Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
8caf3acbe93c0fa0a685c3e6fb3a5f80ce49936bd7d40269a09b3ead6fd85ed5360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a8e32234f578754b37ce8bdc22530da80aaa346eeb887205429ab1efb9df6612This bulletin summary lists MS15-131 which has undergone a major revision increment.
25a6d385eb36e00ccebf5ca52b9cbd4475b6af310e6e5f48798c58e29df38f33Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability.
e3a600a83bd36797b98db962833ac5481dc99968f9a214f43e970ffe3c05e463This is a tool written in python to generate shellcode to use on Microsoft Windows.
9d065a62ed93f7dd05b3cec4122bdafed6c4c329cba2f1483ffa7f10c8ed93d2WordPress versions 4.4 and below leak whether or not a username exists in their login flow.
1fcd8c4fe8a6f66633988433b2ccfbe5217d776751625c4284b08e7c7dd51fe0Skybox Platform versions 7.0.611 and below suffer from code execution, remote SQL injection, cross site scripting, and directory traversal vulnerabilities.
d2a34290d02d3f2013ecd41c823081fe86b61aaf79b73808107e70eb70589040Joomla Nice Ajax Poll component version 1.4.0 suffers from a remote SQL injection vulnerability.
999349e579efada72ac547ea793f015dd38c91cc1fac1c44000cb9f50c0e371eGokhan Balbal version 2.0 suffers from a cross site request forgery vulnerability.
fa2529c6f694bbe9e957fc6932cfd9ad9c0cc8b4544e9a9c73de2eb7f672761eWordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected.
563b4cd0c2c6daa144905e2889e1612af5145d83c473ba6fede7862ab1e6634cThis Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, and ability to gain root, and VNC scanning. Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.
0cc139b4c6b9c45be686acca2dd23b5b8721a770d99f66699d03a8dd546d9d45This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.
dcceeba8df965c1937cb0d548603d7c0459697a03cebe3401045655277b8c71cPacom 1000 CCU suffers from a multiple cryptography implementation vulnerabilities.
8ffb6582450cc66bf6ede0f129ed03b875df1b0ccd435a123b1858fbdab968f4NorthSec 2016 has announced its Call For Papers. It will be held in Montreal, Canada, from May 19th through the 22nd.
c2561d2a63bfca599dd6edd937f2281770b64d59e90ab1e453142b5301209b00Intellect Core banking software suffers from a cross site scripting vulnerability.
2cca788a0101e294e002a3aaca72939892cb1b853ebe84c8c623baab3a6030bbbitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability.
d688c669bf51931323bfe010133ed5178c3bc69c4822fcbcef048fa6af5234b7bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability.
2597e943c082033362d873c1d67295bf6b0ccf2722b1674c326fb2f013ae86ceRed Hat Security Advisory 2015-2615-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.
f3432d0be559e3976310498033991e4fae6baae5512185c47a942eda1c490353Ubuntu Security Notice 2825-1 - Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. CVE-2015-6766, Several security issues were discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions. Various other issues were also addressed.
4da9c3cf0f733a42582f27bea8982b75d1b1b1242d5e1007ac38b7238ac1a022Google Chrome's executable installers suffer from a DLL hijacking vulnerability.
224bde92e1c40f51d2ba4b1e631e936dfa88b0fa7bd117702757729ad0205941Open Audit suffers from a remote SQL injection vulnerability.
5bcfc62474798ca66ef7622a1ebcfde6d125dc0189aaadd35a9cae62c7c6d4ceSecure Data Space version 3.1.1-2 suffers from a cross site scripting vulnerability.
21d85419db2cf61897ddaa7df479ae426c984baa1983a1fc1425810159174864Pe versions 2.4.3 and below suffer from a stack-based local buffer overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
4f3c249c6485d838d82f788c55186dd86c268e12130b5e71b799ffcc52121624The Rightel mobile provider suffers from a cross site scripting vulnerability.
0877f4b789e565b62c7b4923e7cabb48f3fe5b8a8d9632c60fdda7427ce00f8e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed