Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125bFrontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.
0525c03ba09b7ba2b7fdb64cf62b8da14bba89c6449b6742c2eab4d12dda2e59XOR-analyze is a program for cryptanalysis one of the most easily-breakable and commonly used ciphers. Works with variable key length and includes an encryption/decryption program.
5f66b0f11fd284335780781aa0b18abef4d03fae7808d5e99053ee5f05d41ce9Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to, or to ping an ethernet address directly. Tested on Linux, {Free,Net,Open}BSD, MacOS X, and Solaris.
0e5dbf5e869c1139029b8bddb195e1f07112372d3fc6a8cd531dd8f298bfd15aA paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one.
7056e8965c4297f056c153ba29228321fc8f6bd82ccc8e41c57e87670cd5daadLocal root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
4f35813134f00f905885cf87adaabd4c29fb3fb47e5d26036019542fc4d90a1a0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.
d9ffab67b02140a647fe3c11ab803aecd99d5a2a8a0012207686042adbb302e3UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.
4cb6fde86f0cb3e02c0caaad2773c007f7043f6b1029f4337860c1836f828169UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Bruteforcing option included.
d191042bbe5c634e4f3a8ef7041d81538d5210cf278f7e65753a216a082b7361Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here.
94ea12a634a074b51cb882c92f07466864fecdcb97c1c35652f1946575389bb0Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
b85a3569521d487f348eec697b602b0b49d6e5d08aedb81a6a7d19cc0a5c6b98The Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.
0ef878b8880cfbb42ed45bacdfc32fa99f275624901e1d58461985859e733d1fRemote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.
e035fca3aada6de19f50360c4b2ef07a3ea8445d6717a098382a678b587a876cSecure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
037050dd308f5665105f3ca4347b34ad15c25ee30bd808a2ca9a072a862ad100Corsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
54bdecc65f1cc150934bc3dc63cf2ef28eea6cf37d5cea1c26b8bb166ac96381Corsaire Security Advisory - The PeopleSoft IScript interface accepts a number of arguments via HTTP POST/GET calls. Using a carefully constructed URL, Java code can be executed in a users context.
49c7d7dac2df8685c1ffa08b0ea2b20a702114b5f2b917806113e242380c3f43Corsaire Security Advisory - The PeopleSoft Gateway Administration utility has a servlet that discloses its full path to the configuration files on the server when improper values are passed to it.
08f4265e6b6df73f2a516dc2004f39b7a6a8b4a9721fbac7e78d54b11bea003aLocal exploit for the ListBox/ComboBox vulnerabilities in Win32 platforms. Included is an example of a vulnerable program. Related advisory is available here. Tested on Microsoft Windows XP.
f61c932efba689ebf07ce59c123ce316c2c38a7c038c03fa8755f5576f9aa8e1Remote exploit for the Microsoft Windows Workstation server (WKSSVC) buffer overflow.
bc065ceb1c69049d9ee97b3557d5d4ebae7248616f8a39390fa5de28e7bc3d5eMicrosoft Security Bulletin MS03-051 - This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter.
a64a5bca634bcd946c38df1abd14ced1ff623dc64459d7b7e57a6a36c3f219f5Microsoft Security Bulletin MS03-050 - A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. Another security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.
2e65329c134cc1472436bf1dfa5a13a48429afbcc0aa286c1a69fd0eec83e2c5Microsoft Security Bulletin MS03-049 - A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
2ebf3e9a6635c0389c71cb5892f6c16f50e7ee7d9b2ac16950fd17ef4028aea8Microsoft Security Bulletin MS03-048 - A cumulative update patch has been released for Internet Explorer that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following five newly-discovered vulnerabilities.
dfc29d27adae94c6b106aaaf9545a35d4b5a7adc9870d2ce88bb70b85d0bef8cProof of concept local root exploit for iwconfig that is normally not setuid by default. Tested on RedHat Linux 9.0.
900adc73f0a4fc2b4182803bfcc16f80cd94ca002ee0ac21aa6db656ba58a29f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed