what you don't know can hurt you
Showing 1 - 25 of 82 RSS Feed

Files Date: 2003-02-01 to 2003-02-28

hextodec.java
Posted Feb 27, 2003
Authored by soGNo

Hextodec.java is a simple hex ip to dec ip converter which can be useful for many things, among them is finding the ips of users on java chats similar to the one on www.ircnet.com.

tags | java
SHA-256 | b5b882ab25a1150a4d183e519a87dd5f9c1b71feb6698daacae9fed65245966b
FreeBSD Security Advisory 2003.2
Posted Feb 26, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:02 Version 1.1 - OpenSSL v0.9.6h and below contains a timing-based vulnerability in CBC ciphersuites in SSL and TLS which can recover fixed plaintext blocks, like a password.

Changes: Updated patches; corrected URLs.
systems | freebsd
SHA-256 | 7634649866247240fdacffa5096769ff57f23a2bb2ad63558ba33b0f1213c8db
MacStumbler-06b.tgz
Posted Feb 25, 2003
Authored by Korben | Site macstumbler.com

Macstumber is an application for Mac OS X which scans and detects wireless networks using an Airport card. No driver installation needed.

tags | tool, wireless
systems | apple, osx
SHA-256 | 77093352f128ba6601b815aab93df2e88fd369894e507628a9afeae016df61fa
FreeBSD Security Advisory 2003.3
Posted Feb 25, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:03 - The FreeBSD syncookie implementation uses keys that are only 32 bits in length, allowing remote attackers to recover the ISN, which can be valid for up to four seconds, allowing ACL's to be bypassed and TCP connections forged. syncookies may be disabled using the 'net.inet.tcp.syncookies' sysctl(8) by running the following command as root: "sysctl net.inet.tcp.syncookies=0".

tags | remote, root, tcp
systems | freebsd
SHA-256 | f1a19443f25751c44cb233a1222d580467975bb2b27cfee7560380c7d12c6f71
execve3.c
Posted Feb 25, 2003
Authored by Sacrine | Site netric.org

Linux x86 shellcode, 41 bytes. Does a setresuid(0,0,0); execve /bin/sh; exit;.

tags | x86, shellcode
systems | linux
SHA-256 | 98952e5990d418491e730aefa55ce16c1cb00bfc01b9bb1a64fba9f1234999b4
sircd.txt
Posted Feb 24, 2003
Authored by Knud Erik Hojgaard | Site kokanins.homepage.dk

Sircd v0.4.0 and below and v0.4.4 from CVS before 04/02-03 contains buffer overflow vulnerabilities which allow remote users to execute arbitrary code. Exploit available here.

tags | advisory, remote, overflow, arbitrary, vulnerability
SHA-256 | e6cd4e6b3ed5a50f2058983327655cd6782b4cf9f1554404cf8127b30d18f04c
moxftp.txt
Posted Feb 24, 2003
Authored by Knud Erik Hojgaard | Site kokanins.homepage.dk

Moxftp v2.2 and below contains buffer overflow vulnerabilities which allow remote code execution. Includes exploit code which sends a shell.

tags | exploit, remote, overflow, shell, vulnerability, code execution
SHA-256 | 54be2adad039f538737f860941fe34b2b93d3ad224244b1cd758a91759d8f841
kripp-0.1.tar.gz
Posted Feb 24, 2003
Authored by Konstantin Klyagin | Site konst.org.ua

KRIPP is a simple and light-weight network passwords sniffer written in Perl, which uses tcpdump to intercept traffic. Can sniff and display ICQ, FTP and POP3 passwords.

tags | tool, perl, sniffer
SHA-256 | c00c1dd1deea2ecb607c30e4694de7f76962b0645febd987e69de4dc19239a6d
secadv_20030219.txt
Posted Feb 24, 2003
Site openssl.org

A timing based attack has been discovered in OpenSSL v0.9.6h and below which allows SSL/TLS encrypted passwords to be recovered by analyzing the timing of the responses to invalid plaintext.

tags | advisory
SHA-256 | b1ed1ca04af4fe1e6f92f49d5e3c992d946702a52d11817f84b2a60f0ab85f2e
ex_stmkfont.sh
Posted Feb 24, 2003
Authored by Watercloud | Site xfocus.org

HPUX local buffer overflow exploit for stmkfont which attempts to spawn a gid=bin shell. Tested on HPUX B11.11.

tags | exploit, overflow, shell, local
systems | hpux
SHA-256 | cb3cda59c47ee977fe8004ec47bb58b34e2ca538f7e6f2573d4b7e8b6ebd05b3
cpanel-VH.pl
Posted Feb 24, 2003
Authored by CaMaLeoN

Remote CGI exploit for Cpanel 5 in perl.

tags | exploit, remote, cgi, perl
SHA-256 | c864b0f0ff7784fee33ce3195ab44af772d87e433277a615d8f1501004dd408e
cartoon.c
Posted Feb 24, 2003

Cartoon.c converts ELF binaries to shellcode.

tags | shellcode
SHA-256 | edd78f7120b523d108f4d89712bdfa6ff4f779d5ffcd02a305d0915f7798d3e3
kaletonidspaper.pdf
Posted Feb 24, 2003
Authored by James Fell | Site kaleton.com

This paper investigates combining Misuse and Anomaly based IDS into one system. Misuse detection consists of defining malicious network traffic and monitoring for it. Anomaly detection consists of defining normal or typical network traffic and then detecting anything else. The perl source code for a prototype NIDS is included (requires TCPDump).

tags | paper, perl
SHA-256 | 11979759e8cc51327726d9093cf27a33ea30c7326a3a1af9c7df46940e61c1fc
Proxomitron.txt
Posted Feb 21, 2003
Authored by Gregory Le Bras | Site Security-Corp.org

Security Corporation Security Advisory [SCSA-005]: Proxomitron Universal Web Filter, version 4.4 and below, is vulnerable to a denial of service when being given a parameter over the length of 1024 bytes.

tags | advisory, web, denial of service
SHA-256 | f88a50da4c3cc775d3517f57fcc25525d5375f35ea97d33b6ce9d470135ba850
tcpscan3.txt
Posted Feb 21, 2003
Authored by Modular | Site truncode.org

Coding a TCP Connect Port Scanner Using VLSM - Handbook three in a series. An in-depth beginners tutorial written to explain incorporation of VLSM and CIDR capabilities into a network scanner.

tags | paper, tcp
SHA-256 | 37beb0c660c6d22bad13b4a8d700e977e49e7010171643b7a25dbf35c1cb6012
CA-2003-06.sip
Posted Feb 21, 2003
Site cert.org

CERT Advisory CA-2003-06 - Numerous vulnerabilities have been reported in multiple vendor implementations of the Session Initiation Protocol, or SIP, which may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.

tags | vulnerability, protocol
SHA-256 | 92239b658525dff1c27f48b457af32ebc807d65b174c7082d08fb4a6bf2a2743
CA-2003-05.oracle
Posted Feb 20, 2003
Site cert.org

CERT Advisory CA-2003-05 - Systems running Oracle8 Database v 8.0.6, 8.1.7, Oracle9i Database (Release 1 and 2), and Oracle9i Application Server (Release 9.0.2 and 9.0.3) contain multiple remote vulnerabilities which can lead to the execution of arbitrary code, allow users to modify database records, or cause a denial of service, breaking the database.

tags | remote, denial of service, arbitrary, vulnerability
SHA-256 | 04154bd5e08374b34f8d73fc2f8574a7028fe99b031c5c78ae866b696bdb989e
DSR-cpanel.c
Posted Feb 20, 2003
Authored by Bob | Site dtors.net

Cpanel 5 and below remote exploit which allows users to view any file or execute remote commands due to an insecure open call in guestbook.cgi. Local root vulnerabilities also exist.

tags | exploit, remote, local, cgi, root, vulnerability
SHA-256 | 872dc79f37bab68ceed000840eafddb4a2ece4fdb910242de487ea4a95d25073
DSR-nethack.c
Posted Feb 20, 2003
Authored by Bob | Site dtors.net

Nethack v3.4.0 local buffer overflow exploit which spawns a shell as uid=games. Runs /usr/games/lib/nethackdir/nethack.

tags | exploit, overflow, shell, local
SHA-256 | d36c9676766104ed6f0e30024d355ec827f58589e60d86e963361827c6ef5db0
webmail_local.pl
Posted Feb 20, 2003
Authored by deadbeat, C0w-d0g

Cpanel + Openwebmail local root exploit in perl which affects Cpanel 5 and below. Attempts to copy a suid root zsh into /tmp by exploiting /usr/local/cpanel/base/openwebmail/oom.

tags | exploit, local, root, perl
SHA-256 | b8529d38cfef755d74cff0d812d2ae5a837fb4a77d433c676607eab5980c5ef1
php.cgi.txt
Posted Feb 19, 2003
Authored by Jani Taskinen | Site php.net

PHP Security Advisory - PHP 4.3.0 contains a bug that allows direct access to the PHP binary via the CGI SAPI which allows remote attackers to trick the server into executing arbitrary PHP code. PHP 4.3.1 fixes the vulnerability.

tags | advisory, remote, arbitrary, cgi, php
SHA-256 | 21cbf19fe4a85a2248c6ff1bd76047da3c8253975dfcee6e5099cbb61651d08a
bisonftp.dos.txt
Posted Feb 19, 2003
Authored by Immune Advisory | Site immune.dk

BisonFTP v4r2 is a FTP daemon used on Microsoft Windows 9x/NT systems which has a remote denial of service vulnerability if sent long FTP commands, and can be tricked into revealing information about files outside the ftp root. It's not possible to get in contact with the people at http://www.bisonftp.com anymore. I guess a new version will never be released.

tags | advisory, remote, web, denial of service, root
systems | windows
SHA-256 | 4787f651afaf0dc5c002b1ae7fb801b816220ee83fcb6ed6d91fbd0895b33bf9
EMUMAIL5.x.txt
Posted Feb 19, 2003
Authored by Dr. Insane

Parameter validation bugs exist in Emumail v5.x which allow remote denial of service and allow remote users to view any account history.

tags | exploit, remote, denial of service
SHA-256 | cec95ac394f94a6a107b3b73afcbbd0745d9caee836bd489e7c7cee5e292d689
gobbler-1.8alpha.tar.gz
Posted Feb 19, 2003
Authored by STE Jones | Site networkpenetration.com

Gobbler is a tool designed to audit various aspects of DHCP networks, from detecting if DHCP is running on a network to performing a denial of service attack. Gobbler also exploits DHCP and ethernet, to allow distributed spoofed port scanning with the added bonus of being able to sniff the reply from a spoofed host. This tool is based on proof of concept code "DHCP Gobbler" available from networkpenetration.com and the DHCP flaws paper.

tags | tool, denial of service, spoof, rootkit, proof of concept
systems | unix
SHA-256 | e67b7b0aaba893b9e0f5b0ff284ff00dc90a09e9061ead2c895a3ad085d770d8
bison_slap.pl
Posted Feb 19, 2003
Authored by deadbeat

BisonFTP v4.r2 remote denial of service exploit in perl. Tested against Windows 98.

tags | exploit, remote, denial of service, perl
systems | windows
SHA-256 | 97d8de62192a0625ac18734043ac9b63b6773448e623ae0e3bef47baf8a7cf53
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close