Lodowep 1.2.1 is a tool for analyzing password strength of user accounts on a Lotus Domino webserver system by using dictionary attacks. Lodowep is multi-threading and supports both session- and basic-authentication. The binary version of this tool can be found here.
6727d64ad82e79f3764155a45794ca62eef0577e01799a0911c24cd18d66ff74Caldera security advisory CSSA-2002-041.0 - Versions of the pam_ldap module prior to 144 include a remote exploitable format string bug in the logging function. Caldera released fixed packages for OpenLinux 3.1.1 and 3.1 configurations.
c98cc4086624aa5d7ab9ed4caeeb7af1bae87e9ae7f7e2603f11c0243e0a66b1Caldera security advisory CSSA-2002-040.0 - The uudecode utility created output files without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files.
17b624f9cfffccb177e0b88e25c290f97b79a5ad62cb2697c7da6dbe12278fd9Gentoo Linux security advisory - The uudecode utility created output files without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files.
2e321043840954828eed6a4661750d95d6569c8b92f3c15243f6dd92bbc794a8Remote pf control daemon allows remote control and monitoring of OpenBSD packet filter. It communicates with clients using RPFC protocol running on top of SSL (Secure Socket Layer). The protocol is designed to be relatively forgiving and easy to use.
ba80d44427050977f437bdf51c2b91230416624ea757a1ffd13e9595e54426acmod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
d81ff092eb20a093798adc8dc23fcdddff2470ab896990c01eec1b764c5f3cd7Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
b59f8fce17ec94112c407edf3a795fca1fb1f4aa2672c4972cfd8158bdf6f65dPackit offers the ability to monitor, manipulate and inject IPv4 (and soon IPv6) traffic (TCP/UDP/ICMP) on and into your network. This can be valuable in testing firewalls, intrusion detection systems and in general TCP/IP auditing. At the comment Packit can be run using one of two modes. packet capture, and IPv4 packet injection. Packit is dependent on libnet 1.1.0+ and libpcap and has been tested with numerous FreeBSD and Linux kernels.
57e410b1fd791781549d092a78a7fd1fc671f061693de33995e9f45c9eb67c5dWS_FTP v3.13 and below is vulnerable to the classic FTP bounce attack as well as PASV connection hijacking. Examples and solutions included.
a32a5fa264703e56db66786e30814b463e79b578ff79f6776efc9d9d2e9399a2CERT Advisory CA-2002-29 - Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges.
ade1559565293ec2b2c9c928b2296eda39bf2a45e36ead198be63f16931f4850Oracle9iAS Web Cache Denial of Service exploit in perl, as described in Atstake advisory a102802-1.
b04f91f65d13ef5a37fc7fa56dcbc09b494c14e7d26b988206b52a9aaff32e39CUTs (cellphone unix terminal) is a procmail hack that allows you to use a normal cellphone's messaging capability as a Unix/Linux terminal from anywhere.
6b97954c1327229ea2592dd4975f3c2479382c79b144dbb644628ef26cc40328Solarhell is a remote root exploit shell script which abuses the Solaris /bin/login bug by using telnet. Solaris 2.6, 2.7 and 2.8 (7.0 and 8.0) is vulnerable. More information available here.
0bd999736b1b87d0e121e3d654eb28498297c1ba12b8a8a19116dde32cbdb820A denial of service vulnerability found in Alt-n MDaemon v6.0.7 can allow malicious users to remotely crash this application. This vulnerability, which may also affect earlier MDaemon versions, resides in the method used by MDaemon's POP3 service to process user input that is received with the DELE or UIDL commands.
07650faab656a8d91cb8ed724f20ad9523b77e5bbbc62b13e94dbfcd3b31d987Oracle Security Alert #43 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests to this service. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the application. This vulnerability was reported to Oracle by Atstake and will be fixed in the 9.0.4 release of Oracle9i Application Server.
a2419a5a6c66d45ec168e814a00a9c5905fb30f89c06ac4215603ae759ae590cAtstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.
a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
b594a5b81e0dc6ba56b67976f4da094cacb2f8ea6d40325f041d0c0d0c62e1d0Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
1d72affc7e06f7cbad96d2f3c0eab42e93abbff260cf5fbb62b13dfcbdf5468eABFrag claims to be a Linux Kernel ( here. Encrypted with burneye. Archive password is set to p4ssw0rd. Use at your own risk.
4a409ab08651f858cb482d323ece9e57db3d1416dd107332ff7696178e3dde98SunOS telnetd scanner.
1dbb725c314099d98625d296ac68c35e8427a16ec8767286cd464fa8abaac5fbRapid 7 Advisory R7-0008 - IBM Web Traffic Express Caching Proxy server is vulnerable to cross site scripting. The Caching Proxy server allows script code to be injected into pages using standard cross-site scripting techniques. A second, variant attack allows the HTTP headers to be manipulated.
2b24d3cf784653c24b81047d80228ae940e783257cf9ce49567fa86d564bdaebRapid 7 Advisory R7-0007 - The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.
d5444f4faa351e594a4559c2bf2fb5cf0491766c5ae89f6adfc2ce7c94802ffeiDEFENSE Security Advisory 10.15.02 - RadioBird Software's WebServer 4 Everyone v1.27 and below contains denial of service and directory traversal vulnerabilities allowing any file on the system to be downloaded. Fix available here.
ee7ce09231d4ce9d177866165f5d433f9b62ebfe59e76ea0613c5ecc5fd837e8Solarwinds TFTP server v5.0.55 and below remote denial of service exploit in perl.
165893e2a72b6c7b01bf0b5e59020ebd0ef42cf6184037b8c607536b68ae7f46Opticon Users 2002 is a simple tool to show administrators who is logged onto the network and from what workstation that user is accessing the network from. Information about the workstation used to logon from, the domain, the logon server, and the date/time of logon is also displayed. This tool makes it easy to spot unauthorized logons from a certain workstation or logons using an administrative account.
7363cf87bc3f361f4ba537b96a7a2040148781aaca2bceecd4a21b540aab2c6b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed