what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 161 RSS Feed

Files Date: 2002-05-01 to 2002-05-31

CLA-2002:480.txt
Posted May 15, 2002
Authored by Caldera | Site caldera.com

Conectiva Security Advisory CLA-2002:480 - A buffer overflow found in tcpdump v3.62 in AFS RPC decoding can be used to remotely execute code. Libpcap v0.6 has been audited and lots of boundary checks have been added.

tags | overflow
SHA-256 | f7720c917a93f0f68b6677ff643c70b0952d1395aec39f34d0cd50634c02b1f6
fenris-0.2.tgz
Posted May 15, 2002
Authored by Michal Zalewski | Site razor.bindview.com

Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.

Changes: Many fixes, new fingerprints, op5ionw and several optimizations.
tags | protocol
SHA-256 | 918de9718405630e09b3b3c2dfc3fea4d577479adfc90c8f21b79790fc3cf58d
rats-1.5.tar.gz
Posted May 15, 2002
Authored by RATS Team | Site securesw.com

RATS, the Rough Auditing Tool for Security, is a security auditing utility for C, C++, Python, Perl and PHP code. RATS scans source code, finding potentially dangerous function calls. The goal of the RATS project is to provide a starting point for performing manual security audits.

Changes: RATS version 1.5 is a bug fix release.
tags | perl, php, python
systems | unix
SHA-256 | 611b461698cf0e37a5e5534054b4bda316d0d638cb10916f25b7ea50acddf6d0
LNX-FBSD-bin-sh.c
Posted May 15, 2002
Authored by Zillion | Site safemode.org

Linux and FreeBSD Multi-OS shellcode - Spawns a shell. Info on Multi-OS shellcode here.

tags | shell, shellcode
systems | linux, freebsd
SHA-256 | f908d0ac122c0c91f770cc286f83c1f2923e465ea98e1a505778e013d8bd9559
injoin.txt
Posted May 15, 2002
Authored by Cyberiad | Site nmrc.org

NMRC Advisory #21 - The inJoin Directory Server v4.0 for Solaris 2.8 has a vulnerability in the iCon admin interface listening on tcp port 1500 which allows an attacker with the correct username and password to read any file accessible to the ids user. Exploit URLs included. Fix available here.

tags | exploit, tcp
systems | solaris
SHA-256 | 6eede2a2c8e66f0b5f7073fa9ba6f676e7b5fbe09f3603da7f67b73d7fa26a17
iwdrive-1.2.tar.gz
Posted May 15, 2002
Authored by Raymond Medeiros

The iwdrive project for linux is a small console based wireless network location program.

tags | tool, wireless
systems | linux
SHA-256 | da9c5b93596d5db802a9b226b39981af093c8f696fbd77018686fecabe2ffd18
drdos_v2.0.tar.gz
Posted May 15, 2002
Authored by GML

Drdos v2.0 is a tool for distributed reflection denial of service attacks.

tags | denial of service
SHA-256 | 456d80aab4b5ffa8109f6d73877742da6799b8a3e6ae666b0dd14e32b80c4cd7
logagnt20beta.txt
Posted May 15, 2002
Authored by Floydman | Site securit.iquebec.com

Logagent is a Windows tool in Perl which monitors several ascii logfiles and redirect any change made to a central location. Supports remote logging.

tags | remote, perl
systems | windows
SHA-256 | a644d6b393a1f7bf9c90966cb62683ca5a4f11ddb0426bf0e5ec94a801fc811d
neolock.tgz
Posted May 14, 2002
Authored by Mixter | Site 1337.tsx.org

Neolock is a tool that is a combination of console security locking tool (vlock) matrix console screensaver (cmatrix). Provides more discreet and nicer console locking.

SHA-256 | 01937d9fa051df13c9c2ce9e53868292bbdcdbd54089efe33b5a92a62ebed84f
ileech.tgz
Posted May 14, 2002
Authored by Mixter | Site 1337.tsx.org

Illeech is a collection of search engine harvesting scripts (google/altavista).

SHA-256 | de59bef71023f82b82ba35921b16bbc0df99d1434b1f29cd532ce50cdceb5b58
nsat-1.43.tgz
Posted May 14, 2002
Authored by Mixter | Site 1337.tsx.org

NSAT (Network Security Analysis Tool) is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine and much more. Unlike many other auditing tools, it can collect information about services independently of vulnerabilities, which makes it "timeless", meaning it doesn't depend on frequent updates as new vulnerabilities are found.

Changes: New IDS evasion for HTTP (some whisker types), a webscan-only config file, and some code cleanups.
tags | tool, remote, scanner, vulnerability
systems | unix
SHA-256 | febfa779afcc82c93b4ce5767233a0cc0d134c5e59d4ac58c471b56ad3a506ea
xscreensaver-4.03.tar.gz
Posted May 14, 2002
Authored by Jamie Zawinski | Site jwz.org

XScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock and has more than 140 modes.

Changes: New display modes hack and spheremonics were added, and several others were repaired. Pulsar and extrusion can now load texture JPEGs. Rubik now does non-square cubes. Fluidballs now does various sized balls. Menger and sierpinski3d now also show polygon counts in -fps mode. Molecule displays real subscripts in the formulae.
tags | root
systems | unix
SHA-256 | cb8839a35c2fd68d851903abb4dc2b82d90b12ce7fbc848f9dc4fb458ee1eccc
mimedefang-2.11.tar.gz
Posted May 14, 2002
Authored by Dianne Skoll | Site roaringpenguin.com

MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.

Changes: Fixed a typo in the configure script. The SpamAssassin calls were redesigned to use a persistent SpamAssassin object, which should greatly improve performance.
systems | windows, unix
SHA-256 | 96ee6a9c8772c787207682f265d937fddea502ba9535982270556edd0e59f10e
btk-0.4.4.tar.gz
Posted May 14, 2002
Authored by Gorny | Site gorny.cjb.net

Btk is a little Python extension module allowing one to create and play with raw sockets and TCP/UDP/ICMP packets from within Python. It also has a nice and easy libpcap interface and good documentation.

tags | udp, tcp, python
systems | unix
SHA-256 | af775caf35837b48d88412bc4f21fd450fd3cdbb2c63da952d0d7a5687189856
FreeBSD-SN-02:02
Posted May 14, 2002
Site freebsd.org

FreeBSD Security Notice for Ports - The following software included with FreeBSD contains security vulnerabilities if it is older than: analog-5.22, radius (several), dnews-5.5h2, ethereal-0.9.3, icecast-1.3.12, dhcp-3.0.1.r8_1, mozilla-1.0.rc1_3,1, mod_python-2.7.8, ntop, p5-SOAP-Lite-0.55, puf-0.93.1, sudo-1.6.6, webalizer-2.1.10, and xpilot-4.5.2.

tags | vulnerability
systems | freebsd
SHA-256 | 90f2ab3fad70ac13ec1a4c3674a6e77efe45260fade23620256769a5c2bda1be
DHCP_Gobbler.tar.gz
Posted May 14, 2002
Authored by STE Jones

The DHCP gobbler is a proof of concept tool for an attack mentioned in RFC 3118 which grabs all available DHCP addresses. New machines trying to join the network won't be allocated IP addresses as they have all been allocated to no existent machines.

tags | denial of service, proof of concept
SHA-256 | 6156f06b8cad144a22b2a4d99327ea07ba5b2b22ed181c5a46bf0f1782c27783
steghide-0.4.6.tar.gz
Posted May 14, 2002
Site steghide.sourceforge.net

Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.

Changes: Support for the JPEG file format has been added. The programming language has been switched from C to C++. Some bugfixes were made.
tags | encryption, steganography
SHA-256 | e0025156c963295278900f0e5d15a9c3e5de1e6b91f07ce74f1382133e2bc172
psykill2.3.c
Posted May 14, 2002
Authored by Guile Cool

Psybnc v2.3 denial of service exploit. Sends a 20000 character password.

tags | denial of service
SHA-256 | b68a05e384ec52f9ec173ea2e8f4f7a4510a639aefa527c2297b94830460519a
OIR.pdf
Posted May 14, 2002
Authored by Tim Lawless | Site sourceforge.net

This paper puts forth the concept of intrusion resiliency as an emergent behavior that occurs within coupled intrusion detection and intrusion response mechanisms when the mechanisms, as a whole, exhibit a key set of identified attributes. An Illustrative example of how these attributes interact with each other to produce this behavior is given in the form of the Saint Jude Linux Kernel Module.

tags | paper, kernel
systems | linux
SHA-256 | 10cdd85dfc4ab9986f41339000087747a99bb2b8f9df26f4f9dd7d02256374a8
StJude_SKM-0.10.tar.gz
Posted May 14, 2002
Authored by Tim Lawless | Site sourceforge.net

The Saint Jude Solaris Kernel module is a port of the StJude_LKM kernel module into the Solaris 8 kernel for both 32 and 64 bit architectures. This Module implements the Saint Jude Model for the detection of improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits. This is the First public release of the StJude Solaris Kernel Module (SKM). The Version number, though, parallels the capability and maturity of its sister program StJude_LKM. Tested on single and dual Sparc and ultrasparc I/II on Solaris 8.

tags | remote, kernel, local, root
systems | unix, solaris
SHA-256 | cd6b25d7d4a1edb3285c886a6099b8ea8394efc2f6767f20103414573115a6ba
wolfmail.cgi.txt
Posted May 13, 2002
Authored by Dead Beat | Site advknowledge.net

WolfMail.cgi, a script that works similarly to formmail.cgi, allows users to send mail via a web interface. The configuration for WolfMail.cgi is not internally hardcoded but is passed via parameters in html input statements allowing any user to send fake mail.

tags | exploit, web, cgi
SHA-256 | 3778400e8f79eb597d173c53cc2b7232adf9d3124bea0458e83e4ede52030d94
eEye-MSN-CHAT-OCX.txt
Posted May 13, 2002
Authored by eEye Digital Security, Drew Copley | Site eEye.com

A buffer overflow vulnerability has been found by eEye in the parameter handling of the MSN Messenger OCX and can allow remote code execution on affected systems.

tags | remote, overflow, code execution
SHA-256 | 76df0e68a796ea743a0cc568c84f1055d8df681f7945e0a436d49f5ed4e21b47
wu-imap-overflow.txt
Posted May 13, 2002
Authored by Marcell Fodor | Site mantra.freeweb.hu

A buffer overflow vulnerability has been found in the WU-IMAP daemon and can be used to remotely execute code via malformed requests. An account is necessary to exploit this overflow.

tags | overflow, imap
SHA-256 | 4eab3d4451f2286911c7ccb083a73a3343426075027dd2069efebe1bf2bfc3c9
RHSA-2002:081-06
Posted May 13, 2002
Site redhat.com

Red Hat Security Advisory RHSA-2002:081-06 - A bug in utf8 interaction between perl-Digest-MD5 and Perl results in utf8 strings having improper MD5 digests.

tags | perl
systems | linux, redhat
SHA-256 | d11615b5bcc788dfe5676e519a1fe805e3192b4891226b1c53792d0ab3fa59f9
CA-2002-13.MSN.Chat.control.txt
Posted May 13, 2002
Site cert.org

CERT Advisory CA-2002-13 - A buffer overflow in the MSN Chat control allows remote attackers to run arbitrary code if a user runs MSN Messenger or Exchange Instant Messenger. It is also possible to exploit this vulnerability via a web site or HTML email. Additional information can be found in the Microsoft bulletin MS02-22.

tags | remote, web, overflow, arbitrary
SHA-256 | 52e9e17ec39b12833fa4ec39db4d6650de8ad82e653d3e709a6272a235b94787
Page 4 of 7
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close