Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
27e657212881186d356907a7c45b168e7431a2f83f3411d2a90366afccf03916Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. It implements the standard FMS attack along with some optimizations, thus making the attack much faster compared to other WEP cracking tools.
a970a919188382c34c6a67a7d1e2431b41cf6560344105de889336c40a550544Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.
0e5a558e4d8f858cd9a53bf4dfe8abf1b4c0de4d86f5d95af9f14b7643102693Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
cc0f200a332338fed35cc7ec373e115e55c78297311ea2e946f58a28dffacc8aphpWebSite 0.10.1 Full is susceptible to a SQL injection attack.
3d922118eca405d9df288ffe8212cfc258f0554c45b5b5fcece3de23dcdf29ffHP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Ignite-UX, where unsafe file permissions could be remotely exploited to allow an unauthorized user to access and alter Ignite-UX client data on the Ignite-UX server.
392b00c56ab0fd41d1e482f2d70734a301162f3368dfef4d939af6113290f4abDebian Security Advisory DSA 776-1 - Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats.
cf603d23cf404ec2c6a51552eaf463479edfb8b0ba1347be502c28949adc94a7Whitepaper detailing a new way to bypass Microsoft Windows heap protection mechanisms. The methodology explained here is different from the method introduced by Alexander Anisimov.
9a61e882adb5edb01d3de81fa7a37d2cd965a7b01614922c1ceb92e45f8a1500Corsaire Security Advisory - The aim of this document is to clearly define a vulnerability in the HP Ignite-UX product, as supplied by HP Inc., that would allow unauthenticated write access to the host filesystem, both remotely and locally.
bd7fc27a50d40ede02ba72bc8f8469bd365c3aa828f2f6c856f3e5b6b6c4fa87Corsaire Security Advisory - The aim of this document is to clearly define a vulnerability in the HP Ignite-UX product, as supplied by HP Inc., that would allow unauthenticated access to a copy of the /etc/passwd file.
795d1dc86a63b7e0c62cc4672e2505d6773a262bd53570e6651222f8b8c385cfSUSE Security Announcement - A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to smuggle requests past filters by providing handcrafted header entries.
f2c1e27393e00e608df20530f2d81d124ab334a14e72c5c06bcdaa4e99e13fadPersianBlog.com, with 63,000 blogs, is susceptible to SQL injection attacks.
427fdbc605b961df1ef493a25c194345f2bf87603811b47a1ee814b2ac562617Mac OS X Weblog Server version 10.4.0 is susceptible to cross site scripting attacks.
cd839b3975e97a7cc43a50f400458622d99c52a49dfd7c5d496467a705bb86aeSakeru version 0.1 is a URL filtering bypass proof of concept tool that takes advantage of weaknesses in Websense, etc.
616fd3f75317adc483dfec1522f146712ad5662dbb229e6dbf0bd27003fdd908ECW Shop version 6.0.2 suffers from cross site scripting, various injection, and disclosure vulnerabilities.
fca43a907a2483129c05dcd4401eac9a0f25c8af69d97ee1413c3e49f97b5226It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware version 1) wireless router allows wireless clients to connect and use the network without actually authenticating.
96e8d0b366b9a6d9eb3a34c25b308ab8fed0342424a224e57d4430f08f3e689bThis technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling.
5ea1e8c04c45276464698ca627370626105e043dcb550f659141545d10bf8160White paper discussing web browser identification and how proper identification can enable a remote site to know what attacks to use against a visitor.
af292d7644b45c3e998a980f23ff821b434d866040446022bb3ee6a5b46b07a2Gentoo Linux Security Advisory GLSA 200508-08 - Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and GPdf attempt to reconstruct the information in it by decoding the PDF file, which causes the generation of a huge temporary file. Versions less than 3.00-r10 are affected.
8c9adaf5bc503b7b7cc86f1fc25ed15c58ef4db9225447aa086a4e614d3f39bbGentoo Linux Security Advisory GLSA 200508-06 - Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages (CVE-2005-2103). Furthermore, Daniel Atallah discovered a vulnerability in the handling of file transfers (CVE-2005-2102). Versions less than 1.5.0 are affected.
a9e18b534ee44264fe5c4d56eae837665d441f2f58ec2128fc0139cfe4cfa46dGentoo Linux Security Advisory GLSA 200508-07 - When using a URLPlugin, AWStats fails to sanitize Referrer URL data before using them in a Perl eval() routine. Versions less than 6.5 are affected.
29e8f8b5a0e530a35adb5742adf73ee87b44d8633ea71413519119f2dadbf849Operator Shell (osh) 1.7-12 local root exploit. New version of an old exploit.
4ddcb37c6addfe9669637e9768105bf89fb404c3737bcff22f8e1019069720c9The makers of CPAINT Ajax Toolkit have discovered code execution vulnerabilities in their software. All versions prior to version 1.3-SP are affected.
6c1b4d723d050b0fa556f05f2f1f431ed1089bd3c77932893f93fcb340d72f97A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed