Securax Security Advisory #8 - IIS 4.0 contains a denial of service vulnerability which is similar to the unicode vulnerability. This can be fixed by installing the recent unicode patches.
f877b8c806d53dfad30246acf6a74461dbb28f13b37fda783263068d9efcb449Linux-sniff v1.1 - Linux eth/tcp/ip sniffer. This tool logs printable data in the packet or it gives detailed info about the eth/tcp/ip packet headers.
aa0a5d092ab55cc36c876afc9d7012d7708f55364218a2cb3eb2ab92776c9b3ePoll It CGI v2.0 contains remote vulnerabilities which allow remote command execution and reading any file on the webserver. Fix available here.
fd9088695736bd46e4c9077587b083d3e9c5da61927f63fb6d161aa1e5963121IISHack 1.5 attempts to remotely exploit a local buffer overflow in the IIS 4.0 and 5.0 .asp file parsing mechanism using the unicode bug, resulting in remote system access.
afcef2c9b91202ec97d8ad74851f7050f034f962c38fb8bf8733f531b474694dA buffer overflow has been discovered in the IIS 4.0 and 5.0 .asp file parsing mechanism. When IIS reads a malformed .asp file, code can be executed to take control of the local server as system. This can be exploited remotely by combining with the unicode bug or by paying for a web hosting account.
55452aba2566040a0d3cd658472e5693c9fb1752803985a1aceccb5a5abe6090Ruleset-retrieve obtains the newest Snort IDS ruleset from www.snort.org or whitehats.com and inserts your ip address into the appropriate areas.
b8bb6e29cff60690998357271c7e4ebbd86123e027df695e6983acae1a84cd10ads_cat is a utility for writing to NTFS's Alternate File Streams, a sneaky way to hide data on a Windows NT system which makes it completely invisable to all users, administrators, and disk size commands. Includes ads_extract, ads_cp, and ads_rm, utilities to read, copy, and remove data from NTFS alternate file streams.
6b489c89a96dd11616d143d7453263ff9ff369ebec6878d0007b44ec9ccb5576Natas v3.00.01 beta is an advanced network packet capturing and analysis programm designed for Windows 2000 which works with the new winsock v2.2. Features the ability to filter traffic by address and port, log packets, parse out passwords, and requires no driver. Includes source and binary.
68a37d043069d0158378568c9e913f0a31e3b5b586b6696577308695df0d5423The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides. PsLogList works on NT 3.51, NT 4.0, and Win2K.
19038fc488435edfb7aaed758d88d0a3a9eccadd6a2f05393f901ca9dffe31bdGK log is a log analyzer and marker that searches a log file for patterns defined by the user, and coloring them of colors also defined by the user.
2144b47a6cf6cd003a91bcae0d1c02f208b9fdb91bf14a547efd79a2ce773bactcpdstats is a perl script which quickly analyzes log files from standard tcpd wrappers. It gives a text report of accepted and refused connections for each destination host sorted by source host/protocol.
4db468e50f1e07499478273a90177e7f0c69d3b068ea3ab47d528a92e4180295HP-UX vB.11.00 comes with /bin/cu SUID bin, which has a buffer overflow in the -l switch.
77af8460241fd99399a8eb2a90950ce6aa3a1b5653ac799c208865c42b2ef1d5KDE File Manager can be tricked into executing commands as root by creating a HTML file with a link to a binary.
d7f5f0c29d8e33e3eae4d5bbd47b000527c71b64246f27d556cd28df0782ba0eMandrake 7.1's /usr/bin/urpmi allows attackers to install RPM's as root if they have an account in the urpmi group and possibly physical access.
7c9b89ae1b7901292c8d5b0902bedd8ccaad79f8cc4b4e2702d359ba016ff272"Interpreting Network Traffic" takes a look at modern reconnaissance activity from the viewpoint of the intrusion detection analyst. The author introduces general principles of network intrusion detection, and explains the basics of a TCP connection through its representation in TCPDump format. He then dissects specific network events in TCPDump format, including scans, third party effects of SYN floods, and load balancing systems. He also presents an argument to refute the existence of "reset scans."
bf206c0476165454f25ca89892c863a4a2866beb338465795b3f58f49582c076WinZapper is a tool which allows you to erase event records selectively from the Security Log in Windows NT 4.0 and Windows 2000. Winzapper FAQ available here.
f48b79bec06f0ac8d48c122ec1a7af1c9a59ff354aeda78b6c751004093eb002
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
