exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 155 RSS Feed

Files Date: 2003-09-01 to 2003-09-30

DSA-389-1
Posted Sep 23, 2003
Site debian.org

Debian Security Advisory DSA 389-1 - ipmasq below version 3.5.12 creates improper filtering rules that will allow traffic on an external interface to route to an internal host via forwarding.

tags | advisory
systems | linux, debian
advisories | CVE-2003-0785
SHA-256 | 13d99608cbf405e4adad6318a424cce5a41df502f8911c3dcd0e11ced43af864
h07adv-powerslave.txt
Posted Sep 22, 2003
Authored by H Zero Seven | Site h07.org

FlyingDog Software Powerslave Portalmanager version 4.3 is vulnerable to exposure of SQL database infrastructure and information via passing commands in the URL.

tags | advisory
SHA-256 | eb511a9674718b87bc11f124055015a84d964cc3dfd6938111370b5bcaa09e2b
secuniaJAXP.txt
Posted Sep 22, 2003
Site secunia.com

Secunia Advisory - A problem lies in Sun Java where JAXP cannot handle XML documents with deeply nested entity definitions. This can be exploited to consume 100% CPU resources by users with access to Java based applications which accepts and parses XML documents.

tags | advisory, java
SHA-256 | f97cb47a2a3960fc78574d3bd21d545dedd5be377d1cb2c282b25864988a2b85
p0f-2.0.2.tgz
Posted Sep 22, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Complete rewrite of version 1 code, making signatures more flexible and to improve fingerprint accuracy.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | 57b018734a1da31984bc73e7a7590a507e27914441e24a65bb17e879a0078742
amap-4.3.tar.gz
Posted Sep 21, 2003
Authored by van Hauser, thc, DJ Revmoon | Site thc.org

Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!

Changes: More identifications added and various bug fixes.
tags | tool, protocol
SHA-256 | 4450b9ecd3bc40104031d83fad31d0bb3fc7aa15de4088460aa734c06f2e1f2b
Nmap Scanning Utility 3.45
Posted Sep 21, 2003
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.

Changes: Version scanning that will report back what type of service is running on a port instead of depending on nmap-services. Other various features enhancements and bug fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | 9b7c09b2ad9ca53f5cfabc99a0192300cd940cd655db511887531ec2aad3c21e
0x4553-silencer-public.tgz
Posted Sep 21, 2003
Authored by Brainstorm, electronicsouls, Ares

Silencer holds three different functionalities. It will deploy a backdoor in a listening service that an attacker must connect to, feed the magic word, and then portscan the machine to find the bindshell spawned, it has an Apache backdoor that allows a connection over HTTP to drop to a shell, and it also has a read sniffer built in that goes through the kernel read() process and then logs it to /tmp/.es.rox. The authors ask to be contacted if anyone finds any systems or kernels that this does not work on.

tags | web, shell, kernel
SHA-256 | 41eb4095cd39cb456d3f839ae2f1d1ccad55ea5d5d7cc64453d8653a4a0b9510
Milleniumv1_0_Removal.zip
Posted Sep 21, 2003
Authored by Soner EKER | Site sonereker.net

Millenium v1.0 is a tool that easily finds and removes the Millenium v1.0 Trojan from an infected system. Delphi source code included. Archive password is set to p4ssw0rd. Use at your own risk.

tags | trojan
SHA-256 | 3d0b022fef41255c18a84cb2bb4beed53eb944912a153d1f3712c5e647a1c8ac
rpcHeap.txt
Posted Sep 21, 2003
Authored by FlashSky | Site xfocus.net

A detailed analysis and exploitation of the RPC Long Filename heap overflow found in the CoGetInstanceFromFile API that was originally discovered by NSFOCUS.

tags | exploit, overflow
SHA-256 | 4620d24fc5b0277f481e241862c7c21d92522cc493f4613d81f9170a54cff666
netris-shash.c
Posted Sep 21, 2003
Authored by Shashank Pandey

Remote exploit for netris version 0.5 on RedHat 8.0 that makes use of a buffer overflow vulnerability where a client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking.

tags | exploit, remote, overflow
systems | linux, redhat
SHA-256 | f8edfa8276857fffd804744d1421a08844b4eda9116d04980bca6788d879b5db
0x333hztty.c
Posted Sep 21, 2003
Authored by Cowboy, 0x333 | Site 0x333.org

Local root exploit for hztty 2.0 that makes use of the buffer overflows discovered by Jens Steube.

tags | exploit, overflow, local, root
advisories | CVE-2003-0783
SHA-256 | e360b247ce91f66c52b245f714c8b4264ad70b33de8167e86466a0d04336a40e
rainbowcrack-1.1-win.tgz
Posted Sep 20, 2003
Authored by Zhu Shuanglei | Site antsight.com

RainbowCrack is an instant Microsoft Windows password cracker based on Philippe Oechslin's faster time-memory trade-off technique. Both binary and source distributions are enclosed.

tags | cracker
systems | windows
SHA-256 | 7b163e53ff8eb026c4501d07d376a019f54229d0851ffe01a53391cb7ff6f1b4
rootdown.pl
Posted Sep 18, 2003
Authored by H D Moore | Site metasploit.com

Remote exploit for Solaris that only requires a single UDP packet to the sadmind service to execute commands.

tags | exploit, remote, udp
systems | solaris
SHA-256 | df93ce9efbde4852942b9d78c95fe371ef525a0f31005c84b1acee1eeed53a35
HexView Security Advisory 2003-09-01.01
Posted Sep 18, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030901-01-P - It has been reported that under certain conditions a NFS client can avoid read-only restrictions on filesystems exported via NFS from a server running IRIX 6.5.21 and mount them in read/write mode.

tags | advisory
systems | irix
advisories | CVE-2003-0680
SHA-256 | 20adad9965ecc3ab9669c0c0f988b3136ffc46d036a3e2a4b59af98e260d296a
pandpdos.txt
Posted Sep 18, 2003
Authored by Bahaa Naamnmeh | Site bsecurity.tk

The Plug and Play Web Server version 1.0002c is susceptible to multiple buffer overflow attacks that cause the server to crash.

tags | exploit, web, overflow
SHA-256 | 2b68d648120147ab8417ee871e9d52d166dd19a55bd2cd64fc864ba5ce18e676
pandpdt.txt
Posted Sep 18, 2003
Authored by Bahaa Naamnmeh | Site bsecurity.tk

The Plug and Play Web Server version 1.0002c is susceptible to multiple directory traversal attacks allowing a remote attacker to gain access to internal system files.

tags | exploit, remote, web
SHA-256 | 08a1508555f21666773d5967a389f637ade7bd17986669a075b9984c763bda51
gyan_pine.c
Posted Sep 18, 2003
Authored by Gyan Chawdhary

Remote Pine exploit for versions 4.56 and below. Makes use of a vulnerability discussed here. Binds a shell to port 10000. Tested against RedHat Linux 7.0.

tags | exploit, remote, shell
systems | linux, redhat
SHA-256 | 902cb346d20aea5cb1ef62db8c36a27a7f7588fb1b62a8d42cc9f4c7751ba3f6
pi3.c
Posted Sep 18, 2003
Authored by Adam Zabrocki | Site pi3.int.pl

Simple shellcode that prints a URL, setuid(0), setgid(0), exec /bin/sh, and then exit(0).

tags | shellcode
SHA-256 | 26b2e829da4fc284b1722992a44397e4bd90960f25e56c8d8f43f3c680af91e7
yahooactive.txt
Posted Sep 18, 2003
Authored by Cesar Cerrudo

Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.

tags | advisory, overflow, activex
SHA-256 | 77415dcf52c38a6a335911442a1fbde9f49c7a2c7184a6d87d15d4affb71051a
core.db2.txt
Posted Sep 18, 2003
Authored by Juan Pablo Martinez Kuhn | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0531 - IBM DB2 Universal Data Base v7.2 for Linux/s390 has two binaries in a default install which are setuid to root and have owner and group execute capabilities. These binaries are vulnerable to buffer overflow attacks from a local user that is in the same group.

tags | advisory, overflow, local, root
systems | linux
advisories | CVE-2003-0758, CVE-2003-0759
SHA-256 | 230169f15f23404e9986d75dff6bf3eea592ff6e1d121c14056dd29c97fc181c
dbabble.txt
Posted Sep 18, 2003
Authored by Dr. Insane | Site members.lycos.co.uk

DBabble 2.5i suffers from cross site scripting issues that can lead to cookie hijacking.

tags | exploit, xss
SHA-256 | 9621a85331b7dc09b3f7e86de4a39a480e82852474c273f85f4ca1868cd200b6
KDE Security Advisory 2003-09-16.1
Posted Sep 18, 2003
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE version 3.1.3 and below has multiple vulnerabilities in KDM. KDM fails to check for successful completion of the pam_setcred() call which may leave a user with root access. It also has a weak cookie generation algorithm that allows easy brute forcing of session cookies.

tags | advisory, root, vulnerability
advisories | CVE-2003-0690, CVE-2003-0692
SHA-256 | ca89ac53ce316b9854b4014469a8a0552a04c991fbb2de9ae77549da65820b6f
sendmail.8.12.10.tar.gz
Posted Sep 18, 2003
Site sendmail.org

Sendmail is a very popular unix Mail Transfer Agent, a program that moves mail from one machine to another.

Changes: This version contains a fix for a critical security problem discovered by Michal Zalewski. Sendmail urges all users to upgrade to sendmail 8.12.10. Note: This is a different problem than earlier problems.
systems | unix
SHA-256 | 14ad00edc87c4e7b24884dc2db3bdcbff76d164f86e5794814e7b3d9019cba12
tinydown.asm
Posted Sep 18, 2003
Authored by Peter Winter-Smith

Generic Windows XP URL download and execute shellcode.

tags | shellcode
systems | windows
SHA-256 | a34c8afa73948e9a867355665d03c33149372aaa3f3bfd06d5782544de061ed0
MS03-039-linux.c
Posted Sep 18, 2003
Authored by Eyas, nulluid

Remote Windows exploit for the RPC DCOM long filename heap overflow discovered by NSFOCUS. Upon success, the target will have a user added as the letter e with a password of asd#321.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 1aecaf0cce333af298b5df7d6880ca92c9442ee27738f94ed70f45095f52b0a2
Page 3 of 7
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close