Sneaky-sneaky is a bidirectional spoofed ICMP tunnel backdoor that has built-in encryption and logging capabilities. It communicates via echo replies keeping the true source IP address encrypted inside of the payload.
68642e29c750a07324bbd4b41c47ada6295fab5d3d2fd03cca555ec48dd88322
iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.
e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
8f025cf31750a12703c64a86eacd722bd5f5d51bb400edb7c5850782e15094d6
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5785571526df2595b8b223c853a6586d8b19777dce109d2f53d620b3bb2fbf10
Macromedia Shockwave Flash Malformed Header Overflow #2 - Macromedia Flash Player versions less than 6.0.65.0 allows remote code execution via HTML email and web pages. Fix available here.
018888a6c288f72d88dd0f5fddd22ecea22e5d438947c9dabdd5059490d624a6
iDEFENSE Security Advisory 12.20.02 - Microsoft"s Hotmail service contains cross site scripting vulnerabilities which allow session hijacking and arbitrary action execution.
aafa3e18425d9f046e54dc567ee2fcce025cf56610f8af6c1a137a6f802f4eca
RealNetworks Helix Universal Server v9.0 and below for Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 contains buffer overflows which can cause code to be executed as SYSTEM over tcp port 554.
b39acaf9964d4389121ef064fdeeef266502772719c45556094be1fe82988b89
Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.
b15d4299f68a0564b2dbf1976f2695381bb7cba4b78e5f66221c135ce941492e
The Enceladus Web and FTP server suite for Windows below v3.9.11 contains a buffer overflow which allows remote command execution. More information available http://www.mollensoft.com.
bc56ff8f7fcff42ba61b72dc3e45978976994ff033fe3cee6516d6863ba75f6e
PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.
f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e
Pine v4.44 contains a local buffer overflow in the -x command line option.
1ef3e1c8a908d842ce87bbcf654b3e3ef0f8778d1b327a332d6955a77aa0658f
CERT Advisory CA-2002-37 - A buffer overflow vulnerability in the Microsoft Windows Shell allows remote attackers to execute arbitrary code via malicious email message, malicious web page, or browsing through a folder containing a malicious .MP3 or .WMA file. More information available here.
b026b59e3f14b7596aad9085a7b4d8183bb3649a364863979123a168facb9351
CERT Advisory CA-2002-36 - Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. OpenSSH is not vulnerable. More information available here.
fc2411c6232f4bec9861e44cc3a10cda790c69eb0b22484d00b48e73b52c0feb
iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.
7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8
The Polycom ViewStation FX set top video system allows users to change configuration of the video conferencing system. A bug introduced in the Polycom ViewStation FX Release v4.2 allows users full access to the video conferencing system including changing the admin password.
efc1399c213252cbb952cdd78a552988b8c768fd731044eb40928f453a8af4c3
Smbrelay.cpp is a TCP NetBT level SMB man-in-the-middle relay attack for Windows in c++ which uses Winsock.
25be6d08cf50dae600f844fd91c3a35cfea28bd3048af0b343fac39a45b76dee
Lepton crack is a password cracker that works on Cygwin and Linux and cracks MD4 hashes, MD5 hashes, NTLM, and HTTPpassword hashes from Domino R4.
89875cf60cf3828b1d061d9b94f2b56f562e545a14a3fce1a7d6e664ea91568e
Ssh client local root exploit which sets LD_PRELOAD and attempts to run /tmp/setuid. Works against old ssh clients.
eef2877afe4d941e69f7ba9aa3a9436d5478e81477e99426820f9fedbae143fc
Session Fixation Vulnerability in Web-based Applications - Many web-based applications employ some kind of session management to create a user friendly environment. Sessions are stored on a server and associated with respective users by sessions identifiers (IDs). Naturally session IDs present an attractive target for attackers, who, by obtaining them, effectively hijack users' identities. Knowing that, web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction, and brute force attacks. This paper reveals a fourth class of session attacks against session IDs: session fixation attacks.
e8a24bd745c20648c072b561ba4717627c93a9e649320428356139d804231bd5
Forbidden Knowledge Issue 18 - This issue has information on smart cards and GSM hacking. Includes gsm-hack, a package to communicate with the fake smart card described in the article.
f80d18d00accc92b12462e6b9e7eccdfef86aa8fe1da7ddf06eeb87be438c618
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
f02fc48d1103101fd976d849cc82fa1a7ee17c7f6735b55bd103dfbb2ffaa579
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
fa96bac45d395d3ac5d8b750aaf90bb7099fbcf5ef096ceff0272c03a8fdd237
LDasm (Linux Disassembler) is a Perl/Tk-based GUI for objdump/binutils that tries to imitate the look and feel of W32Dasm. It searches for cross-references (e.g. strings), converts the code from GAS to a MASM-like style, and much more.
f6adaed7d64c1cb2b5338b0f8a9ca16f597170edb56fca926f6a82e2d426c189
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
f71badc22a7689502a4abfd3a2248515c5651fe679af719925c5f9ff7499d980
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.
e8d4693d63f13b1cbd05dce7e995ebe42d31c50b0b44908a882e5a3a63875af5