The NTLM library contains utilities for authenticating against Microsoft servers that require NTLM authentication. The goal of this project is to make libntlm easier to build (by using autoconf, automake, and libtool) for use by other projects.
dba0ab4262c050fef21f2fb24e0335922b43cd8ccae95af4c90e68ca9671da4c
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
3dc4b955b70065771e974b98c7b53e6f460c6a30da6332150d093c20fd188d13
PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
ab1b8c5ba28302e661e78144048084216aa1c03f4449cd8288c22f1373684e3f
Packet Storm new exploits for September, 2004.
6487b533303aef310fb606cf4031233665038b0d3a39264f5bb3d1a10868e021
Serendipity 0.7-beta1 and below proof of concept SQL injection exploit that dumps the administrator's username and md5 password hash.
0921a8c65327c27213316b4ea2d5b801a1e0596f4384dfe6d3868e19d39cc355
Remote exploit for Zinf 2.2.1 on Win32 that downloads and executes a file.
e80d2409b6e269d59edd99db2b19a5529b757d7eb1f822c75d015ee3aba48dbb
Wordpress 1.2 is susceptible to multiple cross site scripting flaws.
29068ffced3cce344bf52a9db7a5441b03c4b66d8113e65e06d9dc3a72361bd2
A vulnerability in the Yahoo! Store shopping cart allowed a remote user the ability to effectively alter the price of merchandise being placed into their shopping cart.
f2e1a0d3cf0d91bfaaf5599d71edb2b9ea42b4e5b00cdc9318303d2fd50f1cdb
fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.
c681d25dce87be973e406ee80cb7b3097d0c2e03aca5aad2cb09d4cee152e17e
Hotspotter is a utility that passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.
575cd3fb0edc9d59df108628351b17282b025240555382eb2e1631f856179f28
KRIPP is a simple and light-weight network passwords sniffer written in Perl, which uses tcpdump to intercept traffic. Can sniff and display ICQ, FTP and POP3 passwords.
d9109f90c943f3dad9cc4dd96265f52164a54bcf21fa430a94d5e2f3db63ad40
PHP proof of concept exploit that makes use of an arbitrary file upload flaw in PHP versions below 4.3.9 and 5.0.2.
afff49337f58bcf7a3d4d154ad71cfde47193d319ff6dbeccf14fc280a7b754b
MyWebServer 1.0.3 is susceptible to a denial of service attack and allows for direct administrative access to ServerProperties.html.
c1a29d572b7d810f3077bd0cb43619391c7505092854f3b61550660dbd8568cb
SSHole 0.1 is a small program that can be useful for debugging SSL-encrypted protocols. It listens on a specified port for an incoming connection and as the handshake takes place, everything is reported to STDOUT. As feature in Software2.0 magazine.
ce8752ff4702a28b402276e87d615905b5769b57e5de46e6540f1809e8336ecd
The Alex PHP Guestbook suffers from a remote file inclusion vulnerability due to a lack of proper sanitization in it's chem_absolu variable.
99e65dfa933d26cdf99b4df674488af11261d0abf78dfdf6ac5930a973b023c4
Remote denial of service exploit that makes use of a memory allocation flaw in Chatman versions 1.5.1 RC1 and below.
cfaf60fa8cff9a5a747631a35a8687ea7a2434ead9a4965b316ba2d20bf6639d
Improper memory allocation in Chatman versions 1.5.1 RC1 and below leave it susceptible to a denial of service attack.
6cace12445dcff93c2b73587c5ab07e74fd98329b84515bd066931ce3e7d820a
iDEFENSE Security Advisory 09.27.04 - Local exploitation of an input validation vulnerability in the ctstrtcasd command included by default in multiple versions of AIX could allow for the corruption or creation of arbitrary files anywhere on the system.
fee3d29f21a547029e70177424770da665196dbf27df3efdd012aebd57841de4
Debian Security Advisory DSA 554-1 - When installing sasl-bin to use sasl in connection with sendmail, the sendmail configuration script uses fixed user/password information to initialize the sasl database. Any spammer with Debian systems knowledge could utilize such a sendmail installation to relay spam.
3434226d521f6542bdd262dca0bc0db12c1475f4f552dfe8420d26ff9b10e856
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6a3c05d3e268bbae535e27e35a87ce711939aac962010522ff86dc0648e29dbb
Secunia Security Advisory - A vulnerability has been reported in PHP-Fusion that can be exploited by malicious users to conduct script insertion attacks.
8dab39f558bde79f151463eea7a458be110021538fa468ed7adb6581e414a2cb
Cutter allows network administrators to close TCP/IP connections running over a Linux/IPtables firewall. It closes the connection in such a way as to lead both ends (client and server) to believe that it was aborted by the other.
8566d5bf88af2a628a3cb8616c27f14260b5456d6a66c865a820dc0fa549227c
Secunia Security Advisory - A weakness has been reported in Intellipeer Email Server, which can be exploited by malicious people to determine valid usernames.
6b1eed1a75a9bc5799bc53c05fdbe94b374c823f10ca42264b281dbb3c8dab1e
Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks Command View XP, which can be exploited by malicious, local users to bypass certain access restrictions.
fe024a7bbbdd385a5d0fda0102d2987bd903ea6330056b73a81447d9033feccc
Secunia Security Advisory - A vulnerability has been reported in Baal Smart Forms 3.x, which can be exploited by malicious people to bypass certain security restrictions.
6569047c8844836518894101b9b9ec8806d6ddc2eba884a67bcefba678f56b83