exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 67 RSS Feed

Files

sara-2.0.6.tar.gz
Posted Aug 17, 1999
Authored by Advanced Research Corporation

SARA v2.0.6 - The Security Auditor's Research Assistant (SARA) is a third generation security analysis tool that is based on the SATAN model, conforms to the Open Source model, is covered by the GNU open license, fosters a collaborative environment, and is updated on a weekly basis. The author of SAINT, Bob Todd, recently joined Advanced Research and has been working non-stop to evolve SATAN and the original SAINT concept to a community oriented product (i.e, SARA) which will be available to all. Advanced Research's philosophy relies heavily on software re-use. Rather than inventing a new module, SARA is adapted to interface to other community products. For instance, SARA interfaces with the popular NMAP package for superior "Operating System fingerprinting". Also, SARA provides a transparent interface to SAMBA for SMB security analysis. SARA's features include ( the [SARA] indicates that this is a new or improved feature when compared to SAINT or SATAN): Built-in report writer (by subnet or by database) [SARA], Built-in summary table generator [SARA], Gateway to external programs (e.g., NMAP) [SARA], CGI-BIN vulnerability testing (Unix and IIS) [SARA], SSH buffer overflow vulnerabilities [SARA], Current Sendmail vulnerabilities [SARA], IMAPD/POPD buffer overflow vulnerabilities [SARA], Current FTP and WU-FTP vulnerabilities [SARA], Tooltalk buffer overflow vulnerbilities [SARA], Netbus, Netbus-2, and Back Orifice vulnerabilities [SARA], Improved Operating System fingerprinting [SARA], Firewall-aware [SARA], Weekly updates [SARA], Probing for non-password accounts [SARA], NFS file systems exported to arbitrary hosts, NFS file systems exported to unprivileged programs, NFS file systems exported via the portmapper, NIS password file access from arbitrary hosts, REXD access from arbitrary hosts, X server access control disabled, Arbitrary files accessible via TFTP, Remote shell access from arbitrary hosts, Writable anonymous FTP home directory.

tags | tool, remote, overflow, arbitrary, shell, cgi, scanner, vulnerability
systems | unix
SHA-256 | f3d92f684d08884012e8aa42642d6a6080a19ca16a145a70859ba383ad09c44e

Related Files

CSE Bookstore 1.0 SQL Injection
Posted Dec 22, 2020
Authored by Musyoka Ian

CSE Bookstore version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Alper Basaran in October of 2020.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | fc951b6ccd26f9e3555d4b13f66f6d079b229758376a158cab4a785dac9e81ef
Water Billing System 1.0 SQL Injection
Posted Nov 16, 2020
Authored by Mehmet Kelepce

Water Billing System version 1.0 suffers from a remote SQL injection vulnerability. This version was already found to be susceptible to SQL injection by Sarang Tumne in November of 2020.

tags | exploit, remote, sql injection
SHA-256 | f0f6069ec9c64c3cfabb29159fe32ae5d1d26753c3377fb06573faee908f7854
Ubuntu Security Notice USN-4048-1
Posted Jul 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4048-1 - Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2018-15664
SHA-256 | d442e2d42a4ccabd0196829e77953cf1b6942fd9ca5ffd601e88f573aed4c19a
Ubuntu Security Notice USN-2113-1
Posted Feb 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2113-1 - Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing attack. Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp, spoof
systems | linux, ubuntu
advisories | CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7281, CVE-2014-1438, CVE-2014-1446, CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432
SHA-256 | b4b98d6e24984870cfe76d2ee9c3764dde0cfada14d2de91292681590d95ce1e
Ubuntu Security Notice USN-2113-1
Posted Feb 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2113-1 - Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing attack. Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp, spoof
systems | linux, ubuntu
advisories | CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7281, CVE-2014-1438, CVE-2014-1446, CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432
SHA-256 | b4b98d6e24984870cfe76d2ee9c3764dde0cfada14d2de91292681590d95ce1e
Ubuntu Security Notice USN-2117-1
Posted Feb 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2117-1 - Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing attack. Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp, spoof
systems | linux, ubuntu
advisories | CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7281, CVE-2014-1438, CVE-2014-1446, CVE-2013-4563, CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6382, CVE-2013-6432
SHA-256 | 988c359c9d2af2f86d73d91b71720fa19adc7f621c4b9b65867f1729c58bb05c
NetSarang Xlpd Printer Daemon 4 Denial Of Service
Posted Feb 3, 2012
Authored by Prabhu S Angadi | Site secpod.com

The NetSarang Xlpd printer daemon version 4 suffers from a remote denial of service vulnerability. Proof of concept exploit included.

tags | exploit, remote, denial of service, proof of concept
systems | linux
SHA-256 | d109d13e6fc0ff37cda9997cc4f9db745daa155a93a66134074d8bbe18a8c310
Security Auditor's Research Assistant (SARA) 7.9.2a
Posted Apr 10, 2011
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Assorted bugfixes and updates to detect newer potential security issues.
tags | tool, cgi, scanner
systems | linux, unix
SHA-256 | 4f6734be7ebcb6915b3be8941eceac5de5f8d76c53fb96a2efab212596f57290
E-Xoopport - Samsara 3.1 eCal Module Blind SQL Injection
Posted Sep 25, 2010
Authored by _mRkZ_ | Site warwolfz.org

E-Xoopport - Samsara versions 3.1 and below suffer from a remote blind SQL injection vulnerability in the eCal module.

tags | exploit, remote, sql injection
SHA-256 | 3b7d2189a6e56c41b3b96aa132d23e3cd51bf37717accd36d13e0e8514971b2e
E-Xoopport - Samsara 3.1 Blind SQL Injection
Posted Sep 15, 2010
Authored by Dante90, _mRkZ_ | Site warwolfz.org

E-Xoopport - Samsara versions 3.1 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5a161f64103a1904ad4980ffefa02e1b3c638e7dd94c6375785551c87317c3f2
Secunia Security Advisory 38613
Posted Feb 16, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - sarabande has discovered a vulnerability in Free Google Page Ranks, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 59218c71d79f4cdc8718f9a1ebd4b8a4f74b5a95e3be93f6cbd38ee4db54fd72
sara-7.8.1.tgz
Posted Aug 29, 2008
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Various changes and additions.
tags | tool, cgi, scanner
systems | unix
SHA-256 | cc994308e211e00f3605f8cf45a45ced5a82c28524f0a4062e2064e0e92d0177
sara-7.5.7.tgz
Posted Jul 10, 2008
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added option to stop domain password guessing for windows machines.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 95bf85f54b41a50308767171e078bf378360f1209faaa56ebca454574246b7d7
Secunia Security Advisory 30394
Posted May 27, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in SaraB, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | d6fd402ee72cca99fa358ec277dc40a6d7f3190fa79f20022d5b1d65e0b3ca15
sara-malware.tar.gz
Posted Feb 20, 2008
Authored by si0ux security

SARA Malware that exploits the vmsplice bug in the Linux kernel. Affects kernel versions 2.6.17 through 2.6.24.1. Successful exploitation allows the disabling of INPUT rules on the firewall, opens TCP port 1407 for execution of remote commands, and more.

tags | exploit, remote, kernel, tcp
systems | linux
advisories | CVE-2008-0600
SHA-256 | 13a1429b254b235cd35bb2ba6d42f62816ef074799e92cf199b306ba57d0309f
Zero Day Initiative Advisory 07-029
Posted May 17, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccount, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2007-2446
SHA-256 | 4e58ac3963f27cec1b2f15f211c2a7326c21eed90dd19a2e29069017e1fd6f91
sara-7.0.3.tgz
Posted Nov 2, 2006
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Various bug fixes.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 32b4dec44d7ac00e4544cc45eed115e9a99c7513e9e2bc2d0e1083373a2bb97a
SaralBlog-sql.txt
Posted Jan 25, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

SaralBlog 1.0 suffers from XSS and SQL injection due to lack of sanitized user input.

tags | exploit, sql injection
SHA-256 | 94535b50dc337b20cea374c540f4ec94c74b3cbd39b4ecb887439f27c6d6f48b
sara-5.4.0.tgz
Posted Jan 1, 2005
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added Oracle Application Server tests and Oracle version number testing, mitigated false positives in rdesktop, adjusted timing in config/sara.cf to handle slow SARA machines, added additional test for mssql buffer overflow tests.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 0b27b5243dfb473f0036462d1ea5598ca847a16cdc51a37c1fb73b3dff8831d4
sarad.txt
Posted Aug 24, 2004
Authored by Matthias Bethke

The sarad program used at the British National Corpus is susceptible to multiple buffer overflows. No authentication is required to perform the attack and they are network based.

tags | advisory, overflow
SHA-256 | 3b5dbe5c14fa19bf31747e7ab1ad0dfe738810272c2dbce61216a3114a9177e7
sara-4.1.3.tgz
Posted Dec 24, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added test for newdsn.exe, Microsoft IIS Executable File Parsing, Updated smb.sara to check for user enumeration, registry access, and guessable passwords, Updated to detect vulnerable mysql services, fixed bugs.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 8f025cf31750a12703c64a86eacd722bd5f5d51bb400edb7c5850782e15094d6
sara-4.1.2.tgz
Posted Nov 6, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Major changes were made to the XML report generator. The scheduler, tcpscan.sara, and sara.cf were updated for faster scans.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 5823b59b5d3cdd3e1c555a68b2f851b59fd2690e2cbfb708a35f7d6122cdbbad
sara-4.1.1.tgz
Posted Oct 4, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added test for '8-11' Windows backdoor, Updated XML interface, Updated CSV interface to include service and port, Tweaked tcpscan.sara for performance, Updated XML tag descriptions, Added MAC proxy interface, and supports new FBI/SANS Top 20 Consensus List.
tags | tool, cgi, scanner
systems | unix
SHA-256 | a661b9f271e0bf1ffb19d638027beb79af15e52c66aa40ddb44a06a329ede7c0
sara-4.0.1.tgz
Posted Sep 19, 2002
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Added XML format to ReportWriter, Updated to CVE Version 20020625, Added 'dig' support for dns checks, Updated smb.sara to handle new rpcclient arguments, Added test for backdoor based on bnc variant, Added test for binshell backdoor, Added test for OpenSSL vulnerabilities, Added test for OpenSSH vulnerabilities, Added tests for PHP vulnerabilities, Added test for Apache pre 2.0.39 (non Unix) exploit, Fixed configure to build rpcgen correctly, Fixed problem with tcpscan.sara, Fixed problem with MS Terminal tutorial, Fixed HTML error in tutorials (problem with MS Word conversion), and enhanced the correction facility in the ReportWriter.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 437ac39377017a6b8e21b0d7657972f364942993f9aa15419e8937d9d70a2204
sara-3.4.3.tar.gz
Posted May 17, 2001
Authored by Advanced Research Corporation | Site www-arc.com

Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.

Changes: Developed test for latest IIS Directory Traversal, Developed test for IIS password backdoor, Upgraded CIM test for latest exploits, Added test for bugzilla vulnerabilities, improved test for the IIS 5.0/Windows 2000 vulnerability, and fixed bugs.
tags | tool, cgi, scanner
systems | unix
SHA-256 | 1773ac5c19b2ece1d35851a543e2197c342aa77896350fe30acc84b7519bf4ec
Page 1 of 3
Back123Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close