Debian Security Advisory DSA 389-1 - ipmasq below version 3.5.12 creates improper filtering rules that will allow traffic on an external interface to route to an internal host via forwarding.
13d99608cbf405e4adad6318a424cce5a41df502f8911c3dcd0e11ced43af864
FlyingDog Software Powerslave Portalmanager version 4.3 is vulnerable to exposure of SQL database infrastructure and information via passing commands in the URL.
eb511a9674718b87bc11f124055015a84d964cc3dfd6938111370b5bcaa09e2b
Secunia Advisory - A problem lies in Sun Java where JAXP cannot handle XML documents with deeply nested entity definitions. This can be exploited to consume 100% CPU resources by users with access to Java based applications which accepts and parses XML documents.
f97cb47a2a3960fc78574d3bd21d545dedd5be377d1cb2c282b25864988a2b85
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
57b018734a1da31984bc73e7a7590a507e27914441e24a65bb17e879a0078742
Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
4450b9ecd3bc40104031d83fad31d0bb3fc7aa15de4088460aa734c06f2e1f2b
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
9b7c09b2ad9ca53f5cfabc99a0192300cd940cd655db511887531ec2aad3c21e
Silencer holds three different functionalities. It will deploy a backdoor in a listening service that an attacker must connect to, feed the magic word, and then portscan the machine to find the bindshell spawned, it has an Apache backdoor that allows a connection over HTTP to drop to a shell, and it also has a read sniffer built in that goes through the kernel read() process and then logs it to /tmp/.es.rox. The authors ask to be contacted if anyone finds any systems or kernels that this does not work on.
41eb4095cd39cb456d3f839ae2f1d1ccad55ea5d5d7cc64453d8653a4a0b9510
Millenium v1.0 is a tool that easily finds and removes the Millenium v1.0 Trojan from an infected system. Delphi source code included. Archive password is set to p4ssw0rd. Use at your own risk.
3d0b022fef41255c18a84cb2bb4beed53eb944912a153d1f3712c5e647a1c8ac
A detailed analysis and exploitation of the RPC Long Filename heap overflow found in the CoGetInstanceFromFile API that was originally discovered by NSFOCUS.
4620d24fc5b0277f481e241862c7c21d92522cc493f4613d81f9170a54cff666
Remote exploit for netris version 0.5 on RedHat 8.0 that makes use of a buffer overflow vulnerability where a client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking.
f8edfa8276857fffd804744d1421a08844b4eda9116d04980bca6788d879b5db
Local root exploit for hztty 2.0 that makes use of the buffer overflows discovered by Jens Steube.
e360b247ce91f66c52b245f714c8b4264ad70b33de8167e86466a0d04336a40e
RainbowCrack is an instant Microsoft Windows password cracker based on Philippe Oechslin's faster time-memory trade-off technique. Both binary and source distributions are enclosed.
7b163e53ff8eb026c4501d07d376a019f54229d0851ffe01a53391cb7ff6f1b4
Remote exploit for Solaris that only requires a single UDP packet to the sadmind service to execute commands.
df93ce9efbde4852942b9d78c95fe371ef525a0f31005c84b1acee1eeed53a35
SGI Security Advisory 20030901-01-P - It has been reported that under certain conditions a NFS client can avoid read-only restrictions on filesystems exported via NFS from a server running IRIX 6.5.21 and mount them in read/write mode.
20adad9965ecc3ab9669c0c0f988b3136ffc46d036a3e2a4b59af98e260d296a
The Plug and Play Web Server version 1.0002c is susceptible to multiple buffer overflow attacks that cause the server to crash.
2b68d648120147ab8417ee871e9d52d166dd19a55bd2cd64fc864ba5ce18e676
The Plug and Play Web Server version 1.0002c is susceptible to multiple directory traversal attacks allowing a remote attacker to gain access to internal system files.
08a1508555f21666773d5967a389f637ade7bd17986669a075b9984c763bda51
Remote Pine exploit for versions 4.56 and below. Makes use of a vulnerability discussed here. Binds a shell to port 10000. Tested against RedHat Linux 7.0.
902cb346d20aea5cb1ef62db8c36a27a7f7588fb1b62a8d42cc9f4c7751ba3f6
Simple shellcode that prints a URL, setuid(0), setgid(0), exec /bin/sh, and then exit(0).
26b2e829da4fc284b1722992a44397e4bd90960f25e56c8d8f43f3c680af91e7
Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.
77415dcf52c38a6a335911442a1fbde9f49c7a2c7184a6d87d15d4affb71051a
Core Security Technologies Advisory ID: CORE-2003-0531 - IBM DB2 Universal Data Base v7.2 for Linux/s390 has two binaries in a default install which are setuid to root and have owner and group execute capabilities. These binaries are vulnerable to buffer overflow attacks from a local user that is in the same group.
230169f15f23404e9986d75dff6bf3eea592ff6e1d121c14056dd29c97fc181c
DBabble 2.5i suffers from cross site scripting issues that can lead to cookie hijacking.
9621a85331b7dc09b3f7e86de4a39a480e82852474c273f85f4ca1868cd200b6
KDE Security Advisory: KDE version 3.1.3 and below has multiple vulnerabilities in KDM. KDM fails to check for successful completion of the pam_setcred() call which may leave a user with root access. It also has a weak cookie generation algorithm that allows easy brute forcing of session cookies.
ca89ac53ce316b9854b4014469a8a0552a04c991fbb2de9ae77549da65820b6f
Sendmail is a very popular unix Mail Transfer Agent, a program that moves mail from one machine to another.
14ad00edc87c4e7b24884dc2db3bdcbff76d164f86e5794814e7b3d9019cba12
Generic Windows XP URL download and execute shellcode.
a34c8afa73948e9a867355665d03c33149372aaa3f3bfd06d5782544de061ed0
Remote Windows exploit for the RPC DCOM long filename heap overflow discovered by NSFOCUS. Upon success, the target will have a user added as the letter e with a password of asd#321.
1aecaf0cce333af298b5df7d6880ca92c9442ee27738f94ed70f45095f52b0a2