The NTLM library contains utilities for authenticating against Microsoft servers that require NTLM authentication. The goal of this project is to make libntlm easier to build (by using autoconf, automake, and libtool) for use by other projects.
dba0ab4262c050fef21f2fb24e0335922b43cd8ccae95af4c90e68ca9671da4cradmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
3dc4b955b70065771e974b98c7b53e6f460c6a30da6332150d093c20fd188d13PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
ab1b8c5ba28302e661e78144048084216aa1c03f4449cd8288c22f1373684e3fPacket Storm new exploits for September, 2004.
6487b533303aef310fb606cf4031233665038b0d3a39264f5bb3d1a10868e021Serendipity 0.7-beta1 and below proof of concept SQL injection exploit that dumps the administrator's username and md5 password hash.
0921a8c65327c27213316b4ea2d5b801a1e0596f4384dfe6d3868e19d39cc355Remote exploit for Zinf 2.2.1 on Win32 that downloads and executes a file.
e80d2409b6e269d59edd99db2b19a5529b757d7eb1f822c75d015ee3aba48dbbWordpress 1.2 is susceptible to multiple cross site scripting flaws.
29068ffced3cce344bf52a9db7a5441b03c4b66d8113e65e06d9dc3a72361bd2A vulnerability in the Yahoo! Store shopping cart allowed a remote user the ability to effectively alter the price of merchandise being placed into their shopping cart.
f2e1a0d3cf0d91bfaaf5599d71edb2b9ea42b4e5b00cdc9318303d2fd50f1cdbfwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.
c681d25dce87be973e406ee80cb7b3097d0c2e03aca5aad2cb09d4cee152e17eHotspotter is a utility that passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.
575cd3fb0edc9d59df108628351b17282b025240555382eb2e1631f856179f28KRIPP is a simple and light-weight network passwords sniffer written in Perl, which uses tcpdump to intercept traffic. Can sniff and display ICQ, FTP and POP3 passwords.
d9109f90c943f3dad9cc4dd96265f52164a54bcf21fa430a94d5e2f3db63ad40PHP proof of concept exploit that makes use of an arbitrary file upload flaw in PHP versions below 4.3.9 and 5.0.2.
afff49337f58bcf7a3d4d154ad71cfde47193d319ff6dbeccf14fc280a7b754bMyWebServer 1.0.3 is susceptible to a denial of service attack and allows for direct administrative access to ServerProperties.html.
c1a29d572b7d810f3077bd0cb43619391c7505092854f3b61550660dbd8568cbSSHole 0.1 is a small program that can be useful for debugging SSL-encrypted protocols. It listens on a specified port for an incoming connection and as the handshake takes place, everything is reported to STDOUT. As feature in Software2.0 magazine.
ce8752ff4702a28b402276e87d615905b5769b57e5de46e6540f1809e8336ecdThe Alex PHP Guestbook suffers from a remote file inclusion vulnerability due to a lack of proper sanitization in it's chem_absolu variable.
99e65dfa933d26cdf99b4df674488af11261d0abf78dfdf6ac5930a973b023c4Remote denial of service exploit that makes use of a memory allocation flaw in Chatman versions 1.5.1 RC1 and below.
cfaf60fa8cff9a5a747631a35a8687ea7a2434ead9a4965b316ba2d20bf6639dImproper memory allocation in Chatman versions 1.5.1 RC1 and below leave it susceptible to a denial of service attack.
6cace12445dcff93c2b73587c5ab07e74fd98329b84515bd066931ce3e7d820aiDEFENSE Security Advisory 09.27.04 - Local exploitation of an input validation vulnerability in the ctstrtcasd command included by default in multiple versions of AIX could allow for the corruption or creation of arbitrary files anywhere on the system.
fee3d29f21a547029e70177424770da665196dbf27df3efdd012aebd57841de4Debian Security Advisory DSA 554-1 - When installing sasl-bin to use sasl in connection with sendmail, the sendmail configuration script uses fixed user/password information to initialize the sasl database. Any spammer with Debian systems knowledge could utilize such a sendmail installation to relay spam.
3434226d521f6542bdd262dca0bc0db12c1475f4f552dfe8420d26ff9b10e856Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6a3c05d3e268bbae535e27e35a87ce711939aac962010522ff86dc0648e29dbbSecunia Security Advisory - A vulnerability has been reported in PHP-Fusion that can be exploited by malicious users to conduct script insertion attacks.
8dab39f558bde79f151463eea7a458be110021538fa468ed7adb6581e414a2cbCutter allows network administrators to close TCP/IP connections running over a Linux/IPtables firewall. It closes the connection in such a way as to lead both ends (client and server) to believe that it was aborted by the other.
8566d5bf88af2a628a3cb8616c27f14260b5456d6a66c865a820dc0fa549227cSecunia Security Advisory - A weakness has been reported in Intellipeer Email Server, which can be exploited by malicious people to determine valid usernames.
6b1eed1a75a9bc5799bc53c05fdbe94b374c823f10ca42264b281dbb3c8dab1eSecunia Security Advisory - A vulnerability has been reported in HP StorageWorks Command View XP, which can be exploited by malicious, local users to bypass certain access restrictions.
fe024a7bbbdd385a5d0fda0102d2987bd903ea6330056b73a81447d9033fecccSecunia Security Advisory - A vulnerability has been reported in Baal Smart Forms 3.x, which can be exploited by malicious people to bypass certain security restrictions.
6569047c8844836518894101b9b9ec8806d6ddc2eba884a67bcefba678f56b83
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed