LICQ and Gnome-ICQ contain remote denial of service vulnerabilities when users send .rtf files. Tested from NT4 and NT5 workstations (running ICQ 2000b) to various Linux distro's.
0d38b38a373c2c23008a37ff163edc7ea2509c844ccb480ba538319171bd2abbKnetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
a84b011d7820f85efc808a793953ee3393bd17ba794edb771ee439d52fb25fdcNessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 531 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
462c9493013c6c0509ff013763bd44d032e5af15e3d616892160b3a09e0acc66Netscape Enterprise Server 3.5.1 (Publisher) has a problem with the default ACL settings that could allow an intruder to view/download "non-public" files in the web root.
7a62731a05028e001f32f9d4c8e75d4140a036bb3958b1acba24163c1b5f6704Infobot v0.44.5.3 and below contains vulnerabilities which allow remote users to execute commands due to an insecure open call.
9e668c912d9b544d8575c377bcbc9d85a1e5518c52ad1d6000d9621425787cadSAT_Tools Saturation Tools are a small collection of scripts and programs to test network IDS and network saturation. Includes mas.sh, mget.cpp, trafficwhore.cpp, and spank.c.
b4794913555eb6eb5b1f49944bfb08e6671b989099ffb756e1d4937d7baeda04Microsoft Security Advisory MS01-008 - A flaw in the NTLM Security Support Provider (NTLMSSP) service allows a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. Microsoft FAQ on this issue available here.
fd372dce83d40400b88e4302defae7822e466e7f14d6a75ba1e1441d17864a81P-smash.c is an exploit that uses 50 percent of the CPU on windows 98 machines and causes windows 95 machines to slow down by sending ICMP type 9 code 0 packets.
ea8fd6e6dba3e554137d2f69ab652d216dcf5e70d827859208049f7e32a99736FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
0b247d5f97114dcbe7da125fd3e8270ef6b0e8f6fe5c722c4ea4d9364d807536FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
1a869b62905af8904b8403041846cf5d771ff31293af4c383220241db9779734FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
82dc603952f8799c8d452e6428abd2aef95221b5e642ce2ef35c1ff993c0c960FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
3c6cd6aa00e8cf396936b0c72ab70929ad0b9c020f6adcef73f20aabb1587858Dkbf is a Distributed, Keyboard, Brute-Force program, written in C, for Linux clusters that attacks Windows NT Lanman and NT hashes using the Message Passing Interface (MPI) to distribute the program L0phtCrack by the L0pht.
bc739902dc191518d99e7370312674317d866ac724bde1f14b80333350647495FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
6273536180124ce566ee041fbe174c87037903e5135ad44363d389827459892eFreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
d045fe7d70cc4c35244fc03cf6f26e6408e42a804a5cb6915ef7e3e3aa2fa584Snort 1.7 for Windows - This is a working port of Snort to Windows NT/2000/9x.
9158523305f16b03181280f71400362f5d8c75014152b3fcc0a2688e97d43131Computer Crime Law Archive Volume 5 - Tutorial on state computer crime laws for South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, Wisconsin, West Virginia, and Wyoming.
0a9a3b80759ab26305a0f5ef9d6265b70e8747ae94152a193d0672b870e86171Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
8e263a89cb962af9839db130e697d1cf288b9fda27fdc7ea9244057cdf88cfac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed