Buggyzilla.pl exploits two vulnerabilities in bugzilla 2.14 or prior in order to execute commands on affected systems. This uses bad quotation of user input in bugzilla to gain access to administrator pages. The a weakness in the reports.cgi is then used to allow execution of commands. Advisory available here.
3e2376615b934217d9ee3fabfaf8b0934c68e5e806151b15baa23d51a10793baUnifuck 2.0 - An IIS Unicode/Decode exploit with full proxy support. Includes perl mods to run it.
084a834e61084b005aae60bc7033e96f7581366e6620431e7f0d6e3595f820fdThe Boozt! banner management software for Linux v0.9.8alpha has a remotely exploitable buffer overflow in a CGI executable. Fix available here.
b18893da35f68fb0231c9a63fbf5e0eeef0dff5397177aa07c4a990258121765FreeBSD Security Advisory FreeBSD-SA-02:01 - Pkg_add allows local attackers to modify the package contents and potentially elevate privileges or otherwise compromise the system.
731e85f42f619ca54425288be3cb87d0686a3e9b2f984c421c4359cbf121f100Syn sock scanner - A very fast scanner for socks proxies.
4b2fade99de54c56f4671c8d73eba434c11b5d29070ce91b04d6ec2a5684b41dNBTEnum 1.0 is a utility for Windows which can be used to enumerate one single host or an entire class C subnet. This utility can run in two modes: query and attack. The main difference between these modes is that when NBTEnum is running in attack mode it will seek for blank password and for passwords that are the same as the username but then in lowercase letters.
0f1c8cb865a3ae18a3eab808427e104925747d3c8e97efb9fed2d00242010a48Packet Storm new exploits for 2001.
74dfc295acf2312c8eacf598a21c3a04546d9682ff83df4ffec02c4606fa6864Pent.pl uses smbclient to brute force NT shares and passwords.
a565cdeb578a2e384b43da1804455bc0087e4451cbce92f8447b12dfc453bdc0Ntop is a very useful Unix / Windows network sniffing tool that shows the network usage, similar to what the popular top Unix command does for processes. Has an interactive mode and a web mode for greater functionality and options, shows network traffic sorted according to various criteria, displays traffic statistics, shows IP traffic distribution among the various protocols, analyses IP traffic and sorts it according to the source/destination, displays IP Traffic Subnet matrix (who's talking to who?), reports IP protocol usage sorted by protocol type. In Web mode, it acts as a Web server, creating an HTML dump of the network status. Can be used as a a lightweight network IDS.
8eaf1c5baa1736ee4e3e51b9ad8e7646873b516fb60233d92ba8a98c9c9a809aFreeBSD Security Advisory FreeBSD-SA-02:04 - The mutt ports, versions prior to mutt-1.2.25_1 and mutt-devel-1.3.24_2, contain a buffer overflow in the handling of email addresses in headers.
6464640afeffbb8d80576dd583eb27af4174a3e9efeeb58196d1a98b1625fbedScans for rh7 boxes running ssh-2.1.1 that can be exploited using the TESO sshd exploit.
337efffdc164fbd36652c6593639bccf08d6e9a4cece4b53782e75423ac0d2efHosting Controller v1.4.1, an all-in-one administrative hosting tool for Windows, contains multiple vulnerabilities. It allows remote users to read any file on the system and browse non-public directories. Exploit URL's included.
2c63387a7684382d591e3e044e8f1a8a19214823af3c83775b0ffd2fbe8abd58AOLserver v3.4.2 for Windows has a remote vulnerability which allows users to gain read access of known password protected files residing on an AOLserver host.
7fb93b6be8c7f43a99b7ec8616ce778988a9cbbe97e38d11620a6b969a3101dbThe Savant Web Server v3.0 for Windows 95, 98, ME, NT, and 2000 has a remotely exploitable buffer overflow. Fix available at http://savant.sourceforge.net.
225cd09a44933b83edcf3f7b0099bcd1bc96a920de2607ada83c729477a76cbcThis is a Windows(tm) backdoor for ICQ 2001b that was tested on Version 5.18, but I may also work on future versions. This backdoor uses ICQ to indirectly access the internet, so most firewalls can't detect it. It has many features, you can use all of the standard socket functions remotely via this backdoor, you can remotely execute code on the target machine, and two example programs are included. NOTE: To understand this backdoor, you need knowledge of sockets programming and, if you need this feature, you should be familiar with the assembly language. This backdoor isn't thought for script kiddies, but for true programmers to experiment with it. Please do not misuse it! Archive password is set to p4ssw0rd. Use at your own risk.
82cccb2f7f4fb663b8e0a9dbd319347f280c341600dae3fdfde443f629bffea2FreeBSD Security Advisory FreeBSD-SA-02:03 - The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9, contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be execute. mod_auth_pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information. The username given by the remote user is inserted into the SQL statement without any quoting or other safety checks.
5f769d230b41592e415fa574769fd87226cc6e898a2af4b5608b7a041bbdb895FreeBSD Security Advisory FreeBSD-SA-02:02 - When creating, removing, or modifying system users, the pw utility modifies the system password file '/etc/master.passwd'. This file contains the users' encrypted passwords and is normally only readable by root. During the modification, a temporary copy of the file is created. However, this temporary file is mistakenly created with permissions that allow it to be read by any user. A race condition is created.
1bca2b877dbf7bc0f01b60bb2153ba2303a661e6157a04f5d85a15c9e26d28d6NT PHP.exe remote exploit. Allows any file on the webserver to be read.
c70fec2805964960bbe0e6b210553f178550aa358ea04a158de1e717aa0fec37Illusion isn't like every logs cleaner on earth, it's also able to check in syslog.conf for other possible logs, clean the logs of a possible sniffer, search the whole box for logs not linked to syslogd (on/off), and uses a lkm to hide the "syslogd restart".
04da10fdda4a307e11c60ee027d92cf7f62ecbba6b50aa47d0e13ba8f676cd94A small scanner and shell-like interface for the IIS unicode vulnerability (exploits directory traversal to reach cmd.exe).
4860665cc48f26976b79b732fa136524cf9ebb9a045a491dc290fe975295b816The Cisco UBR 900 series routers allow remote users snmp read access with any community string.
9bd0f26ff7a2fc4740da643357c7a9d680e9716d015dce7ba90644ab12c220b7SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
e8d58562c90ddb3a272d51a44618f317594336f14b2e8a320e3adcccf3dab181IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
9fe874b940303fa7e678dd1ade2cdee3f5d842f99ed8d20bd065c2e97d86f3d1Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
80b59520a98620ba44421bb9e45a9efd8e1bbdf16a7ccdaf28b0f6caefbf806aDarkstat is an ntop-workalike network statistics gatherer. Built to be faster and smaller than ntop, it uses libpcap to capture network traffic and serves up Web page reports of statistics such as data transferred by host, port, and protocol. It also has a neat bandwidth usage graph.
32e62b45981d2e0e618ad7096e7355385f807499f1b999933ec4d70b33b05a42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed