Patch advisory for Sun Microsystems. Please read for details.
11ceb5f50c546a836bc20af25d7ea1614c3cd5895bf45f647ce467bc6a41c19aThe script command overwrites hardlinks named typescript in the current directory.
d79023227c22e8ad95ff6441f4cb693f4c84fd87bea085fa786b664d343ebb48FreeBSD Security Advisory FreeBSD-SA-01:68 - The XSane port has insecure temp file vulnerabilities allowing local users to overwrite files by exploiting a race condition.
13a8acd9ec717a5886e42bcf5e561d7bb8a8fd1f23abc51ef6013571ccd76bc0FreeBSD Security Advisory FreeBSD-SA-01:67 - Htsearch, part of the htdig port, contains remote denial of service vulnerabilities. It also can allow files on the webserver to be written, but only if the attacker can anon-ftp in files. Version 3.1.5 and below are affected.
c0535815b894fe6e442f2f4287ca788e2a7c57797fa9aac8ba3b5ac9b0612dddATPhttpd v0.4a remote denial of service buffer overflow Tested against OpenBSD 2.9.
b926c41fa5256e3f69e7d8bdcd486888ac5ea32cb2be030fd7dddd830c91635dATPhttpd v0.4b remote buffer overflow exploit. Tested on and against OpenBSD 2.8. Binds a shell to port 6969 which has the UID of the webserver.
757c275efbea1d7b73f2905d9f4495bea18769bc447e4b0528d63eaf7503bca7SkLog is a very small and effective keylogger for Win32 that can log all keystrokes, is case-sensitive and supports all standard keys. It has been written in vb, uses the GetAsyncKeyState API call and doesn't need any other dll or ocx file(only the standard vb6 dlls). It restarts when you start windows (modifies the registry) and can be started/stopped anytime by using key combinations.
cc8a58ba52d5b3635928bb35048bd2d972175e56675041380e19ad755e4baecfAesop is a TCP-proxy which supports many advanced and powerful features. It's designed to be secure, fast and reliable. Aesop makes use of strong cryptography (RC4) for all its data-transmission up to the end-link. Another powerful feature of Aesop is that Aesop proxies can be transparently stacked into a secure chain. Aesop is implemented using multiplexing and is therefor fast and lightweight.
53a5affcbee053a8aa4f119e67611f7bf7ddf3bb8ba371fe5f78fd96a6328850A security flaw in the itransact.com credit card payment system allows users to change the price of merchandise ordered.
d2ef91a633470fc9cfb5fcddc6efc11dc6bb686462ccd29b78c18ee6d0ea5e3cMicrosoft Security Advisory MS01-058 - Microsoft Internet Explorer 5.5 and 6.0 contains three remote vulnerabilities which allow attackers to run code of their choice. The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. The second vulnerability is a newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-015. The third vulnerability involves a flaw related to the display of file names in the File Download dialogue box, allowing an attacker to misrepresent the name of the file in the dialogue. Microsoft FAQ on this issue available here.
4b71b24d722f93c35b45b8e98778087925732f97a78f021e2ab8ec10a761b4f8Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
2c6e05444ffd6d6411ce9979c7c9e7318a26fd87efebed79112c95d925fead88The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
cad6887bb95fb4ea027b9a2edec0604e3064919b11b5f0e33cfced017d48c7f3Ssh.com's Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels.
e7a9a14b8bbe21326737843a4255af7034b38db21b64bdec983c00760d709d1fIP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
d454f2bcd8ad72930c98f36fc3355aaae2c1b0461c002f9b9bfa42acf71cc1edNetscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
14b6ef214c3e8d6da1516db0ef399a645466b853e422b3ae13aaffafb7d93911Nutsaq.pl scans for the WU-Ftpd v2.6.1 glob vulnerability via anonymous login.
f3376c43283146377d00f27274f3d741a501c5a8e7671bdec945ce565f7d3236Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
32214792e9f397a9ffdd202f074776ac779226231fc1882796c897280e4f70abISNprober is a tool that samples TCP Initial Sequence Numbers (or IP ID's) and can use that information to determine if a set of IP addresses belong to the same TCP/IP stack (machine) or not.
8d31129ad28b47eeac556a5e0bf64aca2c47c0c71b2c91e10ce374b15eabaf20Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
174a8876207df24c87e4b6aa1a62e1f62902942f2429db2acac2a17f4213b5b4FreeBSD Security Advisory FreeBSD-SA-01:65 - Libgtop, a library for the Gnome top command, has a stack overflow affecting versions prior to libgtop-1.0.12_1. Libgtop runs as group kmem, allowing local users to read from kernel memory can monitor privileged data such as network traffic, disk buffers and terminal activity.
04f866fbe894a8ee150bd60466ea765785d534719c8addaed7c08038ebdc7559TDS-2 Trojan Information Database. For Windows. Archive password is set to p4ssw0rd. Use at your own risk.
e83d9070ba58f03bc98bf6b26ebfbf210eb45444a5ffc934f27260e1bd0e5396Mirc bnc script with logging options.
8e7b2072d5afa4e0405140dac95c0f9ac020439f4896c38339eda7bb0cd10860SpeedXess DSL routers come with a default password of speedxess.
da62a2697de53a086c998d6c3b8938a5da5307e7e8114b9715c39b9d38d81e87Vulcan is a simple tool to identify vulnerabilities in several network services. This is done by comparing initial information from a server (its banners) against a database of vulnerable versions. Databases are included for ssh, http, and ftp versions. Includes NT/2000 executable and unix .c source.
c2b0ed85772617a1f084b00e128df4dbe08e3ccd40116cfc16e4eaa73e16bb32Wu-Ftpd v2.6.1 and below remote root exploit which takes advantage of the SITE EXEC globbing vulnerability. Includes instructions on finding the offset with gdb.
f36854f1f5c3e1528c3b6966411d9d8995bb5081ba3c3e750ff7c8507aa3372c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed