Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
33650e388b7b5ef0b8d41568240f4214402ca68677a5486e7254f8a6fac52176
FTP server spider, written in perl. Scans a ftp server to get the entire directory structure, detect anonymous access and writable directories, and look for user specified data. Not tested against Windows ftpd.
78f5bc8f3404b5374217fb0b045274c6f8f7013f84aa1aaaeaa08a0ac46d9fd8
This forwards connections on any port you want to any host & port you like. Added the ability to select which device to listen on. Based on Laq's relay.3.
086dfbc690fc8acaf175d245b3348248fc74d730c4f0b737150ad04bf943a604
iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.
b770dc7b3597a8eddba091ed48f8c2ebe227fb5643add55bafe7f720d7437c26
Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.
54d472e1537f333c599a3d7c14b3c297aa87884e8449678168feafb1d6d5a268
SecureCRT v4.1 and below contains a remotely exploitable command execution vulnerability. Patch available here.
80795399469e1e338277c2f037190ee6918aae65b2a141bfe5ab27d0d50dbaf9
A remotely exploitable stack overflow has been found in Winamp version 5.05 and below which allows malformed m3u playlists to execute arbitrary code. Fix available here.
99d0d7a37a9704572d57022f0d3742f404776b272e3755e80703ceb58318934b
PhpBB v1.0.0 - 2.0.10 remote exploit which takes advantage of a bug in admin_cash.php. Opens a back door on a tcp port.
759e1b3c1fd320dbe0d222403ebfadaef07dc4d09e204984eb5cd514f21054bc
Local user input handling vulnerabilities exist in WCI's TC-IDE Embedded Linux prior to v1.54 which allow local users with access to the tools provided with the system to spawn a root console, gaining full control over the running Linux operating system. In corporate environments where this product is being used, such vulnerabilities could cause disastrous effects, all users are encouraged to update to the latest firmware ASAP.
46d3aa11e83ba80562e7262440809b13893d555f6f58bc2ca80b55ac4797533e
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
256cfa736b57ad57623917b4da7131b7ab1915c65a0a3f47a53ca2d186266ee0
Mailtraq Version 2.6.1.1677 remote exploit which allows SYSTEM level access while using the Mailtraq administration console. Requires a Mailtraq admin account.
9363a24390dc5f166823eede37366696be7abfad27c632dc5627567f22951267
Efuzz is an easy to use Win32 tcp/udp protocol fuzzer which finds unknown buffer overflows in local and remote services. Uses config files to define the range of malformed requests. Includes C source, released under GPL.
83c25ea1e5b3ca8eaa392c20d213c89de0afe7961f65d36d43a2f77976f63a9c
Prozilla-1.3.6 remote client side stack overflow exploit, tested against current Gentoo, slackware, Debian, and suse.
9357bc7d80ccdcff080e1d7069304e8f08c1c576c0e7e49b73ae85830397a0c4
Simple C tool and binutils patch with step by step description (HowTo_Reverse_engineering_Cisco_image.html) how to convert cisco image to MIPSIV file for reverse engineering. Allows you to dump and disassemble the text section, tested on a Cisco Catalyst 6509.
05e5bd5d08fdbbcc327796acbc9bf7c17d413e25120d2c77635999b856359d1f
Remote command execution exploit for phpBB 2.0.10 that makes use of a flaw in the viewtopic.php code.
aee65c849185b91d9b59593d7e00fe8fd6ad03efd250948a95761326bdf70a7d
Gentoo Linux Security Advisory GLSA 200411-29 - unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code.
00d28a18026243d507fbe200677f214b89fb74f4c7748c5f6654dddbe7e4b685
Microsoft Internet Explorer (including IE for Windows XP SP2) is reported vulnerable to a file download security warning bypass. This unpatched flaw may be exploited to download a malicious executable file masqueraded as a HTML file. Full exploitation given. Original posted on k-otik.
5cf54bfc3b98194b62e01d674a293f76a8b55e5d1942178a1fcfe020e729bc73
A subtle race condition in Linux kernels below 2.4.28 allow a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. This flaw could be used to gain elevated privileges.
d671cbd752252bb78a3d63491ad5f4be3c8c380bfeaa1eecfe09915f101df920
Corsaire Security Advisory - The aim of this document is to define a vulnerability in the Netopia Timbuktu 7.0.3 product for Mac OS X that suffers from a buffer overflow.
cbc907a49668c0fcf9a73b904dee166db917a6d624962997421a44440286d2ae
Corsaire Security Advisory - The aim of this document is to clearly define several vulnerabilities in the Danware NetOp Host product that suffers from multiple information disclosure issues.
42db080f94b4a9d2053f5f711e043ba751541dcd77b4eb01d14059438cd13bce
Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.
1f4ec2410d1b05e6a1c8e4034bf16cf1d34b5675d0c35d73f31016c81d7cf149
Altiris Deployment Solution 5.6 SP1 (Hotfix E) suffers from a privilege escalation flaw that allows for SYSTEM level access. Step by step exploitation given.
2eeeb547e723092ea08f4321e09bdaa44b9d7db09a51e44e2d576c63d5afa53b
ZoneAlarm Security Suite and ZoneAlarm Pro have been updated to address a vulnerability in their ad-blocking functions.
6cdb000d655e7f0ca7361b33bdc652f24d545c5b63e5cd6664020f90d068fe59
A privilege escalation technique can be used to gain SYSTEM level access while using the Mailtraq administration console. Mailtraq Version 2.6.1.1677 is vulnerable.
754a99a37c23e5ce9586839e1dbef857f90469878efeac14f8dd013ad62fd9e5
SLMail 5.x POP3 remote PASS buffer overflow exploit that binds a shell to port 4444. Tested on Windows 2000 SP4.
e52e26d43fc8281cdd86366385864d1faabe76d496cbf284434a32a5b495a1f4