Arpmitm.c is another tool for using arp man-in-the-middle attacks which keeps sending the packets. Requires Libnet 1.00.
a19ed2757a2e4c0b49f24c7b64aee902e263d54e73f80c0eec793933f61e7856l0phtl0phe.c - antisniff exploit (1.02 included). l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks.
936d433c03025bd9a3d606c0f3d43a479b07e715b0201d0e5f316e3adcac8c05Windows Security Digest - May 17, 2000. In this issue: Backpedaling towards security, SECURITY RISKS: Emurl 2.0 exposes Users' Mailboxes, Office 2000 UA Control Scripting, NTMail 5.x Contains an Open Proxy, IIS Denial of Service and Code Exposure, IIS Denial of Service. SECURITY ROUNDUP: Feature:NTFS Access Control Security Enhancements, HowTo: Encrypting Files for Added Security. NEW AND IMPROVED: Message Attachment Scrubbing and Virus Protection, Increase Network Security in Small and Midsized Businesses. SECURITY TOOLKIT: Book Highlight- Cyberwars: Espionage on the Internet, Tip: Detecting Email Worms in Outlook.
0490e918e02438b399b4b0df5d700c3bd9189fbfb1337b1bcec380fd43dba94cFreeBSD Security Advisory SA-00:18 - The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster.
f2d4875ee2a6597cc2a94c6118a4d88b60ed4746d0f0b055496f531d15e77b46FreeBSD Security Advisory SA-00:08 - lynx revised. Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities. A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. The Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx. As of lynx-2.8.3pre.5, we consider it safe enough to use again.
2a92410e2c400253c2509ab21b18153feab913a2c915ded15e727eccdab16a13SuSE 6.3 and 6.4 Glomelib local root exploit. All gnome apps have an exploitable buffer overflow when getting the DISPLAY environment variable.
9fe0131a24c1749a6647ad05e7ca960d784f79dbeb652d98418ed7fb5e7813b7ADMDNews_v2 - WinNT/Win2K x86 exploit for NetWin (www.netwinsite.com) DNews server (v5.0f - v5.3e3) gupcgi.exe/dnewsweb.exe CGIs. This program exploits the buffer overflow condition in gupcgi.exe/dnewsweb.exe CGIs while processing the "cmd" parameter. Tested and confirmed under WinNT 4.0 SP5/SP6 & Win2K Beta 3 RC2 (build 2128).
a06f88d7f2ddcc83936b33dc931f7f8e3122cf05e01ce50bac5e4b98045a4016Sniffit 0.3.7beta Linux/x86 Remote Exploit. Tested on RedHat 5.2, 6.0, 6.2.
23c271cadbc52f8891f04dff58f2d091757e47858573b3d9b6ea26e75ffc4906Microsoft Security Bulletin (MS00-033) - Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities in Internet Explorer 4 and 5. The "Frame Domain Verification" vulnerability allows a malicious web site operator to read files on the computer of a visiting user. The "Unauthorized Cookie Access" vulnerability allows a malicious web site operator to access "cookies" belonging to a visiting user. The "Malformed Component Attribute" vulnerability which allows a malicious web site operator to run arbitrary code on the computer of a visiting user. Microsoft FAQ on this issue available here.
05b71ced167d1c779f3c854da8924dacc1bb5a17e4682cda75e9ddf2feab1b82CERT Advisory CA-2000-06 - Multiple Buffer Overflows in MIT Kerberos Authenticated Services. Several buffer overflow vulnerabilities exist in the Kerberos authentication software version 4, including implementations included for backwards compatibility in Kerberos 5 implementations. The most severe vulnerability allows remote intruders to gain root privileges on systems running services using Kerberos authentication. If vulnerable services are enabled on the Key Distribution Center (KDC) system, the entire Kerberos domain may be compromised. All known Kerberos 4 implementations derived from MIT sources are believed to be vulnerable. krshd has a remote root vulnerability and v4rcp and ksu have local vulnerabilities. MIT Kerberos team advisory here.
34bf1975d8471e284aeeac511729987b56648498c8905a7bb14b4b07f08285f1dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.
4411ee32799cac95096d37b654d30296e78e4da6da85a4406e3b21247fdcddda
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed