Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125b
Frontpage Server Extensions remote exploit which creates a shell on tcp port 9999 and uses the bug described in ms03-051. Tested on Windows 2000 Professional SP3 English version, fp30reg.dll ver 4.0.2.5526. Bug discovered by Brett Moore.
0525c03ba09b7ba2b7fdb64cf62b8da14bba89c6449b6742c2eab4d12dda2e59
XOR-analyze is a program for cryptanalysis one of the most easily-breakable and commonly used ciphers. Works with variable key length and includes an encryption/decryption program.
5f66b0f11fd284335780781aa0b18abef4d03fae7808d5e99053ee5f05d41ce9
Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to, or to ping an ethernet address directly. Tested on Linux, {Free,Net,Open}BSD, MacOS X, and Solaris.
0e5dbf5e869c1139029b8bddb195e1f07112372d3fc6a8cd531dd8f298bfd15a
A paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one.
7056e8965c4297f056c153ba29228321fc8f6bd82ccc8e41c57e87670cd5daad
Local root exploit for terminatorX version 3.81 and below that makes use of LADSPA_PATH environment variable vulnerability.
4f35813134f00f905885cf87adaabd4c29fb3fb47e5d26036019542fc4d90a1a
0verkill version 0.16 local proof of concept exploit that makes use of a stack overflow when reading in the HOME environment variable.
d9ffab67b02140a647fe3c11ab803aecd99d5a2a8a0012207686042adbb302e3
UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Tested on Debian 3.0.
4cb6fde86f0cb3e02c0caaad2773c007f7043f6b1029f4337860c1836f828169
UnAce version 2.20 local proof of concept exploit. Original vulnerability discovery made by MegaHz. Bruteforcing option included.
d191042bbe5c634e4f3a8ef7041d81538d5210cf278f7e65753a216a082b7361
Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here.
94ea12a634a074b51cb882c92f07466864fecdcb97c1c35652f1946575389bb0
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
b85a3569521d487f348eec697b602b0b49d6e5d08aedb81a6a7d19cc0a5c6b98
The Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.
0ef878b8880cfbb42ed45bacdfc32fa99f275624901e1d58461985859e733d1f
Remote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.
e035fca3aada6de19f50360c4b2ef07a3ea8445d6717a098382a678b587a876c
Secure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781
Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
037050dd308f5665105f3ca4347b34ad15c25ee30bd808a2ca9a072a862ad100
Corsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
54bdecc65f1cc150934bc3dc63cf2ef28eea6cf37d5cea1c26b8bb166ac96381
Corsaire Security Advisory - The PeopleSoft IScript interface accepts a number of arguments via HTTP POST/GET calls. Using a carefully constructed URL, Java code can be executed in a users context.
49c7d7dac2df8685c1ffa08b0ea2b20a702114b5f2b917806113e242380c3f43
Corsaire Security Advisory - The PeopleSoft Gateway Administration utility has a servlet that discloses its full path to the configuration files on the server when improper values are passed to it.
08f4265e6b6df73f2a516dc2004f39b7a6a8b4a9721fbac7e78d54b11bea003a
Local exploit for the ListBox/ComboBox vulnerabilities in Win32 platforms. Included is an example of a vulnerable program. Related advisory is available here. Tested on Microsoft Windows XP.
f61c932efba689ebf07ce59c123ce316c2c38a7c038c03fa8755f5576f9aa8e1
Remote exploit for the Microsoft Windows Workstation server (WKSSVC) buffer overflow.
bc065ceb1c69049d9ee97b3557d5d4ebae7248616f8a39390fa5de28e7bc3d5e
Microsoft Security Bulletin MS03-051 - This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter.
a64a5bca634bcd946c38df1abd14ced1ff623dc64459d7b7e57a6a36c3f219f5
Microsoft Security Bulletin MS03-050 - A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. Another security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.
2e65329c134cc1472436bf1dfa5a13a48429afbcc0aa286c1a69fd0eec83e2c5
Microsoft Security Bulletin MS03-049 - A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
2ebf3e9a6635c0389c71cb5892f6c16f50e7ee7d9b2ac16950fd17ef4028aea8
Microsoft Security Bulletin MS03-048 - A cumulative update patch has been released for Internet Explorer that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following five newly-discovered vulnerabilities.
dfc29d27adae94c6b106aaaf9545a35d4b5a7adc9870d2ce88bb70b85d0bef8c
Proof of concept local root exploit for iwconfig that is normally not setuid by default. Tested on RedHat Linux 9.0.
900adc73f0a4fc2b4182803bfcc16f80cd94ca002ee0ac21aa6db656ba58a29f