This is Intel shellcode that does an execve of /bin/sh and works on OpenBSD, NetBSD, FreeBSD and Linux. More information can be found here.
f4c43ae66ec56a546fd302bf5e8a101723bcc899e973aec9b3341bacc7c05e60Wellenreiter is a GTK/Perl program that makes the discovery and auditing of 802.11b wireless networks much easier. It has an embedded statistics engine for the common parameters provided by wireless drivers, enabling you to view details about the consistency and signal strength of the network. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. Records the network location with GPS support. Wellenreiter works on handhelds that can run GTK/Perl and Linux/BSD (such as iPaqs). All the major wireless cards are supported. Random MAC switching when joining a wireless network hides your real MAC to the access point, a unique feature.
e0a7d974fecd991d9ef2ec06c996d5cee7d1b9fa571bbd7a2697a303a34853a5SuSE Linux Security Announcement SuSE-SA:2002:019 - ISC DHCPD v3.0 to 3.0.1rc8 is vulnerable to a remote root format string bug attack when reporting the result of a dns-update request. This affects SuSE distributions based upon 7.2, 7.3 and 8.0.
f689ab8829be49e2e200eda31af2d7bc7329c4feb1a4cc87cf59afb317e1112cCisco Security Advisory - Multiple Vulnerabilities in Cisco IP Telephones. Bugs found in the Cisco IP Telephones can result in denial of service conditions and allow unauthorized access to the configuration settings of the Cisco IP Phone models 7910, 7940, and 7960.
dd0911b414f95a26e4d9aee568de32cb04390ea61ff26de79b9c52d60d61fa83Mandrake Security Advisory MDKSA-2002:033 - A vulnerability found in all versions of Webmin prior to v0.970 allows remote users to login to Webmin as any user. The affected Mandrake versions are 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 and Single Network Firewall 7.2.
7b53ede13b33631621686fe27cf7981287d076bdaa27520dcebdca3a089ccfacBoegADT is a unix-based library which attempts to make it easy to write buffer overflow exploits. Uses the GNU debugger and perl. Tested on RedHat, Slackware, and Solaris.
73dd16b8129243a412998c7e54f1bc2f3f7d4c0044c82b44ac7c1247483b5af1Lcrzoex is a toolbox for network administrators and network hackers. Lcrzoex contains over 200 functionalities using network library lcrzo. For example, one can use it to sniff, spoof, create clients/servers, create decode and display packets, etc. The Ethernet, IP, UDP, TCP, ICMP, ARP and RARP protocols are supported. Lcrzoex and lcrzo were successfully installed under Linux, FreeBSD and Solaris. This archive contains Lcrzo and Lcrzoex. Windows binaries available here.
a384a45ce71daec1fdd7e64ad261d5f740002055695451abe6d04c6f9a2e334dNewAtlanta ServletExec ISAPI v4.1 contains three vulnerabilities. Remote users can read any file in the webroot, crash the server, and display the physical path of the web root. Patch available here.
fc28cc03d24fa98eb266f32deaf3daa32abc63bfc958831609ba5849b34c2d4a"Remote Access Session" is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. It can either work in normal mode (which is fast) or hard mode (which is more intensive). There is a big difference between "Remote Access Session" and other remote security audit tools as "Nessus" or "Internet Scanner" - If "Remote Access Session" finds a remote vulnerability that gives a user account or root, it will try to exploit it and it will return a shell. In my honest opinion, this is the only way to discard false positives of remote vulnerabilities, and the only way to demonstrate that the danger is real to upper management. "Remote Access Session" is not a hacker tool. It has been designed for system administrators and security engineers, and does not attempt any kind of stealth.
df48138333e674aea7b76f00ca67fccae74af9972ddd421c1c959ea2aaa34a50NEAT is a script language driven exploit/vulnerability management tool that does active penetration testing. This is a pre-release with documentation and code snippets. NEAT is similar to raccess but is more sophisticated.
3504b18ed44995a578ca6d94d649f0788ec9ab3b7e95519729b758e51dae3931Next Generation Advisory NGSEC-2002-3 - Sun Solaris in.talkd is vulnerable to a remote root format string bug. An attacker can request a talk session with a especially crafted user field able to write memory and gain control of the flow of the in.talkd.
7fa8d1d538e9e06e7e46c09cb39e2c8630bd909c9fbb9f637606a8b0e9b96d44Wellenreiter is a GTK/Perl program that makes the discovery and auditing of 802.11b wireless networks much easier. It has an embedded statistics engine for the common parameters provided by wireless drivers, enabling you to view details about the consistency and signal strength of the network. Its scanner window can be used to discover access-points, networks, and ad-hoc cards. Records the network location with GPS support. Wellenreiter works on handhelds that can run GTK/Perl and Linux/BSD (such as iPaqs). All the major wireless cards are supported. Random MAC switching when joining a wireless network hides your real MAC to the access point, a unique feature.
c516ea342b2470327fe3ac93c60d52d7e904708f1d0b9311e7cf6162147c1290SQL Injection Walkthrough - SQL injection attacks web applications by submitting raw SQL queries as input. Includes what to look for, how to test if a page is vulnerable, how to execute commands remotely, how to see the output of your SQL query, how to get data from the database using ODBC error messages, how to update/insert data into the database, and how to avoid SQL Injection.
ced0750fc6f0dfd8830e55f1c3c127b377e1c9c68ad6037544ff0d4fc23fcfb7Microsoft Security Advisory MS02-024 - A local vulnerability in the Windows debugging facility allows attackers to run code with OS privileges. Microsoft patch available here.
5547c6f3859b824b8a4213127f9b6b9203a6830d5795fbcd63fbbafbe6313e81This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
d174362c465c6f109a2cafdd0ae9f76735c54f127928d763ba238ad0ba2aef1cRarpd is a reverse arp protocol for small to medium sized networks. The solaris implementation (in.rarpd) contains 3 remotely exploitable buffer overflows, 2 locally exploitable, and 2 cases of format string exploitability.
6012d6c0831d4d98d3a886dd7b90613b1a149d31b15c57e57b27be57f8d13530A format string vulnerability exists in most talkd implementations. Talkd included with older linux netkits (like 0.9) and KDE 1-3 is vulnerable.
67132c71bf40f1f14f838751c0a29f131e04091274bdab696790d6a9c56fb48aAIX shellcode that does an execve() of /bin/sh.
b148fe51945518e8a42791b283e7d596af3c65b818e4827df4c53d3d8dd094db364 byte MIPS/Irix PIC port binding shellcode (source included)
c46107fcb5c7497a3d6dd32bc368da7cc825324bae592dbed4b55090d2e2f81368 byte MIPS/Irix PIC execve shellcode (source included)
6d61eb0821d6cdc026bbc6ae30e9581bf9cef4c2446a60a4aa61309df60b9559FreeBSD Security Advisory FreeBSD-SA-02:25 - When creating a file during decompression, the bzip2 utility failed to use the O_EXCL flag, potentially overwriting files without warning. In addition, the bzip2 utility did not securely create new files causing a race condition between creating the file and setting the correct permissions. This affects FreeBSD 4.4-RELEASE, 4.5-RELEASE and 4.5-STABLE.
61a03672b8c6201ef7f09f33f3e3ba8776ccb3407ba2940e81a260842fc3ce44FreeBSD Security Advisory FreeBSD-SA-02:24.k5su - The k5su utility fails to limit super-user access to the 'wheel' group. This affects FreeBSD 4.4-RELEASE, 4.5-RELEASE and FreeBSD-STABLE (prior to 2002-05-15).
cd2d905c9a1378b575c156931f665f64c3a4ddbdf627509dc912c87805cb8e7eThe 'search' CGI utility that comes with the Red Hat Apache-based Stronghold Secure Web Server reveals local path information.
428d7364046869ed56448283acf64a6cba01e1581c8675760fe1971235913922eSO Security Advisory 5063 - The gettransbitmap CGI, which is part of the AnswerBook2 Documentation Server, contains a remote exploitable buffer overflow. This vulnerability affects Sun AnswerBook2 version 1.4, 1.4.1, 1.4.2 and 1.4.3.
f192b1acbf3f1b88a8cd9bcd90d75cfc8be19e5bdf71d9fca9e2cdcf619082b2New nextel phone's auto answer feature is being used as a bug.
df8cef0a7972634f7942772a370a80b7759e927d142d8af47d53234858b96e4c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed