Full detailed analysis and explanation of a systrace vulnerability that exists in various kernels. This problem was silently fixed in the Linux 2.4.24 kernel release without any real acknowledgment to the security community. Full exploit included.
d775badadce007939d2e0dba2995c99fc100ea67e86a786f9873d0a75de4ecca
Further information regarding McAfee Freescan vulnerabilities that lead to information disclosure.
0c933e94553d043a1ade2fa60200bacdbf752c331eeb9bcde070e7b8bcf06438
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This release includes 18 exploits and 27 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
5d9afa34c2db1aa0261d2d875390a10dc8b9c11a79667404c5e3f4374e811dcd
The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allowing man-in-the-middle attacks and unauthorized connections.
71543886817095206418704efa10659ef5beea8a3d20927b8bb9d160165178e0
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
d22779b336b8f1a886cc205ee69e8034307b3db0b04c1271dda2b51474c33d0e
Kerio Personal Firewall version 4.0.13 is susceptible to a remote crash when using the web filter functionality.
aa32e7e541c23dcecb86d058506f76e1a1c434d554050792b523589586bd9cbb
NGSSoftware Insight Security Research Advisory #NISR17042004 - By crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be executed on the target machine running in the context of the logged on user, alternatively the end user would be required to open the .R3T file as a mail attachment. Systems Affected: RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealPlayer Enterprise (all versions, stand-alone and as configured by the RealPlayer Enterprise Manager).
6d743136e2278e3913a2b15ed69ed2788f1f4b991aaed8aef0dce1951f4208cf
Local root exploit for the Solaris vfs_getvfssw() Loadable Kernel Module Path vulnerability found by Immunity Security.
b55b7e3a00169c3b2dfe431cfa9a812584c8138a714dbbf728f7444853b50ac6
Asleap is a tool that exposes the weaknesses in Cisco's LEAP protocol. It can read live from any wireless interface, can monitor a single channel, perform channel hopping to look for target networks running LEAP, will actively deauthenticate users on LEAP networks so they will be forced to reauthenticate, and more.
4dc44be7567b4b2ddb253a6a70bb6a96f180f6b079ca0c5b3d7b33fefcdb9bdc