RX is the smallest (1087 bytes) universal Windows reverse shell for all versions of Windows NT/2K/XP/2003 with any service pack.
b56a1fa9260aa95f38866b8d9f558e3c2b99a52e77955344d944c5e8acf34662TX is the smallest (924 bytes) universal Windows backdoor for all versions of Windows NT/2K/XP/2003 with any service pack.
4fa179d772d63a3c1e09cb980fc4aea305e2bf3f05388d8394775b3c1f03e66fSecunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
6d79767ff1e5f5b6058280f3115df61f03044adbe204b87b6fa57a85f52c56c8myServer version 0.7 is susceptible to a simple directory traversal attack.
5e346d4fd84051b1af43543997416ebc071e1b9ab8cae08865414f317085f778Secunia Security Advisory - A vulnerability in vBulletin 3.x can be exploited by malicious people to conduct SQL injection attacks.
ca896d08f3d8e09bf76ee26047bb3e42b2eeecbb928d54d7da493a7bd1bf11ffNISCC Vulnerability Advisory 403518/NISCC/APACHE - Two new vulnerabilities have been discovered in Apache. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team has discovered a bug in the apr-util library, which can lead to arbitrary code execution. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation. These vulnerabilities affect versions 2.0.35 through 2.0.50.
819928722d2c3ee7a440437b80c12521e6cbd9bd15899e997ed85366e5c80461BBS E-Market Professional suffers from path disclosure, file download, file disclosure, user authentication bypass, and php source injection vulnerabilities. BBS E-Market patch level bf_130, version 1.3.0, and below is affected.
fe6396baf023202a3aaa5e1cc4406171bca9fd0ede9d8fba31585a999b2ad73aNetwox is a utility that can be thought of as a one stop shop network toolbox. It includes a graphical front-end called Netwag. This kit comes with 150 tools that can be used to perform a multitude of tasks that are very useful to any administrator. It supports various protocols (DNS, FTP, HTTP, NNTP, SMTP, SNMP) and performs low level functions like sniffing, spoofing traffic, and playing client/server roles. Both Windows and Unix versions are included.
db7d112386f908aa3c2271b05fa647c4833507191b44eba6e22bf176b1f6b1b2Placid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events, and was designed for speed and to have little overhead.
b9ed5948f9f5d7ab54fbfbb89c074ec6b54bc6491627c28693e3e852342502f4fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.
c54576718b0a6155f91409a42cc370b9033a08e217db4ff590dc671aa39d5347Secunia Security Advisory - A vulnerability has been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the mod_dav module. A malicious client can exploit this to crash an httpd child process by sending a particular sequence of LOCK requests. Successful exploitation requires that the malicious client is allowed to use the LOCK method and the threaded process model is used. The vulnerability has been fixed in version 2.0.51-dev.
ef5260a043741f97b12e17ce93e2350080f47c428dfdf460dacf8abd2c9e2ee0iDEFENSE Security Advisory 09.14.04 - Local exploitation of a design error vulnerability in Networks Associates Technology Inc.'s McAfee VirusScan could allow attackers to obtain increased privileges. McAfee VirusScan version 4.5.1 running on Windows 2000 Professional and Windows XP Professional operating systems is vulnerable. It is suspected that McAfee VirusScan 4.5 is also vulnerable.
07a63f3062f227327fe88d439d02b86ec30f9b7a0e2c503e4cc40fbc7148d85dSecunia Security Advisory - Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. These vulnerabilities reportedly affect versions prior to the following: Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8.
0a6ca10ffc4a3ba1127a2e7aff306ae4251a2daf157abd425b6d345403f1729dThis package contains example vulnerable C programs. The best way to learn exploit coding is by doing it. Start your search with the index.html. There are examples of buffer overflows (stack and heap) and format string vulnerabilities. All examples are exploitable with a standard linux/x86 environment.
b4a6e4ad9e67fa0be8869334a9ea7b86a7d1712e80c47179e80a481dd08dbd3bCorsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of fields containing an RFC822 comment, embedded file attachment blocking functionality can be evaded.
74251de47904aae76e4bffb4f916da01cf56d98e7b1ed49b5e0f83010829c5b5Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of non-standard separators, embedded file attachment blocking functionality can be evaded.
66ff35c775b45519831713986c8df93cd3e7b62b318c9ec3b8e112458a53ce8eCorsaire Security Advisory - By using MIME encapsulation techniques centered on both standard and non-standard Content-Transfer-Encoding mechanisms, embedded file attachment blocking functionality can be evaded.
35436f55f94abd49272c41efd63997ec83f2d27a43061abf56462b465653327bCorsaire Security Advisory - There are a number of content security gateway and anti-virus products available that provide policy based security functionality. Part of this functionality allows the products to block embedded file attachments based on their specific content type, such as executables or those containing viruses. However, by using malformed MIME encapsulation techniques centered on the presence of multiple occurrences of fields, this functionality can be evaded.
861f18b0357c439502c07a12285b7d20b18584f5ea50adaee7fcfa7ffc20f5c2Microsoft Security Advisory MS04-028 - A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
5ac536b0712a3153f373e7ecc6e68d519c4b9a1e3c6e34c0655c10862ea50e15Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
66e855df17de149765d7724cc2f3b2514f160cbf62a98e1bbaa3980790cdec12p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
563c62f63acfbef79e79659c3f483813816c7d032ef73e96e462a3b4f9a2fc7fICMP-based triggered Linux kernel module that executes a local binary upon successful use.
3e96d2229d340dce20e03b329993d38a8230c2492d818ef162a0761d66676d30Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
32d5e9937c86c2a5376b2972a716596d1a060f62e55dd6228a751e0b859d7587SUS versions 2.0.2 has a format string vulnerability in the log() function that allows any local user to gain root privileges.
106d733f1d36f9b0e8b648040d07d178e88abf9759aaef5a23f2f5eecd87daeaSecunia Security Advisory - This particular advisory sums up about a dozen BEA WebLogic advisories. Everything from security bypass, manipulation of data, exposure of system information, and denial of service vulnerabilities exist for BEA WebLogic Server 6.x, 7.x, 8.x and BEA WebLogic Express 6.x, 7.x, 8.x.
a8b408b4ca8d5290596e88b195650c59c004b17123c3195ba681344f76dd2147
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed