mod_rootme is a very cool module for the Apache 1.3 series that sets up a backdoor inside of Apache where a simple GET request will allow a remote administrator the ability to grab a root shell on the system without any logging.
4ad725b929e8714ed72b2aef702d7383e7f30973e4a777ae8a882ba784fcf58a
Debian Security Advisory DSA 522-1 - A format string vulnerability in super has been discovered that allows specified users to execute commands with root privileges. This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
78c7e1bf65152d505c10fbb236ca5fba4a3cc83b2737cffa0bc5add027d86b91
A vulnerability has been found in the Mobile Code filter in ZoneAlarm Pro where SSL content is not filtered. Tested against Windows XP Pro running ZoneAlarm Pro 5.0.590.015 and Internet Explorer version 6, with all patches.
9f550907ba57239e2e48c56db138dbfa750a3cb38f6d2cdd756fae1d650f0bba
A user can deny access to the web-based administration by establishing 30 connections to the web-based administration port (80) on the Microsoft MN-500 Wireless Router. Until the connections are closed, the router administrator cannot access the web-based administration.
9eb7fa9b0faacd20f011010c664c60362d59d51325c8fb8bda4a97e82a6c3447
A user can deny access to the web-based administration by establishing 1 connection to the web-based administration port (80) on a Linksys BEFSR41 Cable/DSL Router. Until the connection is closed, the router administrator cannot access the web-based administration. Note that the router automatically closes the TCP connection after about ten seconds of inactivity.
cc4d06d74473ac6a04901d1309b131325e16dbe2a571ed5f24f1a9fce4b531f9
A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.
77be9a97404a9717378c0f2ab65614511596841eee00cf9f40135e461979c75c
Users of Internet Scanner 7 from ISS can bypass license restrictions due to a key bypass flaw.
bb3871b4ccbc9d65dd1ff8985c5fc1269a333b4183fe4611dc028efc5f5a0b58
Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530
Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
55974cc18c7257c5e90e2f3887ac897970b45e11380ca3ee193ebdcf9304a993
It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.
834a3a0d683b2f180754f7d96f8cbc06c96db82fa7ecf2da5fe00ff2985869ab
eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.
6599862e14320181a6e068e3cea972c1e37c7c9c9660660f00865030c0c1566a
Debian Security Advisory DSA 521-1 - A format string vulnerability has been discovered in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process.
c97c96287dc17e80c241ce806844485d5301d9292c2078a15e158a669306eb14
Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
2dc461abd6fca9f0892cd556b8e002aed7647d73572150960e754c28c150de68
Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .
21103ace980bf29abaf0743ed5d8816533999653245d3642f709e758b76ba991
Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.
15a084aac71ca804bb1ff97e1ca230d473228271616ff4493d50b4b2a3d11cd4
sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-128-CBC + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. Only TCP/IP communication is supported. Source code and binaries are distributed under the GNU General Public License.
04e6578b1f96467b06d686fdee0cf09088505e20956429ebb44582e24d9303b0
dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a powerful sniffer which automatically detects and parses many protocols, only saving the interesting bits. filesnarf saves files sniffed from network file system traffic. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.
4a78a46ce5efe6f6ac271db49d1bf28238da3d4eb346603510f969291bf6df2c
Simple perl script that checks for duplicate files in a directory based upon md5 checksums.
ee148a4d01605255a7b2db70af1471e57ba67077a53f4d273ec105e5a31d01b7
SQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.
33ef7508838012b697f29ea87790514fe74b23e77d4da94f5351850384e86cad
A CIFS/SMB password scanner based on the jcifs implementation. The scanner and jcifs are both 100% pure Java, making it possible to run the scanner on a few different platforms. Both the Java source and binary distributions are included.
d7ddc0a81891ee38242dfbcfd94e1c5afa8a97bf82ec803ca9d964710a6963bb
Pivot 1.10 Soundwave is susceptible to a remote file inclusion and execution vulnerability that enables a remote attacker to execute anything they want in the context of the user id running the web server.
bc31d33c1db4f1dcd9a4ae2f956fc02dbd2c9d2de27d2c22695f954c79bf9233
A vulnerability exists in various versions of Weblogic Server and Weblogic Express when a client logs in multiple times as different users using RMI (Remote Method Invocation) over IIOP (Internet Inter-ORB Protocol). This may reportedly result in an RMI method being executed under the wrong identity. Affected versions: WebLogic Server and WebLogic Express 8.1, on all platforms, WebLogic Server and WebLogic Express 7.0, on all platforms, and WebLogic Server and WebLogic Express 6.1, on all platforms.
7c596d91f9fead17e5b14f54e34f7f6c2e74de76810cffc996835d9e9049a456
Sygate Personal Firewall Pro version 5.x is susceptible to a denial of service attack by being crashed via unprivileged applications sending specially crafted messages to the ListView control in the GUI.
c4b523beea4596ecf960bcae931886280975333d872f47098e91d7d4f0b32445
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
feb8c2423354851a76c204ffad717cdddb2cfba59ef6138cc50471f7e0831640
FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
8f37fdeeb5e5b3e104f50171d564315d0f1b6adb60a563fcc9082647e6839841