iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version 3.1.0.26.
176a7cb1e83f154ccc8af07f4cbe77546f283f0105fddba28d1cfc898267a850
FortConsult Security Advisory - It is possible to retrieve unencrypted data from the "names.nsf" database on Lotus Notes servers without being logged in.
438f8fa64a94121b43b7b7e1b5eef7fc543a121fdbb1de48b7fc02b951ba17ae
iDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version 7.0.1.1 of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.
e24a6b648c0945b340012510654538e27d061dadc4ee809651273533be054a00
Perl and bash scripts to enable easy manipulation of Tor traffic exiting through your Tor node. Uses Linux iptables QUEUE target to dump Tor exit traffic into a processing script, which modifies the packet with a web-bug, then re-injects it onto the wire again.
e264ded751e5361a5dd4ab1ab99f84c92f40fbc9acd30e7fdf0c7d4b072d2379
Paper describing simple means of finding the true address of Tor clients, if they are browsing an HTTP (non-encrypted) website and exit through an exit node which you control. Presents technique for using iptables to inject Javascript, Flash, into web traffic to persuade the client to temporarily bypass the Tor network.
477c69883b11c9ea4888422b2968acc602e150bee30795b919f37527a85f5de8
Paros version 3.2.5 and below may contain a flaw where a remote attackers can connect to a database port opened on the machine running Paros, without supplying any credentials.
e15f1f6aa00303b3b7411b2126695817306f14c95f70b336426ec3af0f2137ff
This is a Perl script that can search files to identify whether data has been hi dden using a weak steganography tool for Windows named Camouflage. If Camouflage has been used, it prints the approximate amount of hidden data, and says how many hidden files there are. If a password was used to "protect" the hidden data, the password is printed out. It has been tested against .doc carrier files, and tested against Camouflage v1.2.1. It also saves an unprotected version of the file with a different name.
1e41627ee891f89cb5aa1c4e441cd1ec6065587fedf8c8f504930887f92bb62a