | 0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127
RHSA-2000:136-10.php_dos
Posted Jan 25, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2000:136-10 - PHP 3.0.17 can be caused to crash by clients uploading "multipart/form-data" information with form requests. Security holes in versions 4.0.0 through 4.0.4 of the PHP Apache module have been found.

tags | php
systems | linux, redhat
SHA-256 | 49bd516233cab75acb589e5fe6145f0b36672f93b47ed654481f0bb48d780d9b
RHSA-2001:004-04.icecast
Posted Jan 25, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2001:004-04 - A remote format string vulnerability in Icecast v1.3.8beta2 allows remote code execution. Icecast 1.3.7 is not vulnerable.

tags | remote, code execution
systems | linux, redhat
SHA-256 | 3f93642683d664439de5c1193de406878913711c80313f610e5f8ab639b1eb95
unitools.tgz
Posted Jan 25, 2001
Authored by Roelof Temmingh | Site sensepost.com

Unitools.tgz contains two perl scripts - unicodeloader.pl uploads files to a vulnerable IIS site, and unicodexecute3.pl includes searches for more executable directories and is more robust and stable.

tags | exploit, perl
SHA-256 | ef1371caea9d6be5421cdfd47295c380d367086653e0281f537a4f4b1db5503e
thong.pl
Posted Jan 25, 2001
Authored by Hypoclear | Site hypoclear.cjb.net

Thong.pl is a perl script which exploits several vulnerabilities found in Cisco products. Includes the Cisco Catalyst ssh Protocol Mismatch dos, Cisco 675 Web Administration dos, Cisco Catalyst 3500 XL command execution, and the Cisco IOS Software HTTP Request dos.

tags | exploit, web, perl, vulnerability, protocol
systems | cisco
SHA-256 | 594060a5dec2fcf16403a904d4ad89eb7a7015552c986112125f18ead0a5a9e8
Page 2 of 8
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close