Windows Media Services Remote Command Execution - There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request to the server that could cause IIS to fail or execute code on the system.
8f2e5764c182b67bd6e0097fd3e00391b5ccda2203e5742a4792b474ff7bf79cSecunia Security Advisory - The FTPServer/X FTP Server Control and COM Object v1.00.045 and v1.00.046 are vulnerable to buffer overflow that results in a denial of service and potentially can enable a remote attacker to gain access to the machine.
0894d97443bbd9d1990dddc0a475b12dff29aa463f6dba9d9b9afdabb6b001ccDomino Hunter is a Lotus Domino web server scanner, written in Perl. It attempts to access default NSF databases, as well as crawl user-defined bases. It tries to enumerate the database structure, enumerate available views, available documents, and ACLs set on documents. It also tries to retrieve documents from available views in order to check if ACLs are correctly set to restrict documents and not views. The scanner works in both anonymous mode or privileged mode if user supplied credentials are supplied to then be passed to the default names.nsf/?Login form.
a0dfd46a268e0ea58831d6951b8066279b3994e491c0e59ca18d96facd2a8f2dLinux x86 UDP shellcode. Reads from UDP port 13330 to retrieve other shellcode then executes it.
a19f2e0f5e3ed7c024fa5903d3b63b3001cc6d694f0a752097064021a0cea265By using the OpenBSD packet filter pf, one can utilize the NAT address pools added into OpenBSD 3.3 to aid in distributed port scanning.
8a31bcc028af2e38e08d090044b50741b4a83069781ec6191a41a5c751b115abPaper written about the art of brute force cracking that comes with example code.
45d8ad1042d40237b9961db4391407e13922af227ab3c00955c625e2a4c5e4feDirtybrute is an advanced multi threaded program that demonstrates the use of a brute force engine which has many options such as the ability to resume cracking sessions for both brute force mode and dictionary attacks. Currently supports remote MSN messenger cracking sessions.
1b5eceb2e1ded79867017fb83a6a76c1bc79c59c0d801c3e6d36725f611ed767Microsoft Windows RPC Denial of Service utility.
ae0ee9bbf31e25b6679761ba4234641251fc289657530f1fce259256e3665fdcGkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
b973bd4af33c09c485c0b63186d2856b6559db115187b42032801bdb8afede57THC Modem Login Hacker - A tool that will attempt to break into modem dialups using scripts written for minicom. Extremely configurable and a must have for any penetration test.
828570b792839f01260c13d3a4c84290f8ec66299dfceef31ab46fc2941ec452gkrellmd < 2.1.12 remote exploit for Linux. Tested against Debian 3.0 with version 2.1.4.
aa8ce6fe14ecc2b660ceedf693cf2c3029daf366800f5723d6ca812b4e943aacLocal root exploit that makes use of a race condition vulnerability found in the Linux execve() system call that affects the 2.4 kernel tree.
c02c2f58cf3b035c346097edc9de2f0459979689331100ce6b90e71e1f58d4b2A short paper discussing exploitation of vulnerabilities consisting of a null byte written passed the end of a dynamically allocated buffer.
0e1f36dccb0e9ef58428ac810760e9e766e92f7934ec298303105f871f0ca1b2NGSSoftware Insight Security Research Advisory #NISR2406-03 - WebAdmin.exe, a utility that allows remote administrators to control MDaemon, RelayFax, and WorldClient, has a remotely exploitable buffer overrun in the USER parameter that would allow a remote attacker to execute arbitrary code on the server.
6792c533a2cd9f5fcacddb71b75e2176618d3457d31728ba0246ae3dfa98eb02SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.
0fdaa24f936f93dd53593bf93d40a3969220454aeead17be748bfea6c4c28e2dKerio Mail Server 5.6.3 remote buffer overflow exploit. Adds wide open root account to /etc/passwd. Written based upon the vulnerability discussed here.
9b6caaf215dc0b765ded6013c36c55a7897e80b242d716bc226a4ac4ccb0eef0This utility provides a datalink bridge working in userspace that allows captured packets from one ethernet interface to be retransmitted over a non-ethernet interface.
355b995aacd7f973a646ba0ca1367d3513bf89b8f6e5d75ad0b770fab636891bGkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
0484a62c7b78dd555a7a6f5e4945f1aa3126597a6351fbe10cbc505dfc097213Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
a4283aa083febb3f02e3df99d29842a8d03014ddc9e4831fde0b5d9756b51852Secure Network Operations, Inc. Advisory SRT2003-06-20-123 - The Progress 4GL Compiler version 9.1D06 and below has a datatype buffer overflow that can be exploited if a malicious .p file is compiled. Both the Win32 and Unix variants are affected by this.
22d12cc34b522d69526bd9f24df1b3f06220ba1e69d4b24bfbecb9b39aa132baKereval Security Advisory KSA-001 - Cross Site Scripting vulnerabilities exist in Tutos 1.1 allow for hostile code execution.
e7b4573c8bb5f2819b9bdd4a50ae12f65f581d9ffbff39d67207d7b923bf4d76Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
bdb62d798a58f673dc7a74bf9554a3a89281cc32e003b0963dceb3f6d801b45awIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automater is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted than an appropriate action could be executed.
0cf3f6b335746b3adfb3ac04a614f5cce00de12cd079dba7fdab54432d3b6bc5The APSR project is a network testing suite, designed to send, receive and analyze arbitrary network packets on different kinds of networks. It can be used to test firewalls, routing, security and many other networking functionalities. The main goal of the APSR project is to develop a high quality network testing suite.
78d668adfaebfd7ef51ec22c5960441fe48ccc804d4c5fa56d78186bf8de0e20Remote OS fingerprinting tool written in Perl that analyzes the retransmission timeout lengths of a TCP handshake to detect remote operating systems.
dc7fea5649186770394de79bc8fc28fa6fed9514e07f2a48476faa5d4e2dd950
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed