Debian Security Advisory DSA-050-1 - The saft daemon 'sendfiled' dropped privileges incorrectly allowing local users to execute arbitrary code under root privileges.
d9bd5948da66d174226338dfd12fad63a17fc8ac455f311a4a83013e7f02c069Debian Security Advisory DSA 051-1 - The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77.
d245c1b069c66fda15f817b49e426623e5b1c185f8661043593be04be789060dThe MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup. The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups. If you have any questions check our website at http://www.msec.net or email support@msec.net.
608ab66a3bdace92d180a2bce3e621367db4fbed4a386c2c3d85293c863151afSecurax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit.
2d2c1f7da07480b818ba73c4939a20bb83cb1d28705c9d63c332c2c8acb5f5feSecurax / Hexyn Security Advisory #18 - Savant WWW Server is an HTTP server for Windows 9x/NT. A bug allows any user to change to any directory, and in most cases, execute MS-DOS commands.
6f737629eeb7c998b7477e842ffe7e837b20a277e54d231e927e0c33aa58dc9bSecurax / Hexyn Security Advisory #17 - Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to any directory.
51cbeefe5885ffa571c47f49a694aff56ebe3391b705e2d1ab287c0dd17fcb5aSecurax / Hexyn Security Advisory #16 - G6 FTP Server is an FTP server for Windows 9x/NT. A bug allows any user to change to c:\ and sub directories.
43d9198ebb5fa6616439c99764fe5b23245afb02e05b085d7cf0550c2d427b77CST contains a script scanner, that scans using a database of scripts (user editable). The sample databases included contains +700 possibly vulnerable scripts/dirs. You can scan with or without a proxy server. The scanner has 11 different Anti-IDS tactics (hex-values, double slashes, self-reference dirs, parameter hiding and session splicing), and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a wait time between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. A full and comprehensive manual is included.
856e57db08f283a0a2df8d4ec62c30581e58231f2d536f8fafceed1d15ed67a1Netstat.zip is a fake windows netstat which can hide certain network connections. Requires renaming the original netstat.
860b6249299c2c517df0fd8b78e310c871640ce3fb745d90fcb466415384b19bWinterrogate recurses directory structure obtaining the following information according to filemask: File Name, Complete Path, Directory, File Size, Creation Time, Last Access Time, Last Write Time, and MD5 Checksum. Extra information Gathered on *.DLL, *.VBX, *.DRV, *.EXE, *.OCX, *.BIN, *.SCR (IF THE DEVELOPER ADDED IT) includes CompanyName, FileDescription, FileVersion, InternalName, LegalCopyright, OriginalFilename, ProductName, ProductVersion, Comments, LegalTrademarks, PrivateBuild, and SpecialBuild. Screenshot available here.
88a10d8e82041cf98d630ca01c4056886b113a159f1afda13235a4553fd6cdd3Scanutil v1.1 Scans a list of IP addresses and ports for a string. Useful for checking lists of IP's for certain versions of daemons.
909a63cbba75c1813cc85a6fc61738a5900de3158aaaaac235bb384e8771103aSecurax / Hexyn Security Advisory #15 - G6 FTP Server is a popular FTP server for Windows 9x/NT. A bug allows any user to change to the directory G6 was installed in. Due to good programming, the only way to exploit this bug is by viewing the full installation path. Downloading the user-file (Users.ini) is impossible.
8f913b2f91d2258ffaa0aeccb96c5ccf8854a601e46af43354cba4bda021b2e3SMB-Scanner.zip is an executable and Perl Script for Win and Unix. Scans network blocks for file sharing status and guesses what the file sharing target might be Samba or NT or Windows depending on MAC ADDRESS.
5dacc19a71b4ac16d52c23e19d9de84e1e0f5116be3003c490929f35907c62baEZPass.zip is an executable and a Perl script that uses the net command to automate password attempts on an NT Server. Allows easy Username=Password and other easily guessed combination attempts using a list of accounts such as those from Grinder.
55760f5c05dd1af06f75ca07de2777f78f2eb784344d0267b8fa5d32c900d083Grinder.zip is an executable and perl script which uses the SID tools to enumerate usernames from an NT Server.
a1d083693d92738e60e67d14da41cd78e510101d290b18792f28617f1b128eaeUnicode_shell.pl is an exploit for the IIS unicode bug which allows you to enter commands as if in a cmd.exe shell and uses 20 different URL's to check for the vulnerability.
57da8160e9ecbc76af59dca02d8c09165aad0ed553e94c04920c4911d63f868bMuloscan.pl is a simple perl scanner that uses IO::Socket to check to see if some well known ports are open.
2fcef98ac1a2a7957ee581cb21e6d0d1f3817c30d4630bb3fdef33ed00322797Infiltrator is a unix trojan creation program.
f538703019e4a991af5d5a97ce7ca5743e75d0f6ba39ee62c4426093a2f86309Microsoft Security Advisory MS01-015 - A vulnerability in IE allows web server operators to discover the full path of items in the IE cache, allowing remote execution of binaries via a web site or email message. The recommended patch fixes 3 more security problems. Microsoft FAQ on this issue available here.
de01a0dff05dc9a62d7caaf101b9b28e5016868b5d92793e6f1265e99827edf3TalkBack.cgi directory traversal remote exploit.
396c1d51895015c18e8733df3f237702266c9de2fd99fca89addccdee7fc09e6SuSE Security Advisory SuSE-SA:2001:15 - Hfaxd v4.1 contains format string local root vulnerabilities.
3cf8862d583d947dadda3785192ae779b2089fde342767b61a93665c00da2287FreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
8aea5ad4592fa0042500e15dc47d91bc6db21f66c3891d0fd68df72d09b94fe3FreeBSD Security Advisory FreeBSD-SA-01:32.ipfilter - When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked. Even if all fragments are blocked with a rule, fragment cache entries can be created by packets that match currently held state information. Because of these discrepancies, certain packets may bypass filtering rules. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, contain this problem.
676d7b34644214514010b70aa759e96c9a540b745e87d5da8d0d7e0854b95fb7Magic String Pimp is a commandline tool that allows you to construct buffer overflow strings and use them in various ways. It is mainly meant as a tool for Proof Of Concept exploit coders which simplifies the tedious task of writing exploits just to prove simple overflows exploitable.
059e51747e5d9a55f3f3151d9989cd73cc51333089b8ec0ddfbb39b9b9ca1950Cfingerd prior to v1.4.2 remote root format string exploit. Includes information on finding offsets. Tested against Debian cfingerd v1.3.2, 1.4.0, 1.4.1, and RedHat 7.0 cfingerd 1.3.2.
27d6d03e401bbc5d64121d7bf098b55babef4798dff575768d01cd2abac1b648
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed