what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2001-01-13

arpexp.c
Posted Jan 13, 2001
Authored by Sor Pablo Sebastian, Dave Ahmed | Site securityfocus.com

Solaris /usr/sbin/arp local root stack overflow exploit.

tags | exploit, overflow, local, root
systems | solaris
SHA-256 | b37113d4b5f35ea2807811dceb90d932c062e88b41f082fffecbf6522cc7344a
ms01-001
Posted Jan 13, 2001

Microsoft Security Bulletin (MS01-001) - The Web Extender Client (WEC), a component that ships as part of Office 2000, Windows 2000, and Windows Me, does not respect the IE Security settings regarding when NTLM authentication will be performed - instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's web site - either by browsing to the site or by opening an HTML mail that initiated a session with it - an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute force attack, or with specialized tools, could submit a variant of these credentials in an attempt to protected resources. Microsoft FAQ on this issue available here.

tags | web
systems | windows
SHA-256 | 2879fb12eaf812aa96d02092ee3c430b3a4aa6204edaf13c2cc855f7b7b354c6
SUN MICROSYSTEMS SECURITY BULLETIN: #00200
Posted Jan 13, 2001
Site sunsolve.sun.com

Patch advisory for Sun Microsystems. Please read for details.

tags | overflow, local, root
systems | solaris
SHA-256 | ca226858f47414813867a5df9802d7a90f90d91e94f14f30eb774bcd505f6175
proftpDoS.java
Posted Jan 13, 2001
Authored by Jet Li

ProFTPd remote dos attack - Exploits multiple USER ftp commands to consume all available memory. Does not require an account. Written in java. Tested against ProFTPd 1.2.0rc1 and rc2.

tags | java, remote, denial of service
SHA-256 | 1009450358c2059ee3d23a6f12fb7f622aed0047e1b3cc25606fc2efb9a087f9
ethereal-0.8.15.tar.gz
Posted Jan 13, 2001
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.

Changes: Ethereal 0.8.15 has one of the biggest GUI changes in recent history; display filters can now be constructed via an easy-to-use point-and-click interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25 over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC, Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation Layer. Many other dissectors and core features were improved, and bugs were squashed. The wiretap library can now read Sniffer Frame Relay files.
tags | tool, sniffer, protocol
systems | unix
SHA-256 | 68e2bd7b96d5fe4f9afc760d7d7c9787215c430c2cb2ff9f469a2cbe2a5e525b
RHSA-2001:001-05.glibc
Posted Jan 13, 2001
Site redhat.com

Red Hat Security Advisory RHSA-2001:001-05 - A couple of bugs in GNU C library 2.2 allow unprivileged user to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. This allows users to create or overwrite a file he did not have permissions to.

systems | linux, redhat
SHA-256 | f093940dbad2e26f43305ea5252e4af144e7fdcd7673d8c14438879648f383ea
telnetfp_0.1.2.tar.gz
Posted Jan 13, 2001
Authored by teso, Palmers | Site team-teso.net

Telnetfp is an OS detection tool which uses do / dont requests via telnet to determine remote OS type. Contains 72 OS fingerprints.

Changes: More fingerprints, bugfixes, interactive mode.
tags | remote
SHA-256 | ae48c9908a16c1891aecf361d8d8926967db8faac2b155964f6fb83ddb47c8d7
accp.exe
Posted Jan 13, 2001
Authored by Haris Bjelak

Accp.exe recovers lost passwords on MS Access 97 mdb files. Ported from Java.

tags | java
SHA-256 | 1089cee0ab4745d52ee9307f5442af1e37c0ae6953568b5791596ed04a4265f3
pudding01.tar.gz
Posted Jan 13, 2001
Authored by Roelof Temmingh | Site sensepost.com

Pudding is a proxy which recodes HTTP requests using most of RFP's IDS evasion encoding methods, plus random UTF-8 encoding support. Allows any web aware program/exploit/cgi-scanner to evade IDS without modification of the original code. Encoding methods include all uppercase, hex encoding, /./ directory insertion, fake parameters, premature URL endings, windows delimiters, and random UTF8 encoding.

tags | web, cgi
systems | windows, unix
SHA-256 | c8a75f47892cf9971dfce9a19962ee940b44b6217ab7982e7299601b07617e91
enabler.c
Posted Jan 13, 2001
Authored by Norby | Site avatarcorp.org

Enabler.c attempts to find the enable password on a cisco system via brute force. Tested on Cisco 2600's and 12008's and has support for login-pass as well as login-only devices.

systems | cisco
SHA-256 | 6c9df24566f021f2620f2e21a1865e88c3f4961ebb5920182e11f1f413bbba6a
CA-2001.interbase
Posted Jan 13, 2001
Site cert.org

CERT Advisory CA-2001-01 - Interbase is an open source database package that had previously been distributed in a closed source fashion by Borland/Inprise. Both the open and closed source versions of the Interbase server contain a compiled-in back door account with a known password which allows any local or remote user able to access port 3050/tcp [gds_db] to manipulate any database object and run arbitrary code on the system.

tags | remote, arbitrary, local, tcp
SHA-256 | 5297ff0a53b5eba8336466e8f9e3e1e95fe113d05804f9acb97fa56acbf32e90
whois.pl
Posted Jan 13, 2001
Authored by Marco van Berkum

Whois.pl is a remote exploit for Fastgraf's whois.cgi perl script.

tags | exploit, remote, cgi, perl
SHA-256 | 805a20d41225bbbbdd659b9161bb4d4a47c0dad781d97b2378c5e7f8c4611a81
analisis-remoto-de-sistemas.txt
Posted Jan 13, 2001
Authored by Honoriak

Port Scanning and OS Fingerprinting - In Spanish.

tags | paper, protocol
SHA-256 | d29a0debb8f1e6c0c65c683ae42886381e2e396da3357cddb29a156f530e67d8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close