Amap is a scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
94fab83628b9447bc141df6b16c39f31750777f88ee84a8d1eb31ceb8b387221LedNews v0.7 lacks any filtering allowing a remote attacker to embed javascript or various HTML tags. It may also be possible to add server side include tags into news posts as well.
bb8bdc61aef9712a1297bda410fd6d68cf2a865fc673e5a6a79779178914d42ePmachine version 2.2.1 has a fault Include() routine that allows a remote attacker to supply a malicious URL that in turn can be a script that the webserver will then execute.
3a954f23f36da44d1a53b9c709a5c45c9eee6bf4b1b93f9c0048194f7b4eb754iDEFENSE Security Advisory 06.16.03: The pam_wheel module of Linux-PAM uses getlogin() in an insecure manner, thereby allowing attackers to bypass certain restrictions. The pam_wheel module is often used with the su command to allow users belonging to a trusted group to utilize the command without supplying a password. The module utilizes the getlogin() function to determine the name of the currently logged in user. This name is then compared against a list of members of a trusted group as specified in the configuration file. If the trust option is enabled in the pam_wheel configuration file and the use_uid option is disabled, any local user may spoof the username returned by getlogin() and gain access to a super-user account without supplying a password.
c65f3b99c2e44aca0273c3c270501fa89200aeeec261693c53ac01a45de16c3eIDScenter is a control and management front-end for the Windows platform. Main features: Snort 2.0/1.9/1.8/1.7 support, Snort service support, Snort configuration wizard, Rule editor, AutoBlock plugins (Network ICE BlackICE Defender plugin included (Delphi, open-source), Plugin framework for Delphi included), MySQL alert detection & file monitoring, e-mail alerts / alarm sound alerts / visual notification, etc.
f9b7423c7841bf496874eb4b6958f826ddcecd9c8631065cef6dfd7aa797770eShellcode that print What is The M4Tr1X ?! and then exits.
24613700722f04736909af821d62b7e6bc1c78910a71e75776a1e46bce154fb9The product Mailtraq suffers from multiple vulnerabilities that range from access to files that reside outside the bounding HTML root directory through decryption of locally stored password, to a cross site scripting vulnerability in the web mail interface.
0fccaf9934ee9baa9e271e3755695428f4343300ad90ccad092c5010d7861a0eWsh is a remote UNIX shell that works via HTTP. The client script provides a shell-like prompt, encapsulating user commands into HTTP POST requests and sending them to the server script. The server script extracts and executes commands and returns STDOUT and STDERR output. Features include command line history support, file upload/download, and it can work through an HTTP proxy server.
7864a855e018dd23e964a0eaf335ca34817663b10989a9550f0bb9e6dff02976Firepass is a tunneling tool that bypasses firewall restrictions and encapsulates data flows inside of HTTP POST requests. TCP or UDP based protocols are supported. Both the client and server entities are written in Perl and the server script acts as a CGI program.
6c43de260fd97f1737cc73314eaebbbfd500a970d2214726068a49de4e743123The ntdll.dll remote exploit through WebDAV that was originally written by kralor. This version is ported to Linux by Dotcom.
2c2a25135d00b80b6afe08a65594cfb418ba630c1c156a70363d9fcc3f00201eIt is possible to evade the BlackICE PC Protection IDS logging of cross site scripting attempts due to a lack of it checking HEAD, PUT, DELETE, and TRACE requests for the <script> pattern.
ea50d43db68e3d4aeaaf1d9927e9cd734abfff473651ddcbc8ce4ef1fed187aeSecure Network Operations, Inc. Advisory SRT2003-06-13-0945: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files for use in a dlopen statement Progress choose to look in the users PATH. No verification is performed upon the object that is located thus local non super users can make themselves root. Most binaries in /usr/dlc/bin can be exploited via this method.
cc47dfe490340c579a133daf438955383d7c3fc7d41008a2aff2e5564b96be2bSecure Network Operations, Inc. Advisory SRT2003-06-13-1009: Progress Database dbagent make the use of several helper .dll and .so binaries. When looking for shared object files _dbagent looks at the argument passed to the command line option "-installdir". No verification is performed upon the object that is located thus local non super users can make themselves root.
8b6fdcc0365bbcfd0d2a95fd0575bd8ddea798ae6c1a17fcde6e9e197f0d13afCctt, or "Covert Channel Tunneling Tool", is a tool that presents several exploitation techniques allowing the creation of arbitrary data transfer channels in the data streams (TCP, UDP, and HTTP) authorized by a network access control system.
6f7b41438fd9d341aa44164449ba16733e9cda53c37752b7ee30b054cfef0253Signal handling in the myServer webserver for Windows and Linux does not perform proper trapping, allowing a remote attacker to DoS the server.
39d24e0bf7039655f777a3ec241d81e2d5c2ad7d2f230207fedcc80f5217e6f8Secure Network Operations, Inc. Advisory SRT2003-06-12-0853: ike-scan, a tool to perform security audits in the VPN arena, is vulnerable to privilege escalation if it is setuid root for other users on the system to make use of the tool.
fb2974b5f5f7c3955537f5144cea1e1d3cf3625114335c88e940fcbfb22ad899iDEFENSE Security Advisory 06.11.03 - SMC Networks Barricade Wireless Cable/DSL Broadband Router version SMC7004VWBR crashes when a specially formatted series of packets are sent to TCP port 1723 (PPTP) on its internal interface. Following the attack, the router remains unresponsive to requests on the wireless portions of the connected LAN, thus preventing users from accessing network resources.
06f5f4530631ec6de5e22a571bf7126c7ed146ccc935738f187e5617f9acca31Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
414f3a9d87beaf5e7f684cb2baba90f4e6407e05d9e592f2d2f6fa22320a900aLocal exploit for E-term that escalates privileges to gid utmp via insufficient bounds checking performed on an environment variable that is copied into an internal memory buffer.
f237a0eba9a4f56b1498cd561335e4be5638015d0d619676b960dacd3044a6bdLocal root exploit for XaoS that makes use of a specially crafted command line -language argument to cause it to execute arbitrary code.
69d8770f8159a752b55a03fa0726456bce230f5b5d5be8647880d72636ed92d3fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name().
945fa08d2db2da2eb13cd4bc4bf7ca8b42c3f19daac89a8d244fa205bfcd41e5This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
1ac81f168242749009676261c22cae1a836b0a6b70111282cd3ba3d7b398cacaUnmask is a simple md5 cracking utility that will attempt to find the true IP address of a fake host using Trircd 5.0 and PTlink.
b0c51a9f11f227a13b24456b72a96c5bc6d4f45d14b1af2e5b087f11b6cdd7b3Remote format string exploit for Magic Winmail Server version 2.3. Sending a format string in the USER field during the authentication process, a remote attacker can cause the server to execute arbitrary code.
3500425cf62ca44b00af89fefa96dcebeb90a65e3253fbf1c84596b3df100aebHTML Source Code Explorer Bar 2.0 is a plug-in for Internet Explorer that allows you to view the form fields for any HTML form being served and easily repopulate the fields (even hidden fields) with the input of your choice and submit the data. This tool can be very useful for penetration testing input validation on CGI scripts, etc.
b83e6392af3df04eef20b40df66d69a189095649aaf2bff9ece7e6dec15bc584
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed