Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
b85a3569521d487f348eec697b602b0b49d6e5d08aedb81a6a7d19cc0a5c6b98The Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.
0ef878b8880cfbb42ed45bacdfc32fa99f275624901e1d58461985859e733d1fRemote denial of service exploit for MyServer 0.5. Malicious payload crashes the server giving a runtime error. Tested on Windows XP Pro SP1 and Windows 2000 SP3.
e035fca3aada6de19f50360c4b2ef07a3ea8445d6717a098382a678b587a876cSecure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
06a0532b6f5bf502d7995e8c3aae01db81045cd634c514dc2d89f1ab19d59781Superkit is an extremely user-friendly rootkit that hides files, processes, and connections. It provides a password protected remote access connect-back shell initiated by a spoofed packet. It is loaded via /dev/kmem, without support for loadable modules required, and cannot be detected by checking the syscall table, because it redirects the kernel entry point to a private copy of the syscall table. A couple of backdoors are included.
037050dd308f5665105f3ca4347b34ad15c25ee30bd808a2ca9a072a862ad100Corsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
54bdecc65f1cc150934bc3dc63cf2ef28eea6cf37d5cea1c26b8bb166ac96381Corsaire Security Advisory - The PeopleSoft IScript interface accepts a number of arguments via HTTP POST/GET calls. Using a carefully constructed URL, Java code can be executed in a users context.
49c7d7dac2df8685c1ffa08b0ea2b20a702114b5f2b917806113e242380c3f43Corsaire Security Advisory - The PeopleSoft Gateway Administration utility has a servlet that discloses its full path to the configuration files on the server when improper values are passed to it.
08f4265e6b6df73f2a516dc2004f39b7a6a8b4a9721fbac7e78d54b11bea003aLocal exploit for the ListBox/ComboBox vulnerabilities in Win32 platforms. Included is an example of a vulnerable program. Related advisory is available here. Tested on Microsoft Windows XP.
f61c932efba689ebf07ce59c123ce316c2c38a7c038c03fa8755f5576f9aa8e1Remote exploit for the Microsoft Windows Workstation server (WKSSVC) buffer overflow.
bc065ceb1c69049d9ee97b3557d5d4ebae7248616f8a39390fa5de28e7bc3d5eMicrosoft Security Bulletin MS03-051 - This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter.
a64a5bca634bcd946c38df1abd14ced1ff623dc64459d7b7e57a6a36c3f219f5Microsoft Security Bulletin MS03-050 - A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. Another security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.
2e65329c134cc1472436bf1dfa5a13a48429afbcc0aa286c1a69fd0eec83e2c5Microsoft Security Bulletin MS03-049 - A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
2ebf3e9a6635c0389c71cb5892f6c16f50e7ee7d9b2ac16950fd17ef4028aea8Microsoft Security Bulletin MS03-048 - A cumulative update patch has been released for Internet Explorer that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following five newly-discovered vulnerabilities.
dfc29d27adae94c6b106aaaf9545a35d4b5a7adc9870d2ce88bb70b85d0bef8cProof of concept local root exploit for iwconfig that is normally not setuid by default. Tested on RedHat Linux 9.0.
900adc73f0a4fc2b4182803bfcc16f80cd94ca002ee0ac21aa6db656ba58a29fNSFOCUS Security Advisory SA2003-07 - The HP-UX Software Distributor utilities are susceptible to a buffer overflow vulnerability when reading in the LANG variable since they do not perform any bounds checking on its size. Due to this, local attackers could gain root privileges.
fa7084e4341d66e2414719a1aa4874b255b2255729d312209d47cbdb4f8997bdNSFOCUS Security Advisory SA2003-08 - Do to a lack of input validation on the NLSPATH variable, libc on HP-UX is susceptible to a format string vulnerability that will allow a local attacker to gain root privileges.
7763824063b03d4c3ebd80f0f6e25b25ad766c35105b7d94923ec0e3e6a15b2bFortigate firewall pre 2.50 maintenance release 4 allows a remote attacker to inject hostile code into an administrative interface. This vulnerability, used in conjunction with the fact that the username and MD5 hash of the user's password are stored in a cookie, allows a remote attacker to trick an administrator into giving up their credentials.
10520ea52ac2e94c5e4b69055bcaa957dce33e5e0594b94759fc3b4eefda58aaProof of concept local root exploit for iwconfig, which is not setuid by default.
3dbd8972e7b154e7c02eb7d11c3f0d3cc45103a8a209a3c7caa8f4999642cd99Microsoft Windows 95/98/98SE denial of service utility that makes use of malformed NETBIOS packets to lock-up and reboot the machine.
926d171c8c658d8861fb0067abda1bc605fcc9caf1e0a70a1986947d8c097432TerminatorX version 3.81 and below local root exploit. Makes use of vulnerabilities discussed in this related advisory.
353e26a854dbb90fd2e44d12f9a85d391324bccb56e027c9fdb3393227f42737TerminatorX version 3.81 and below local root exploit. Bruteforcing option included. Makes use of vulnerabilities discussed in this related advisory.
d2ae0f1ca62a0e762c3a10af9db9cf6b2ec2a061ba6c99cecdfaeadde1df7ea5Secure Network Operations Advisory SRT2003-11-11-1151 - Clam AntiVirus versions clamav-0.60 through clamav-0.60p are subject to format string attacks that allow a remote attacker to commit a denial of service and possibly perform remote command execution.
10ef4bf26c1ab47ad1a7b53bc21aae94a7fe570686b961eb6d52b4a3d73035faCERT Advisory CA-2003-28 - A specially crafted network message can trigger a buffer overflow in Microsoft's Workstation server. The vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in Workstation Service (WKSSVC.DLL). Various RPC functions will permit the passing of long strings to the vsprintf() routine that is used to create log entries. The vsprintf() routine contains no bounds checking for parameters thus creating a buffer overflow situation.
979392a63ca9d86583ec3f6402dafeb1c0ea7237bc2af925d5f46a51e7c89a47
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed