Brief: Rogue trader simply sidestepped defenses
Rogue trader simply sidestepped defenses
Related Files:
Month Of Apple Bugs - A vulnerability in the handling of Apple DiskManagement BOM files allows to set rogue permissions on the filesystem via the ‘diskutil’ tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once ‘diskutil’ runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges. Homepage: http://projects.info-pull.com/moab/index.html. Authored By LMH, Kevin Finisterre
Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided. Authored By aCiDBiTS
A Zaurus PDA version of Airsnarf, the rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Designed to run on OpenZaurus 3.2. Homepage: http://airsnarf.shmoo.com. Authored By The Shmoo Group
Thatware is a news portal administration tool. The security vulnerabilities in Thatware allows attacker to gain administrative access to the application. Two exploits included. Fix: For a quick fix, simply rename admin.php3 and simply quote all numeric data in SQL statements. Authored By Fabian Clone
The KeyFocus Web server, a Win32 HTTP server with web administration, contains a flaw that enables attackers to traverse above the webroot in the directory structure. Only files with recognized MIME types can be compromised as there are internal defenses by the server that disallow retrieval of other files. Authored By Matt Murphy
Garuda is a wireless intrusion detection system (WIDS). It has been designed for detecting war drivers, rogue APs, denial of service attacks, and even MAC spoofing. Rule-based detection, statistics, and enumeration modules included. Changes: MySQL support added, configuration file adapted, and a bug was fixed in the code for detection of rogue APs. Homepage: http://garuda.sourceforge.net. Authored By Seunghyun Seo
Secunia Security Advisory - Some vulnerabilities have been reported in Torrent Trader, which can be exploited by malicious users to conduct SQL injection attacks. Homepage: http://secunia.com/advisories/26504/
Airsnarf is a simple, rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots: snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP. Homepage: http://airsnarf.shmoo.com. Authored By The Shmoo Group
Network monitoring tool - detect rogue incoming packets indicative of potential attacks.
An FTP daemon that simply does anonymous FTP only. Very secure.