Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
c969fbe1147bb7291ed820fc635285fe82c3cfa70824b6674dd7cdbb603094fd
AllMyGuests suffers from a PHP code injection vulnerability that allows a remote attacker to execute arbitrary commands on the server.
942969a79939e95cfeb0e66489b2a7bb67da8d59077abece9d3530faf4dd8620
AllMyLinks suffers from a PHP code injection vulnerability that allows a remote attacker to execute arbitrary commands on the server.
455fe13e78ca8b714120c34b21cfa370f26b8f7c2c0cfce088dba787c7fc699b
AllMyVisitors suffers from a PHP code injection vulnerability that allows a remote attacker to execute arbitrary commands on the server.
df8aa30a5295614238725f5082a8277bb929aac6924ee98fb15d32f55b2aeb85
ASP Portal suffers from multiple vulnerabilities that can lead to disclosure of authentication information, disclosure of user information, execution of arbitrary code remotely, modification of user information, and identity spoofing. Cookie hijacking exploit enclosed.
e8e1d8a121e11e0a9246f324ce6326b2f6d53ab92eace97fe8e0cd1214ba9a81
Remote denial of service exploit that causes a windows machine to reboot by manipulating the ASN.1 vulnerabilities mentioned here.
4b1303246713d534c4f2ba06e4601987ac52ec41c2f9c015ca77017cf870ed60
Sami FTP server version 1.1.3 has multiple vulnerabilities that can lead to a denial of service.
8e85094ba9a6a67593d7a265f163919d0f7792d81fbde5e9bbd4b87c19634b52
A cross site scripting vulnerability exists in VBulletin.
63600b0f7b537ceec34e8b8deb78e268a56b5b031bfc20a99ff94bc21caef919
mailmgr version 1.2.3 is vulnerable to symlink attacks. If the utility is run as root, any file on the system can be overwritten.
93ee7bc51fe3ac504ce9e5a8fdfd64f5776ac41c90200f5e29296b8b1bab4e7e
Crob FTP version 2.5.2 is vulnerable to a denial of service attack.
d203607240612684c7152609c705dc92cf03ee5e54cb90b79d49814973d234f4
A cross site scripting vulnerability exists in VBulletin.
fd66808e15a736a0b19ab79de528aa189d3c154e6d989518c950b793d4db25a6
aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.
d35abb58d182e2ac03ec120bfbe800992445c733034160f3f66e0705ad173573
iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.
969dc5cfdd69d231c477b299e5f6ef17b853eac7ca564fd483dcefed01c82792
DallasCon Information Security Conference and Network Security Boot Camp will be April 27 to May 2, 2004. The Call for Papers is now open.
a3f5e2b49b0e431fc0cc8642f2fa2d0f01f8b51695c625e8b037fda98fa6ae17
Various game engines and games developed by Ratbag is vulnerable to a denial of service attack. Full analysis given.
0b1089fe129f3c8ed14504b82bf9fa212d6479c35297ebd93aed59986e66802d
Monkey httpd versions 0.8.1 and below suffer from a denial of service vulnerability when subjected to specially crafted HTTP requests.
5c7729ef7ce7341a339b4a7ec35c0a80d1826a23abee971b151f18e4c15e4879
Jumper is a program for the search and analysis of hosts. It maps the network using the ARP protocol, and optionally can create an Nmap script. For example, it can tell you which IP addresses are free in your LAN segment or it can tell you which hosts are on your LAN.
da9f673c6a5447ac78e1765d5b1f5104ae05b4275d54e5c8b79d44a84b6f1f71
Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
4dafc8aeb12c53d9369ce922c96b1b8f0d286ad1d1ff1657aac4664ebd37034b
Local root exploit for the XFree86 font.alias vulnerability discussed in the advisory here. Tested on various versions of RedHat Linux.
ed1c569efa3e325a52a9440160ee982d9cf1d8e3c61594c37edad149d60c1e3a
BosDates lacks sufficient sanitization of user-supplied data. Inadvertantly, it allows a remote attacker to influence SQL query logic to disclose sensitive information that can be used to gain unauthorized access.
99f16a5fc0fa02d0ef6ab68973a1477d5cc41f825bce692666aeaceb13a1ba27
PHP code injection vulnerabilities in ezContents versions 2.0.2 and prior allow for a remote attacker to access arbitrary files and execute commands on the server.
f852d6bdd374bb2095a159b9896252b872a652c440495812ac704a127c25800a
CERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here.
d15efbcc2142bc5ef34ae1dde8178035fc9aac8c3983d2d7ee7acf880431603c
Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6
iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.
d3db7fd0322ed5a49202a2729ebb1ac91eed13e5e70c0f5df79d02d83e05906b
The Microsoft Base Analyzer fails to properly report vulnerabilities on its systems when machines have been patched but not rebooted for the patches to take affect.
5d7ef01936df0292fd8830d6bc1fa9f605adfe64a768a6a871f90eefcd147494