Local vulnerability in Solaris mailtool(1) - /usr/openwin/bin/mailtool on Solaris 8 (x86 and sparc) contains a local buffer overflow vulnerability. By specifying a long environment buffer containing machine executable code, it is possible to execute arbitrary command(s) as gid mail.
1e5e671cf9f5a6ad579331d3e7053810FreeBSD X key lock (xklock) v2.7.1 and below local root exploit - Tested on FreeBSD ports collection v3.5.1 and v4.2.
c5a5aabc95055e9049edae3b5c5de143Dc20ctrlex.perl is a FreeBSD 3.x/4.X /usr/local/bin/dc20ctrl local exploit which gives egid=dialer or root on non-freebsd systems. Tested against FreeBSD 4.2.
9d658bc02da0498ea3f0146d905dd9afAdvanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in TXT form.
938010bc0d9b99eb9b35830b0f7a13e7Advanced Host Detection - Techniques To Validate Host-Connectivity. (PDF) Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
2866b8e06c2e023af6d2353b6ac6c628Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
29e1aa57dd7594aeb700b3e563f4579aExamining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers. Text version available here.
aa639e684a8e7913186faa5b0f7081b9Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers.
4608dc43a219fc1243b13e3e1ca6f75dOpenBSD v2.6 and 2.7 ftpd remote root exploit.
851ecd7cde4ff528736a6f54e5ea9649Overwriting the .dtors section - This paper presents a concise explanation of a technique to gain control of a C program's flow of execution given that it has been compiled with gcc. This exploit technique has several advantages over changing the stack pointer, including ease of determining the exact position where we want to write and point to our shellcode, and is simpler than a GOT patch.
f693cc32d668324c2205e77036aa3fd1Remote exploit for rpc.sadmind which brute forces the offset. Tested against Solaris X86 and SPARC v2.6 and 7.0.
c0c0dc5180d9081f3ba5df8bbfca3981Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
4473a774da7c24d3ddf462e13bfbf37eSynnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a00a442f87ac62e4716afc3cc58d0c62PHPix, a Web-based photo album viewer written in PHP has a vulnerability which allows remote users to traverse directories and read any file on the server. Exploit URL included. Fix available here.
bc3908f2f9d85da09ccb7ad48698fd82Inebriation.c is a local linux/x86 /bin/su + locale libc functions exploit which has been written in response to previous unreliable exploits for this vulnerability. It includes a perl wrapper to find the correct offset, can use GOT overwrites to evade stackguard, stackshield, and libsafe, uses clean overflow string creation, and has documentation and several other usability improvements.
a4ea18e81fddb4c040951cf4232de56aThe Importance of Bug Testing - Includes discussion of alpha / beta releases, the importance of bug testing, software development goals, software testing strategies, functional prototypes, designing test sets, defect testing, acceptance testing, and structural prototypes.
93ccf43ca9128f73447bd47fe1fa89f1Synnergy Laboratories Advisory SLA-2000-14 - The BSD/Linux telnet client has a stack overflow which is not usually a security problem, except in the case of a restricted shell environment which allows users to set environment variables and run telnet. Perl proof of concept exploit included.
c6491ecc47f199f8a19a31d67e79f43cBandmon monitors the bandwidth usage on your network.
f428ce70692dfa952d10c6d16f3727ceThe wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS client via the webserver. Waisq contains buffer overflows allowing remote code execution which can be exploited via wais.pl. In addition, files owned by nobody on the webserver can be overwritten with arbitrary content. Includes exploit for Linux/x86.
795f85e6d55de6d0878a8c35c77da7a9Synnergy Networks msadc scanner - This is just a basic string scanner that happens to scan for the msadc module string.
848292758ce51eeecb718dea80503411Sends message to everyone on unix system via syslog().
03de4874a8f333ee6918dd99448e08b1Sadmind exploit stack pointer brute forcer, just ./sadmindex-brute-lux [arch] <host> and it will brute force the stack pointer, it'll output a message on success and open ingreslock (1524) on the remote computer. This brute forcer requires sadmind exploit by Cheez Whiz.
7588b1cbff18bd6bcdb5fe10b4e85adaRemote buffer overflow exploit in perl for QPOP 3.0b<=20 running on Linux.
5ea48ff2b2dd6aaac4f0fcef8bc4b30eSynnergy Logo
2e2bbb3a163530be6d329e216d48adecRemote unix shell backdoor written in perl.
e7a347c80e9c5df1b8d3232f4848e7f4
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
