Microsoft Security Advisory MS02-072 - The Windows Shell has a serious buffer overflow in the routine that extracts attribute information from audio files which allows remote attackers to execute code with privileges of the user if you move your mouse pointer over an evil mp3 or wma file on a website, HTML email, or windows share. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email.
d86a95f6a915a23475420a215b6ed7ac33bc04fa7b4378da86a89d551b5dec4eTcpreplay v1.3.1 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
cf8d14f671a7bbaff3ba7dcbbce941821833128c0d1de99f99442e4fc9e3092aA detailed vendor analysis on Kaspersky's line of anti-virus products.
dcd5658f03d58162c654ec662ebc8ed80ff8aeaeb4082e994de480a9d8077dc0Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
05b375d49a739715ea4498dc8a321ce52be498a549605eb6d54a8b5313fadeadPaketto Keiretsu v1.10 implements many of the techniques described in recent here.
13498ef49b79f95d1cbf4ebf15edde6b5cfdb5a67557b8060715b30fcab27b73s390 portbinding shellcode.
344e930b71df966fbc37c29847a265ae01cb92a42221e8d56a30396e45ffba56Setuid/setgid 0 execve s390 shellcode.
65769f10c91ac451665b38642805acbc23ac57edac57f1edbba9271bc21c8f9ds390 shellcode which connects back to a listening netcat on port 31337 by default.
b920ec83e92bca3076d999d7ea4500ee8983d04e6148747a27b9af19517eccf1s390 shellcode which breaks out of a chrooted environment with setuid / setgid.
e3f9efa4615b4277df91dd3cff0774915e91ad53f73cef5f4c2c08ffd3ce05c7Remote buffer overflow exploit for the melange chat server v1.10. Tested on SuSE 8.0 and Redhat 7.3.
2ebf0d0384b1b15ad2931288e662c25760b2f664f21362f3c9bf4f12f2e1a27fLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
db867d0e6e310e23da04844841f522950ee341f87a25a3aae55273ad35d9276dBurneye ELF encryption program 1.0.1 with full source and docs.
c117ac7c00e0b953d484b0dd8e5b77ddc2954e0e0c1141a8773c681ea19aa56bKrb 4-1.2 kadmind remote stack overflow remote root exploit for FreeBSD 4.x, BSD/OS 4.2, SUSE 8.0, OpenBSD 2.9 and 3.0, Slackware 8.0, and OpenWall 0.10.
c513133b6220f92e72287282cf3c8c7d473068419bbca7546a806fa93ef5a03dFake Freebsd-4.6 remote telnetd setenv() heap overflow exploit which is very similar to 7350854.c.
07e888a3c669b4d4ce129cda0e38b2aa3279b9d87a5c25033370270aadc53308Cyrus-imap v2.1.10 remote exploit. Tested against Slackware linux v8.0 with glibc-2.2.3 and kernel 2.4.19. Localhost IP is hard coded.
d60a10d34c05222525ab5cf814c721d41fde8727027687f8348116638be581eaTcpdump v3.6.3 remote root exploit. Tested against FreeBSD-4.6.
c738ae09342cca2f263e6827dfaa5d34cca5a8098a2efa6c3adaa524156ad552Local /sbin/ifenslave buffer overflow exploit tested on Redhat 8.0.
b9e0e10a7a2ea847f5bc55ae0e24a42b4e1a28d15afff1711fff91baa314f29dartyfarty.c is a local root /opt/kde/bin/artswrapper exploit tested against Slakware 8.1. Artswrapper is setuid on some distributions.
f9e583b433b0720faaf3c2b12a611faba7d90142b62ce3a2fceaf2691c89dc77WU-IMAP v2000.287 linux/x86 remote root exploit. Tested against Debian 2.2. This code is also known as 7350owex.c.
8df95acb30e9f414b6310ecf9b306c5f2adc266657fe297676044ba7ca0228880x09wule.c is a Linux/x86 wu-ftpd v2.6.2(1) remote root exploit. Tested against RedHat 7.2 running wu-ftpd-2.6.2(1) on the default install. Note: This exploit is reported to be old and does not work.
502aea31745faeeab8856c6ce2be79e52527dc8975026f6c641587a3103b4baaES-Malaria is a ptrace() injector.
36d3fb1c48fc05a1b0e75c268e9fa73707421773ed806f8f0cb015c874a49a1eThe Hyperion FTP Server v2.8.11 and below for Windows 95/98/NT/2000 contains a buffer overflow in ftpservx.dll which allows remote code execution.
a852a01717f525ea2029404cc63c43275bb34de7252eca8aec2116d4637f10b7Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
68642e29c750a07324bbd4b41c47ada6295fab5d3d2fd03cca555ec48dd88322iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.
e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
8f025cf31750a12703c64a86eacd722bd5f5d51bb400edb7c5850782e15094d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed