Cgichk is a web vulnerability scanner which automatically searches for a series of interesting directories and files on a given site. Instead of focusing on vulnerable CGI scripts, it looks for interesting and/or hidden directories such as logs, testing, secret, scripts, stats, restricted, code, robots.txt, etc.
8a0ab0f66d6a55d9091a4daa12b32a1dbbc5aec652a3158bb0b5ffb0464af184fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
ade062b651435cad1292f8c79ec185edca2ffedd627f4042a5c91ed1bb0f77e2Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: A good year for the bad guys, and much more.
23b78fa26b43a92a1b64d9bea364ed236d79d46634eaeb1d9bbf14b2114ba066Red Hat Security Advisory - The ed editor used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.
603f90530a97c999b489e1a19cb700af30630f6caf6f02cf9dd87d401c6b6620everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included.
01ce9f63078ea884e7545c04bce65a8e11c4e87b1fcbdb0508d60474d1357b4fItetris v1.6.2 local root exploit - Exploits a vulnerable system() call.
13a0ac0bf7a88ce8832d4b779b8bebc6e5d04c2c956942c7b7664e4ff6f8a7acDebian Security Advisory - A bug in the database reading code of slocate makes possible to overwrite a internal structure with some input. This can be used to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This is fixed in slocate v2.4.
24e59b5dc48649f6a9258edf08a87a8b7537a1b2ddb866b04b56715dceb03bcbDebian Security Advisory - The problem that was previously reported for joe also occurs with other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name. Unfortunately that file was not created safely which made nano vulnerable to a symlink attack. This has been fixed in version 0.9.23-1 (except for powerpc, which has version 0.9.23-1.1).
6cf26c8a6c9303180c410ab4dc3cda34443b39eec2c11bf8bd3908081f04eff4Red Hat Security Advisory - A problem exists where BitchX will process malformed DNS answers, allowing an attacker to crash the client, or possibly access the BitchX session remotely. This is fixed in v1.0c17-3.
b63aa4217992472a30e4427aab9dce2b9401c5bb0e47d6b1a64b2995359b2286Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot.
febfc0b34d825bb1fd2b1ea1e96374fa6816966c45c2f8ac101caef72cf4b91bReverb is a tool to access firewalled, dynamic-dialin and otherwise protected hosts.
9548ad877de5a2911412ee36598b233d8e3896399e75768fa1aa5b678c016314OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory.
e60d36076da9b2566b60a358f1600945cb7392b7f05305acfc0f2dfa49415169Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid.
a764a6764b205afa2af181409160d382cd7900bb0e413755bae2fd0a686d98deThis Shareware program is an user friendly alternative to the built in eventlog viewer of Windows NT. Besides it allows to conveniently watch the eventlogs of the machines of your network. As soon as an unfiltered event occurs on one of the watched machines, a popup window will inform you about it. You can even start programs of your choice in response to events of your choice. Last not least Elwiz shows some important information about the watched machines.
7ad33242268057a6ff10e53683b25c4b8a5f24fcd639c460c40699edeb1b7fdfAdvanced Archive Password Recovery (or ARCHPR for short) can be used to recover lost or forgotten passwords to ZIP (PKZip, WinZip), ARJ/WinARJ, RAR/WinRAR and ACE/WinACE archives. At the moment, there is no known method to extract the password from such compressed files, so the only available methods are "brute force" and dictionary attacks (for ARJ and ZIP formats, known-plaintext attack is also available).
70f8aa78b7a0da27f290d5feade5857bfd0812119150cdd8cfc45bbd19470118Advanced Lotus Password Recovery v1.02 is a program to recover lost or forgotten passwords to the files/documents created in IBM/Lotus applications (all versions): Organizer, WordPro, 1-2-3 and Approach. The passwords are recovered instantly; multilingual passwords are supported.
0e8704380169052d315e597ecff7cd351e418e290db9c3baa4fdb06caeeba944NDiff compares two nmap scans and outputs the differences. It allows monitoring of your network(s) for interesting changes in port states and visible hosts. NDiff should be useful to network administrators, security analysts, and other interested parties who need to monitor large networks in an organized fashion.
f779f0dc5b5ec7204915096b9863b1b7c5c7fa078181c15dbceb4afb0fd0caffxlockmore is an enhanced version of xlock. It incorporates several new commandline options , which allow you to run it in a window, in the root window, in a different size/location, change the size of the iconified window, to install a new colormap and delay locking for use with xautolock.
9089db84a38d940c8efc42d7183198b9eb542928804e446207e6c28794a3261f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed