Lotus Domino Webserver prior to 5.0.9a on Windows 2000 contains two remote denial of service vulnerabilities which use up all 400 threads.
74494345d0050afcc9a1b76fbcc1eae4b85b26f913bb9c3d397a1db280296da0Tac_plus, an example and unsupported TACACS+ server developed by Cisco, insecurely creates files.
532a9bd3767e46f9487ba52861cdc19f03fea4cfcaee4c0ab3e495d23800007bGhost Port Scan is an advanced port scanner and a firewall rule disclosure tool. Uses IP & ARP spoofing, sniffing, stealth scanning, arp poisoning, IP fragmentation, and other techniques to perform stealth and untrackable information collection. GPS is especially efficient in LAN pen-testing, due to its ability to disclose the firewall settings of a host.
c7eeeebfed1c96b5e22ed6bd2226f760000b02e06e756a703ac9d728185914b4Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
16eb5ad46c842a7752d6e116340f75b6c1c60d3a94f409757e295bf8a671a5bbSQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
4fadfe48fd899c3d72fade7da539f8b403dad3e2b794ac2b7646dc57fb549517Ish_detect is a small utility which detects the use of the remote ICMP shell daemon.
ee6a607ba18f2c24c981ddcc0bd045ef01ed9c7fea812f8621771878d4bba839Red Hat Security Advisory RHSA-2002:018-1 - New rsync packages are available; these fix a remotely exploitable problem in the I/O functions. These include the security patch from the recently released rsync-2.5.2. It is strongly recommended that all users of rsync upgrade to the fixed packages. More info on this bug available here.
faf91340a392a224daa749860c05ada58e071ff7b0a24f13f52efa322669fb87Lessons Learned from the 2600 DeCSS Case - Linking Rules for "Hacking" and Other Alternative Websites. This article will look at the courts linking arguments and suggest ways that web sites can avoid legal problems.
f2fb33c81e15f0c1db494db8d72bd7cd57b1e9c19ef8269af04bccfebd496d25WWWThreads aka UBBThreads v5.5dev11 and below has a security hole in the upload system which allows remote users to upload php code which runs on the server. Fix available here.
ca0b26ee8d002760055da92025a6c593fa195e329b83bc4b2741a4ec67e26d63java.security.AccessController can cause Sun derived JVM to crash. Tested on v1.3.1. Article available here.
d54b65e6f002a4b975ed045bad4a8fcda3b0d5fb0f199835727b51f75d88aaa0keepalive.c is a program which keeps your TCP connection alive. It sends null characters at an interval, keeping your connection from timing out. It is transparent to the user. Modified by Alan Bishoff for extra portability. Tested on HP/UX, probably works everywhere.
12300a6d5fdb87fe8cd07de220b37832b8aa7ff36556cdcbb831c36a68184ee9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed