Packet Storm new exploits for May, 2000.
c855b45b4efb3e69651181ff39c4b5e46fb8b715542eaae404ecebef1fa8c2e7
wu-scan.c scans for vulnerable wu-ftpd v2.6.0 machines running Redhat 6.2.
1861170cfc4308aeb28bcc2254c1d26054df8ccb29aef0cf6d5b7126179833f4
Big Brother up to version 1.4H2 contains a remote vulnerability which allows remote users to create a filename with an arbitrary extension. Since the file is droped into a directory accessible via the web server, any file extension that is parsed server side can be abused and commands can be executed remotely.
771adb86ccd349d820abaebd27a901d8ba6eee6a182b4b57c6b7d29e955e2aeb
Excel 2000 serious vulnerability - Excel 2000/Windows 98 (other versions too) allows executing programs when opening an Excel Workbook (.xls file). This may be also be exploited thru IE or Outlook. This can easily lead to taking full control over user's computer. Demonstration available here.
00d755a71d377e63143d88bb87001c19403d83540df8f8eecd62246132cfe637
WEBactive HTTP Server 1.00 contains a remote denial of service vulnerability.
ca5a37e29e841a8b18f78b3913ad716c1f7d2dbc7b9f677c7884e51fc83856d8
Packet Storm new exploits for June, 2000.
b9beb14bb1630d1c47ede46f314307cec981f00cfcfcef042e7f7f4cfe6940ce
Pollit, a cgi application, has a vulnerability which allows remote users to read any file on the system. A URL such as /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/passwd%00 will spit out /etc/passwd.
cfd0406b5db5817df07a68c68d4111291d8a6ac57433df9dcf9de84feb337952
Small HTTP Server v1.212 DoS Proof of Concept Code.
cb4a6809115cfc0604ed1278aa8e9759b0cd0e267d4afcd0f53e2e8e9fc7d4bf
wingate.pl is a remote dos exploit for Qbik Wingate 3.0.
daaa900a3a785b81dbfd48e547450217239ac07ddc77f76f757da46713d5e7d9
Mailstudio 2000 scanner - Finds vulnerable mailstudio2000 webservers running.
0990728d39596a22fb9137f46248ade4b53621944907f799e76640970f0c8014
Exploits ported to Windows with the Cygnus compiler. Includes fuck_them.exe, gdm-exploit.exe, inndx.exe, orgams.exe, portn.exe, rwhokill.exe, tentacle.exe, wingatecrash.exe, and winnuke.exe.
faac7f196fb783d71bf9db8df1fdd3a59d1b4de1279c15ed2ee2681c97906271
Malice v2 scans for over 150 cgi vulnerabilities and uses anti-IDS tactics as discussed in RFP's famous whitepaper. Written in perl.
f589f53839581a3b411cc4cf7e9490c78005c1d2451c46e022f3fd6328b68388
Pscan3 is a simple tcp port scanner.
929b9403329467a87e7c37f21463a42f40fb36faddfaeb9419647a607144eab9
NetWare 5.0 with SP 5 has a remote denial of service vulnerability. By sending random data to tcp port 40193, a buffer is overflowed and the server issues a memory allocation error and eventually crashes.
a178b6c280e61e03ccd96968dc1ad83b3364b0fcf2f974596e38b4209aec1780
NetBSD Security Advisory 2000-010 - wu-ftpd versions prior to 2.6.1 contain known security holes which allow unauthorized remote users to gain root access.
cd93cf79b743ebe4c8fadd4db3ac3ba2d12280f7e28999ab3115b93f37840dd2
NetBSD Security Advisory 2000-009 - An improper use of the setproctitle() library function by ftpd may allow a malicious remote ftp client to subvert an FTP server, including possibly getting remote root access to a system.
e738d5814b569a7ca3be40277de7b98cd3a21bb900e8613c115bf34d5e3d85c4
NetBSD Security Advisory 2000-008 - The DHCP client program, dhclient(8), did not correctly handle DHCP options it receives in DHCP response messages, possibly permitting a rogue dhcp server to send maliciously formed options which resulted in a remote root compromise.
689eb3394762910611c11587282a13367c62d78411f6906114508c189e19670e
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
4fd49bce50fdaef522760d6b998dd1817cfef23867124b17276c004efabcbe42
Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions
1b64f135dfbec4e3b58cd4a39a867d2095425a2d0a7ce099fefc4ef401e688f6
Security Advisory ( netscape.ad.00-07 ) - Netscape Administration Server Password Disclosure. Netscape SuiteSpot running on Netscape webservers has a password file which in the default configuration is readable by remote users. All platforms are affected.
fc8ced0cf42485c9c5449d2871d4e468f97c98348842598afee7f8f1b5693c16
FreeBSD-SA-00:33 - Vulnerabilities in the MIT Kerberos 5 port were the subject of an earlier FreeBSD Security Advisory (SA-00:20). At the time it was believed that the implementation of Kerberos distributed with FreeBSD was not vulnerable to these problems, but it was later discovered that FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in fact vulnerable to at least some of these vulnerabilities. FreeBSD 4.0-RELEASE and later are unaffected by this problem, although FreeBSD 3.5-RELEASE is vulnerable.
e072d2724cad65ec47ada96c741fce598aee03be503ae532586cff6b6b3f76b4
Infosec Security Vulnerability Report - The web server for remote access to e-mail in WorldClient 2.1 for Windows NT is vulnerable for root dot dot. It is possible to read any file if the full path is known.
4b6111684464d2485841716e01f025838a5a1cc677a347910d4fa9e8beba9b29
The Sun Java Web Server for Solaris and Windows NT allows a remote attacker to execute arbitrary commands on the target system. Proof of concept included.
bd8c338c7d97b0e98dd027394f8a93f703fd4e4cbad9bb9bf3ad8b24525f2c99
Big Brother Scanner - scans for /cgi-bin/bb-hostsvc.sh which allows reading of any file on the system running Big Brother prior to version 1.4h.
5b760b555749e0bc228d293b9b05df55bbf2a42dcb3ab1727c7907a857069a84
Big Brother v1.4g and below contains a vulnerability which allows a remote attacker to view any file on the system.
f086e5bac79245e68ebce8c7eec3573aba8b9aae6fa0bc93db2738b30a313fb2