NSFOCUS Security Advisory SA2003-07 - The HP-UX Software Distributor utilities are susceptible to a buffer overflow vulnerability when reading in the LANG variable since they do not perform any bounds checking on its size. Due to this, local attackers could gain root privileges.
fa7084e4341d66e2414719a1aa4874b255b2255729d312209d47cbdb4f8997bdNSFOCUS Security Advisory SA2003-08 - Do to a lack of input validation on the NLSPATH variable, libc on HP-UX is susceptible to a format string vulnerability that will allow a local attacker to gain root privileges.
7763824063b03d4c3ebd80f0f6e25b25ad766c35105b7d94923ec0e3e6a15b2bFortigate firewall pre 2.50 maintenance release 4 allows a remote attacker to inject hostile code into an administrative interface. This vulnerability, used in conjunction with the fact that the username and MD5 hash of the user's password are stored in a cookie, allows a remote attacker to trick an administrator into giving up their credentials.
10520ea52ac2e94c5e4b69055bcaa957dce33e5e0594b94759fc3b4eefda58aaProof of concept local root exploit for iwconfig, which is not setuid by default.
3dbd8972e7b154e7c02eb7d11c3f0d3cc45103a8a209a3c7caa8f4999642cd99Microsoft Windows 95/98/98SE denial of service utility that makes use of malformed NETBIOS packets to lock-up and reboot the machine.
926d171c8c658d8861fb0067abda1bc605fcc9caf1e0a70a1986947d8c097432TerminatorX version 3.81 and below local root exploit. Makes use of vulnerabilities discussed in this related advisory.
353e26a854dbb90fd2e44d12f9a85d391324bccb56e027c9fdb3393227f42737TerminatorX version 3.81 and below local root exploit. Bruteforcing option included. Makes use of vulnerabilities discussed in this related advisory.
d2ae0f1ca62a0e762c3a10af9db9cf6b2ec2a061ba6c99cecdfaeadde1df7ea5Secure Network Operations Advisory SRT2003-11-11-1151 - Clam AntiVirus versions clamav-0.60 through clamav-0.60p are subject to format string attacks that allow a remote attacker to commit a denial of service and possibly perform remote command execution.
10ef4bf26c1ab47ad1a7b53bc21aae94a7fe570686b961eb6d52b4a3d73035faCERT Advisory CA-2003-28 - A specially crafted network message can trigger a buffer overflow in Microsoft's Workstation server. The vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in Workstation Service (WKSSVC.DLL). Various RPC functions will permit the passing of long strings to the vsprintf() routine that is used to create log entries. The vsprintf() routine contains no bounds checking for parameters thus creating a buffer overflow situation.
979392a63ca9d86583ec3f6402dafeb1c0ea7237bc2af925d5f46a51e7c89a47AWStats is a short for Advanced Web Statistics. It's a free tool that generates advanced web (but also ftp, syslog or mail) server access statistics graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files often and quickly. It can analyze log files from IIS (W3C log format), Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar and most of all web, proxy, wap servers (and even syslog, ftp servers or mail logs). Take a look at this comparison table for an idea on differences between most famous statistics tools.
b1621929b0eaa9d622b677bc9959f186743f5e08eef10e0530900b9d7e086adeLogrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It includes HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs. Supports 18 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Cisco Pix.
9703dd25cf439fd8dbdd26da06e3ded249c360cd6bf462095783f018edaf3e5eSquidefender is a Perl script which analyzes a squid log file in native format to detect attacks. This can be used to automatically adapt your firewall when an attack has occurred. The power of squidefender lies in its configuration options, which let you easily add new attacks to scan for. Another interesting option of squidefender is its ability to use different message templates based on the attack found.
7d0bc26b064b50bc2e533a8d73a11e5ecd2cc983f8d2e7eda2d3bc0473598f2cChkrootkit v0.42b locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
489cc91a933ccd03e3e4a99e724a6ab485abe41c239006f50b1bdd6f0cd9a16cDansGuardian is a web content filter which currently runs on Linux, FreeBSD, OpenBSD and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters. DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as Draconian or as un-obstructive as you want.
67f56406731c5dee5f7533417230223cde3bc8e35eda797eb71a583f42ae60afDarkstat is an ntop-workalike network statistics gatherer. Built to be faster and smaller than ntop, it uses libpcap to capture network traffic and serves up Web page reports of statistics such as data transferred by host, port, and protocol. It also has a cool bandwidth usage graph.
de84a7a9ef1f8abdc8eecd3faeb562fd4bf72f6fb605129fa1b1254a4f4573b0Mixmaster is an anonymous remailer which provides protection against traffic analysis and allow sending electronic mail anonymously or pseudonymously. It is every unix using citizens civic duty to run a remailer and help ward off the evil forces of censorship. It is a well known fact that running a remailer will make you automatically cool.
4249cfa9be9ea98857c216673ece95201444982a91a7aaa953aa98ca3326796dContest Windows binary of arcs.
5ee44ad0ae249826411eb70fae8ebd129dd9892e9c0eea2169267c0e5938b19bIMAP password brute force tool. Can go up to 500 passwords / second on a remote host with 1000 connections in parallel if you like. It's fast and efficient.
d6b4d292152253c3334afdd2a23e77394ed57ce9bd1ec0da568b01e3292c0d50Dotted IP to 32 bit long IP converter, for Windows. Binary only.
89a8d7da788908e91150aa3fa05cec7d1e82e1f25cf43b7425f9629b7b447f9cClass C address scanner and lookup tool.
650fccc07af37f2cde47425cb6b522fc8b6c56dbd7694de545b2e8b60ec9c797Mfp_travatudin.c locks the console until a password is entered.
068c16bfe68903696b3e1f9b1721cc288f7b2ca0a8eb4e75c25b840dcdc0e8f3Mfp_chksrc.c checks C source code for commonly insecure functions like gets, fgets, strcpy, strcat, setenv, getenv, scanf, sscanf, fscanf, sprintf, fprintf, snprintf, syslog, system, popen, vsprintf, and vsnprintf.
b11bc6cba21b894b2793849cea3b08c208c819a5d7cf1ea30677aa35c7bed1f4Dmitry (Deepmagic Information Gathering Tool) is a a UNIX/(GNU)Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. Gets netcraft information, whois lookup, tcp port scan, looks for subdomains, and grabs banners. Tested on *BSD and some Linux variations.
ec840c07c82826aa9cf8717d60d4b2c6b25ab34cd23e482f25b0e4ed26db50a6Webscan is a web site fuzzer that checks for remote vulnerabilities such as sql injection, cross site scripting, remote code execution, file disclosure, directory traversal, php includes, shell escapes, and insecure perl open() calls.
eafcdbf028f048e0942fbbf8b91c58bc7470b0555231101283ddfcebf8e7b45fTerminatorX v3.8.1 contains several local root vulnerabilities including stack overflows and format string bugs. Includes the vulnerable code and solutions.
6896039ce102a933e00fff841c4b978321a4a345c95c62d0bcf97ed8888e020f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed