PScanDetect version 0.8 is a utility that will detect TCP-based portscans. Tested under FreeBSD 5.1, OpenBSD 3.3, and Slackware Linux 9.0.
1b74539c9e0cfe25914068560f46eada7a570bd6136dcd7882274d57af719da3
DCAM webcam versions 8.2.5 and below suffer from a directory traversal attack that allow a remote attacker to access any file available to the webserver uid.
3100d7453b6443b31ae5e4981c57020c628cd6fe3e5be2d1e7ef034ab11dcc3e
osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.
4c4f31e91ddc721a290c33f3497928cb959707eed54691809a10b531978ae64e
CesarFTP version 0.99g and below has a security hold in the command CWD that allows a remote attacker the ability to cause a denial of service by raising the CPU utilization up to 100%.
e77b6fdaa8347138e3f274c7636cf361b6cc6c8d56c457137aa6dfaf64408317
Xerox Document Centre 470, 255ST, and possibly others allow for remote unauthorized access to files, access to plaintext passwords for the HTTP administration interface, access to DES passwords for the operating system, and read-write access to HTTP users and passwords.
026b93d3219efe238d3210af33b8dafe109314334e03c1bb222b23d44131e548
The Nmap 3.28 Statistics Patch adds the -c switch which guesses how much longer the scan will take, shows how many ports have been tested, resent, and the ports per second rate. Useful for scanning firewalled hosts.
ea4f1b08c7795a3b387ea8ad7bc01d8df30e1ec9964d3b0da43604e5488c61da
A fault lies in ProjectForum versions 8.4.2.1 and below that allow an attacker the ability to cause the server application 'projectforum.exe' to crash and stop responding to requests from clients. This can be triggered by sending an overly long 'find' request string to the server in question.
65f76484d200b45742b4b7e25e6f7fa7bc5718044f09aef7e4e55d17544ecfc7
i-am-doh is a utility that filters approximately 75% of all false-positives given by an IDS. It uses existing reliable tools like Nmap, Nessus, and Amap to validate IDS alerts based on the following criteria and techniques: OS identification, service identification, port scanning, vulnerability scanning, online CVE and bug interpretation, and server importance weighting.
8240812efc3fddb3c130b13349ca734da19a96a92366c88e4e6aa21be0bd7fd3
WARD v2.0 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone number lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environments). Tested on OpenBSD, Linux, and Windows under Cygwin.
9e8fef3e2e9568bdfa6a72fb1dbb6de5773363101d30bbac16e3271d4428b2f9
vlogger is a new release from THC that logs keystrokes on a Linux box. It logs all console, serial, and remote sessions, and does not use syscall modification. It allows for both local and remote logging methods.
48c0deb9db950f6cc98d94e0a4ff079bfb6a7b92fa46a5145513b1c13eb2a414