Microsoft Security Advisory MS03-002 - The Microsoft Content Management Server 2001 contains a cross site scripting flaw in an ASP page.
74a7aed76f12d26a055fd96848693567f0b873d08688f03ea7cc1d73ea07e8ab
55hb is a SSH account brute force auditing tool written in expect. Allows you to specify hosts, password lists, and a user.
0a0c26ff49e9be32c07baf34b748e84956150a706ffab89a9984575b51fbc922
Kernel Based Keystroke Loggers for Linux - This paper describes the basic concepts and techniques used for recording keystroke activity under linux. Includes proof of concept LKM which is stealthy, works with recent distributions, and is capable of logging local logins and ssh sessions to and from the host. Tested on Slackware v8.0 with kernel v2.4.5.
09fc0bff73308b65d6613b51aaf2ab2c2e5caf5e344479dd7bcbd5138e4efdec
GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0.
6c7a971a62cffc000b5fbfe560a6c6266cee3054efb33e5fa8c904d551d9a46d
FreeBSD Security Advisory FreeBSD-SA-02:08 - A race condition during exec allows local root compromise. A race condition exists in the FreeBSD exec system call implementation. It is possible for a user to attach a debugger to a process while it is exec'ing, but before the kernel has determined that the process is set-user-ID or set-group-ID. All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are vulnerable to this problem. The problem has been corrected by marking processes that have started.
e39b7337b2653475b68a0ab6e1689bf3692bf6483d1a3ef99c45b26407ae0464
There is a remotely exploitable buffer overflow in ICQ v2001A and below. Attackers that are able to exploit the vulnerability can execute arbitrary code with the privileges of the victim user. There are 122 million vulnerable clients. Full details are discussed in VU#570167. An exploit is known to exist. Voice Video & Games plugin installed with AOL Mirabilis ICQ Versions 2001B Beta v5.18 Build #3659 and prior is also vulnerable.
b76478c875f3e3639885e152c0e431077274669ba8875919014f2fd0c3eb15c4
This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.
ea2827088b20a431d2ee4be68183cd2ee8cf525ff70d198af4b747cffecabe5c
Windows 2000 Format String Vulnerabilities - Includes detailed discussion of how format string bugs in fprintf(), vprintf() and sprintf() calls they are created, discovered, and exploited.
cc470ec4478e27b35f145967b8b7096795122256fa90b4a6e74a53055431fa40
trNkit v1.0 -Release- (beta). Includes patched versions of du, locate, netstat, ps, pstree, top, w, and who.
fb11308261e9f479a6f9cbbb82668d53c8a257caa0245ec4fb24c3d7a47feca1
Arirang is a powerful webserver security scanner with many features. Checks over 700 vulnerabilities. This is the OpenBSD/NetBSD/FreeBSD version.
a41da9d3a7d03e2b9b5480072c1510ef16c9c55fc612653d20e1fdc5b8265a9b
APG (Automated Password Generator) is the tool set for random password generation. Includes built-in ANSI X9.17 RNG (Random Number Generator)(CAST/SHA1).
aad730fb3f171a82fe650f3f6a998bcdbdf74beec5b1d358d936be43a9be071a
The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries over port 135 and also tries to exploit MS SQL servers if it is presented. With its built-in SQL Server exploit you can execute remote commands as Local System. Source code is freely available on demand.
3863c6f29cd341d1958cccd0e9cfa0ecd21e76b0b7745b4f16997e6203c5b2f3
Deltaflown , it is a ICMP/TCP/UDP packet forger which is very easy to use. It is coded in C and it can be compiled on a linux machine or on another UNIX if you change the name of headers.
272f40e310301484bfbd2ebfbf84e05c16b9b67ec0f402fecc53c21b932812d4
55hb is a SSH account brute force auditing tool written in expect. Allows you to specify hosts, password lists, and a user.
fb723aa7785e3130278d7ec8ff23e3a0e2b718012bbe3d2bb35b612d4c64a2b8
Header Based Exploitation - Web Statistical Software Threats. When people visit your website, certain information is passed from the users web browser to your web server/script. This information contains data such as what browser they are using, the last site visited, the file they requested, and other information. This paper was written to help you understand how an attacker can use these information fields to exploit your web statistics software. Includes info on SSI Tag Insertion, HTML Insertion, and more.
28d2fa4685980f28f5b718d00024231d08243ee32e0bb94551324cd39274d5aa
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
cfdc95d46449ec34094b6f6d84b7777f5aa317ca625e1df739166a92bce9f556
Debian uucp v1.06.1 local uid=utmp or root exploit. Trojans uucp and uux, attempting to get a root shell. Based on an exploit by zen-parse. Tested on Debian PowerPC Unstable.
c9cbbdcce388932c2f4626a8b3f784ee30cadbd876fa9fedf737a7fee68ad530
NetBSD Security Advisory 2002-001 - A vulnerability found in the ptrace implementation on NetBSD 1.5.* , 1.4.* and CURRENT (prior to January 14, 2002) systems can result in race conditions where it is possible to use ptrace and SUID binaries to execute code with elevated privileges.
e2ceb90aa470a1126631cd2c2ce223394cc423f2b65930b3f1227dd7029eb3b2
ICMP Shell is a program written in C for the UNIX environment that allows an administrator to access their computer remotely via ICMP. More info available here.
f7bc22221aa7d982e7e69a1f1ba7bb267744d00b83ca1902191cba9950fb70ac
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD. Tested on Linux 2.0.x, 2.2.x and 2.4.x (any distribution), FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9 and 3.0, Solaris 2.5.1, 2.6 and 8.0.
245625e58aa65c130869fc32a8e8c06888ee940e89fad501cb0ae03bfd778566
Mailstation.pl exploits a DoS condition in the Intel eMail station.
f501f204ec204100cb68bc75ae260cad7caa05999ea63ac831eb65e0e1d8e4bf
Sniffit v0.3.7beta remote root buffer overflow exploit. Requires the admin to be running sniffit with the -L option.
59327ddb76c91e3de271d2d39d73f05e157642374a506dd212cb01e7026276c7
FreeBSD Security Advisory FreeBSD-SA-02:07 - The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, and the su command included in the heimdal port, versions prior to heimdal-0.4e_2, use the getlogin system call in order to determine whether the currently logged-in user is 'root'. In some circumstances, it is possible for a non-privileged process to have 'root' as the login name returned by getlogin. You don't actually want that to happen, trust us.
53875598a31417450b640a6ead62cd1ba3c1efd31d8d7e05c0c072b13bc5bca6
Attn.tar.gz is a Redhat 7.0 local root exploit which takes advantage of a bug in the at command which allows an attacker to free() user controlled memory. Tested on Redhat 7.0 with the glibc-2.2.4-18.7.0.3 and at-3.1.8-12 packages installed.
68cf6e7dc2b3afc0aa47e66d705351d8b032f2fac0afda3d0b705506d8468181
The Avirt telnet proxy v4.2 and below has a remotely exploitable buffer overflow. Tested on Win2k. Strumpf Noir Society
b95135944e65dc824cd0d38a5ed558adbd0ce830e4673f4169c91b2793ff41bd