CERT Advisory CA-2002-03 - Multiple vulnerabilities have been discovered in various Simple Network Management Protocol (SNMP) implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. It is urged that administrators turn off SNMP altogether if it is not currently necessary. Research and discovery made by the University of OULU.
89a7c63a1e39898658787058aa9492ce71bd791a973e34c9d9294c8fbb3cc5aeFTP-Bruteforcer is a quick perl program to brute force FTP accounts. You can switch off ping, it loggs each password even when the session is aborted, it creates automatically a log in your $HOME. It also has a status report on tty8, which shows you the user-pass combination the script checks.
0f489116e7201d5db4c9b1672b32b1e4fa17cf51d3575c563286e9e50c8dd1d8SilentLog is a keystroke logging tool that runs under several Windows 32 versions (it should also run under NT). The best of it's features is it's small size: only 7 KB compiled. (But it's NOT a DOS program, it uses 32Bit-Windows). The source code (FASM assembly syntax) is included. The executable also contains a DLL which it recreates when loaded. (So the real sizes are 3 KByte executable and 4 KByte for the DLL). The program logs all standard keys (the return key is also processed correctly). See Readme.txt included.
611302bf5d88d929ce00083fb98a64dc814d02f9a5e2f4864a056fed03cc6c87Morpheus request share files denial of service exploit.
91c20978fc47e509b6294dfef55aef106bca0c7b2e21ba8d86f9a9024fee5185LKH is a very powerful and documented kernel function hooking library running on Linux 2.4/x86 . The code has been explained and the API described in Phrack #58 : Linux x86 kernel function hooking emulation. It Supports functions with or without frame pointer, you can enable, disable the hook, access in rw mode the original function parameters, set as permanent or singleshot hijacking, and be discrete or aggressive.
16c7ed9d936ee524ab55a4a97c5e3ce75a22f7ef153579eaf81e0fc3edbec54bMicrosoft Security Advisory MS02-004 - The Windows 2000 telnet server contains an unchecked buffer which allows remote code execution. Interix 2.2 is also affected. Microsoft FAQ on this issue available here.
84cfd0d73087f0165d71800210a169f606ec422d5815d56325b8b67aa75c9d32Microsoft Security Advisory MS02-003 - A flaw in Microsoft Exchange 2000 allows remote users to remotely access configuration information on the server. Specifically, this flaw inappropriately gives the "Everyone" group privileges to the WinReg key. This key controls the ability of users and groups to remotely connect to the Registry. Microsoft FAQ on this issue available here.
f8bc960bb1e8f246f305d98706924b5d465d40858a6425ddddfb81e122f92f85Microsoft Security Advisory MS02-002 - Malformed Network Request can cause Office v. X for Mac to Fail. Office v. X contains a network-aware anti-piracy mechanism creates a denial of service vulnerability. An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data. An attacker could craft and send a special packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines. Microsoft FAQ on this issue available here.
3c1e389bcb9376114388761c54ab7b5eb1177fdfb8123d981f8dca88c3cd1426Proof of concept exploit for the buffer overflow vulnerability that exists in the nick handling code of mIRC. This exploit works with mIRC version 5.91 which is the latest version that is affected by this vulnerability.
957bf70f6116314b5806d74de9c7b2cd9e687d65688b24535d1ea8dcad75616dmIRC v5.91 and below has an exploitable bug which allows remote code execution. mIRC assumes the current nickname of the client as sent by the server is fewer than 100 characters long. mIRC stores the current and alternative nickname as a static array. Sending a nickname over 200 characters long allows overwriting of a key variable, the index to the current nickname. Fix available here.
7be119c91ef0d3642fc205b923d39056b40a51bb3e468568211d9c3586fdc091Appcap is an application for x86 Linux which allows root on a machine to attach and redirect standard input and output of any application to his actual tty. Appcap can help admins running a multiuser machine to snoop on users. It is especially very useful for tracing and monitoring ssh and telnet sessions.
cddc2516ea1f004646e84826e5bcfaa6f30d6b1b47320ef43edca41f1c33e5f8FreeBSD/Linux exploit for a buffer overflow in the snes9x Nintendo emulator. The linux shellcode works also on FreeBSD since snes9x runs on those systems with linux emulation.
db628cc64cef1685a7de38aff3d19885b177d6ead58e67ec5e2be496541d0bc2Linux x86 shellcode that does an execve of /bin/sh. This shellcode contains no slashes so it can bypass certain application filters and was originally written for a snes9x buffer overflow.
4ef2d0f1cd24777b5709b44238b964e296e95e992d81fd668b2dcd7eb70e8405Cw.c is a udp flooder which does not need root, based off udp-bitchslap.c.
fd4fa0ce23247466ed1ce79fba1ac0cba1ac50e5323529de536791507e4c9994
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed