If root ever does "rm -rf /tmp/foo" for a directory structure not completely owned by root, a local user can delete all files that root can.
3ba1f58d2454e57c2aabb1552bf4229866c003b9fde29b9e8099400b1fef591cSAINT is the Security Administrator's Integrated Network Tool. It gathers as much information about remote hosts and networks as possible by examining all network services and potential security flaws. The collected data can then be analyzed using a simple rules-based system (or via other included interfaces). In Exploratory Mode, SAINT will examine the avenues of trust and dependency and iterate further data collection runs over secondary hosts.
80d45841dec9a0d786bc5d96c0313c747174e4d4c3cdcc8cfdbfc8bc237fc3d5Using the good old NullByte(\000) its possible to open "any" file on the webserver(with its permissions) running the "UltraBoard" forum-software.
cac53c20c8f003f1c433d4901d938d89d764d76df657e71ce2c13537f325a103Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 330 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them.
c274f0954a44be2fa72bcd3e402b190f0bb3cb50d5d7c4b1f3b55b9233c1a746RFP2K04 - Mining BlackICE with RFPickAxe. BlackICE IDS uses a management console called ICECap to collect and monitor alerts sent by the various installed BlackICE agents. The ICECap user console sits on port 8081 and has the default login of 'iceman' with no password. The second problem is that the software uses, by default, the Microsoft Jet 3.5 engine to store alerts. If you couple that with the shell VBA problem, that means you can push alerts that contain commands to be executed on the ICECap system. Includes RFPickaxe.pl demo exploit.
eb477a77f630953d91b35937b63fd59b9bc492d8898abfeed95794044c8189f8There is a way to disable tcpdump running on a remote host. By sending a carefully crafted UDP packet on the network which tcpdump monitors, it is possible, under certain circonstances, to make tcpdump fall into an infinite loop.
762d8e63fbcb7f43d09fcb049e572dc985c7e6be26bd6c5efc3db1e022573ef8The precise details of how to exploit these holes is minimized to prevent compromising the integrity of all current Internet-accessible FileMaker Pro 5 databases and mail servers. However, details can be easily deduced by referencing the FileMaker Pro 5 documentation and by consulting the FileMaker XML Technology Overview white paper available via the FileMaker XML Central Web site.
266a2b3612f869f2b2ce836b82d96495dbb6d573fd9f243d85c88bce65c7fde5It seems that, even though a regular (non-"enabled") user should not be able to see the access-lists or other security-related information in the router, one can do just that. The online help systems doesn't list the commands as being available, but out of 75 extra "show" options that are available in "enable" mode (on a 12.0(5)3640), only 13 were actually restricted.
2c33ae7e113f98c67d0be4eb389aefb18fd47f1579f69e7636939aefb440a243When accepting luser console login, pam_console called by /bin/login tries to be user-friendly, doing several chowns on devices like login tty and corresponding vcs[a] device, as well as other interesting devices: fd*, audio devices (dsp*, mixer*, audio*, midi*, sequencer), cdrom, streamer/zip drive devices, frame buffer devices, kbd*, js*, video*, radio*, winradio*, vtx*, vbi* and so on. Probably it's designed to make console logins more comfortable, but has DEADLY effects on servers with console luser-login ability (and that's quite common).
1d635e59bee6725bcf7c4b9d3459f4bb45a1383179c65d540f6ca36f5edf6fe0Here is how to exploit the bug for cracking systems running Jana. I tested it with Jana 1.45 on Windows 98 and Windows 2000. 1. Open a browser window 2. Type i.e https://the.server.com/./.././.././.././windows/win.ini.
5619cda37bd593b8aa8636730088c1f2262151ba1f7ad4ec649f9de333df9d1aA DoS condition exists in the Linux kernel knfsd server. Remote, unauthenticated users (i.e. those with neither a directory mounted nor permission to mount one) can OOPS the host kernel. The OOPS does not bring down the target host, but it is possible to render the NFS service inoperable until a reboot.
7a554cf14acdc3fef95cadd5e0b687b47576cc0e8024390737cb14e3860d6e69SAINT is the Security Administrator's Integrated Network Tool. It gathers as much information about remote hosts and networks as possible by examining all network services and potential security flaws. The collected data can then be analyzed using a simple rules-based system (or via other included interfaces). In Exploratory Mode, SAINT will examine the avenues of trust and dependency and iterate further data collection runs over secondary hosts.
b29ecdbd2a274300ddad53366333d83a5a667e80f048aed6f8651989be1ffdc8Buffer Syringe is a tool for win32 that tests a daemon for buffer overflow on it's parameter(s) sort of "brute forcing" or "stressing" the daemon by means of injecting a user specified parameter or a command with a value of a user specified number of characters to the daemon. Chances are, if the parameter being tested is vulnerable to an overflow, and the user specified number of characters exceeds that of the parameter's limit, then the daemon would likely crash.
abd825833c7b497a0e3d17058eb7119b3458be5b9e91dd6fa18bc85d104ab967fdmount local root exploit - tested on Slackware 4.0. Must be in the floppy group. Modified from last version to work on Slackware 7.
255ecb2ad7fe3f717a036f24b6eb2b7864a4ac3e503bf58f697e951d039c3d6bSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
f1eadc308e0fa9c0ff68946ebf297fe6032ba691fc2059f1c021cc5c8e7b0250Antisniff Unix Researchers (free) version 1-1 - This is a command line only version that runs many of the same tests to determine if a sniffer is running on the local network that the Windows NT/98/95 GUI does. Currently only Solaris and OpenBSD are supported.
d6e2c4c3da8d8dc4fa5b2a702a65d8f22552aff1a897e8f70b86863afc84a4efcscope is an interactive, screen-oriented tool that allows the user to browse through C source files for specified elements of code. The current version allows searching code for all references to a symbol, global definitions, functions called by a function, functions calling a function, test string, regular expression pattern, a file, and files including a file.
185c52ce8dd0518391d04162c1465c0d0a7c18859426ff7d42695d07df85196b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed