Websense Enterprise versions 4.3.0 to 5.1 are susceptible a cross-site scripting attack where an end user may be tricked into running malicious code in their trusted zone.
6e69678fcb36ec02588ee2c42ee95597361b4f16a38bd7afc185b5f0ad3d4b42
I2S LAB Security Advisory - A malicious attacker can utilize any type of media against the SHELL32.DLL library to cause a massive denial of service. Microsoft Windows 2000 versions SP4 and below are affected. Full research and exploit provided. The next service pack released will have this fixed.
cda832a63a727038ccbcd93d3c2b509947c91a0f82ff179c79054ca5a7f486b9
Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.
f9441924d1d758b7d9e9169cafe1da43fefef7a64c59926ec655dab9173e8bdc
Remote exploit for the Microsoft Windows WKS vulnerability that allows a specially crafted network message the ability to trigger a buffer overflow.
edfa5bc92347e7ff14ee1bf67a915d2b6acf71612cf49daa393a0787dde9ba59
Yahoo Instant Messenger versions 5.6.0.1347 and below is susceptible to a buffer overflow attack in the YAUTO.DLL file when a long URL is passed to the Open(String Url) function.
5d7b42348c6d1f81129057e67e3bb4a60281eb97d1d5a6558791d635b6257c57
The pxboard executable in XBoard versions 4.2.6 and below creates and writes to a file with a predictable filename in the /tmp directory.
273fdbcba2883e7c9dd1149352709a9f8d46252e9ea39b799308b8eb63cb590d
eZphotoshare has multiple overflow vulnerabilities that allow remote code execution from a heap corruption in ntdll.dll and the ability to overwrite important saved values via vulnerable code in mfc42.dll.
b12e004365a61fc7f59fbe522739cc9cd0248db2cc93c71f0a27f7a07e9476f2
Gentoo Linux Security Announcement 200312-01 - On December 2nd, the rsync.gentoo.org server was compromised via a heap overflow in the rsync 2.56 server implementation.
db69bcc79065d6bee04297b0bb9b90c91db819197c09304db31a87f2671a117e
MIDAS NMS is a configurable web based network monitoring and network intrusion detection server. It uses a distributed client/server model that allows it to scale to very large networks, and features highly optimized Snort support that dramatically reduces the overhead of both the Snort Sensor and the alert data repository. Also supports Netsaint/Nagios plugins and Big Brother clients, allowing for easy migration.
2655edc70bf23696df70dc487fa99dd751550a133361135e178e2fad1208738d
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
a3e1a1d5602dd2f9f837660b57a86896f4889709be8bf1b4c2f7d3e0fbe59eb8
Oinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
d9d006ffdb368ee6a413eee32caca7b7ee7d284108b1ec37da8cf1b7fb9bd40c
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
65fc565468cd4afcaec56eb1f3db070cdc7bbcf950cb892eb3851ad5bc4f13a5
The Surfboard webserver v1.1.8 and below contains remote directory traversal and denial of service vulnerabilities. Exploit URLs and a patch included.
3dbbe78f6853a71fc44dfdf40f5fb21a8eec9d6276975bbbeb5bd302badc590f
Glibc heap protection patch for Glibc v2.3.2 - Uses the canary method to detect and block heap overflows. Note that this will not stop attacks against the GOT or PLT. An analysis of the performance and detection capabilities of this patch is available here.
3da8e273df467c4ae9bfa63a05dd6ebd62c4ac7a7647b01c8ced31d2479bda97
Linux kernel v2.4.22 and below do_brk() proof of concept exploit written in ASM which tests for the vulnerability, rebooting your system if it is found. Requires nasm greater than v0.98.36, tested with nasm 0.98.38.
3a1805e87c6665a847a70d41034ba9ce9bf3fd72bd1dea9674ecaa0b343b4333
Remote exploit for Eudora 6.0.1's (on Windows) LaunchProtect feature, which warns the user before running executable attachments. Unfortunately this only works in the attach folder; using spoofed attachments, executables stored elsewhere may run without warning.
b80328406863d0be504957a92ac97cabca2db4fc69884a48e398d8e55f0a64d3
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
11d4e84acd9ba0ff47bcce3af0d8ab452e0703a39f1785ddb9b55525f5549b95
Brian.c is a simple tool to effectively convert a switched network (or a part of it) into a shared network so that sniffing can take place. Allows ARP spoofing of any number of machines, includes an internal relay process for relaying packets to the correct destination, provides a gateway switch for spoofing routers, includes various timing options, and includes a DOS switch for spoofing without relaying. Includes everything to turn a switched network into a shared network so that sniffing can take place, in one easy to use tool. Based on ARP poisoning from Ettercap, but unlike Ettercap it works in many-to-many scenarios which are present in shared networks. Tested on Redhat 8, it compiles under Linux. Requires libnet and libpcap.
ed538861806c64275273f8ce041053bef2f1f835a3d1e708263acedbce08f0cf
Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.
43a76479ec2e92c678e1e79c86fa11a5609b490ba6e29b4d220c64300a875126
WNMSB-LAN is a Windows Messenger Service Bomber. Includes C++ source and a windows executable.
e40365e6959bbb96dece8f2fe67c334965524cfb7facc28f04554e17152d1f2b
Cisco Security Advisory 20031202 - Cisco Aironet Access Points (AP) running Cisco IOS software will send any static Wired Equivalent Privacy (WEP) key in the cleartext to the Simple Network Management Protocol (SNMP) server if the snmp-server enable traps wlan-wep command is enabled. Cisco Aironet 1100, 1200, and 1400 series are affected, but the command is disabled by default.
705c85418950584e704df182238699f65f51cad8b32f80e8a6784bbcd4f5c02c
F.c is a local root exploit for the the SuSEconfig.vmware symbolic link vulnerability. Tested on SuSE 8.2. More information available here.
910390576a341a3905d6fb899498dc660058263cd7ee85e87f7fbf811ff29096
Linux v2.4.x below v2.4.23 was found to contain a local root vulnerability when a multiple servers of the Debian project were compromised using a new kernel exploit. Due to an integer overflow in the do_brk() system call, it is possible for local users to gain root access. Users of kernel v2.4.22 and below should upgrade.
6b7bf49bb900c4191213c7198954faf0787e580c8572403926b9a31da91795b0
Arpscan sends out ARP requests to specified IP addresses and displays a list of the found hosts. Useful for scanning your local network's IP's for live hosts.
7f6480a8558e0d0bc6f97f3f55a3cf25c3ff5e39a29e2954957f453da42dfab2
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Includes support for cracking all common hashing algorithms including the MD5 hashes used by Cisco routers, Arp Poison Routing which enables sniffing on switched LANs, decoders for access databases, base64, and Cisco Type-7, a SiD-Scanner, the LSA Secrets Dumper, the Protected Storage Passwords Viewer, the NT Hash-Dumper (works with Syskey enabled), and much more. Also see the Cain & Abel FAQ.
e3c438dd1559d97c7e48fe1f412ef5099eabc008ebce3cb656affc77b289f67d