Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.
8386fe49e309794b7189962fc049c48f76491712ae797906588405f871f5b1dc
List of targets for the x2 remote crc32 ssh exploit which contains 319 entries.
9657a708d6b0f73e8ee7e26e1ad5e729c8dfca6130b42cb449d4617cefeddd76
Efstool local root exploit for linux/x86 in C.
206195523043f6b384519ce939b2bf375c728b46e03b79ab11f2681c9fcb2a5c
Efstool local root exploit for linux/x86 in perl.
0c20993f175a32aca30aedfa32968fd459cca1b2388fea27e1bb2440ec83fb14
Autolinuxconf.tgz is an improved exploit for linuxconf <= 1.28r3 which has been found to work on Mandrake 8.1 and 8.2 and Redhat 7.2 and 7.3.
3d5644a86004378365d91810e8826011af33787751064d3f5d6d4b4957895086
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
cc25fccf7ed25fb375d00c621b6dfee54ded352cf253b9b4d100b1279c27857a
AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network which has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an AIM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with AIM login names (handles). A basic Web frontend is included.
fd649823363757c82b5a0fff04c84f5b2c112b3e7b0a3c692e02409f8ec7bb8c
Floppyfw is a router and firewall on one floppy disk. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy.
fb2c25356c64581dcd34bf0330690d86d130e07dadca2567b0f7035adde7445a
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
2fa57b89ffa2eef96ee4b1b9421edd13132dc79a66c380fdf318c75b0f15be97
Woltlab Burning Board 2.0 RC 1 has a vulnerability that allows any user (even guests, depending on the configuration) to compromise every other account due to a variable containing unchecked user input in board.php, which can be used for a sql injection attack.
c4137ea31f5a97b9986a26c210deb1ab9aecbe8674896eed48684916a74e6911
GreyMagic Security Advisory GM#010-IE - Microsoft Internet Explorer 5.5 and above are vulnerable to an attacker who can execute scripts on any page that contains frame or iframe elements, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that an attacker can steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine. Note that any other application that uses Internet Explorer's engine is also affected.
536c623ed699440d80879e2d1a445648296439d9070e173e9d6be71b37dbd554
Foundstone Security Advisory FS-091002-SVWS - A buffer overflow exists in versions 3.1 and previous of Savant Web Server. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges. Sending a GET request containing a URL of approximately 291 characters or more causes Savant Web Server to crash. Exploitation is possible and proof of concept code has been authored to demonstrate this problem.
70f37fc074e30ee6045d809d83b646df568badcf9e022b3ef37bb31966b9d22c
Proof of concept local root exploit for _XKB_CHARSET on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
5f83eff08541bbc06fd66621a3a8dc5e3bab1aa1f8c417d7114d08e32493538c
Another version of the proof of concept local root exploit for su on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
9cbde5adc2c81de3403d966382aec854bb89b7bfedf67e4414df048b1072d855
Proof of concept local root exploit written in Perl for NLSPATH overflow on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
043ef35d7a52583cfb9a16cbe7375cfb16fa194e098a890b5062c1d0c158add4
Proof of concept local root exploit for dxterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
7641ec331e72b6fb06dc3453fc283a2e31df40eb6a293e3309e2973d2f2ec9ef
Proof of concept local root exploit for dtterm on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
5c56428a6139e61c99fa9f5db38817d0a4074cdaf381ec8b3ef44b14464d3989
Proof of concept local root exploit for dtprintinfo on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
2f36210e049f1209dde685ccd1b054b6d378f47845a4760100069c2300d62469
Proof of concept local root exploit for dtaction on the HP/Compaq Tru64 Operating System. HP/Compaq advisory and patches available Here.
0355e77beeade3d3d076c7f0a7af6bb069165b7af7d5d2bd65ee0a58f1ea3149
Strategic Reconnaissance Team Security Advisory - The Tru64 operating system produced by HP/Compaq contains multiple buffer overflows in multiple system libraries and binaries. Tru64 is now shipped with its non-exec stack implementation enabled by default. This measure is intended to mitigate the risk presented by buffer overflow conditions in setuid binaries - However, it has been proven to be ineffective in preventing an attacker gaining increased privileges through traditional avenues of exploitation.
dd37ab957d77b03acf3db538c0909187267cdbbe7b785d465d561374ea3cb0cb
Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
67fa04ee26e8153f5ebac2a4e8afbc94afbd217f0c2391f6d6bcc01b0c137578
MielieTool v.1.0 is an easy to use Perl based web application "fuzzer". It supports fuzzing of CGIs in forms and links and supports multiple sites. Requires HTTrack, Lynx, grep, find, and rm.
efe615a070bb52a86f4508d814701ed4d6a3c1ea75ca01531f7e8a5ad1cf4e47
Pjam2 is an effective UDP packet flooder for windows.
5971d4cc242e5751965f84ce45e4c3a35d3e01fea0016480e7fcde4fea94f5e6
fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays.
5290e8e6790626ca08c64a22a15bf3eaf5ff02cbf45a8623f2fd9c85f94d348f