what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2004-08-05

Posted Aug 5, 2004
Site spamassassin.apache.org

SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

systems | unix
SHA-256 | 5215f2cf8a5eb47af16a7419f260aee06ca28f1c05df6c33be63d274f6c1c2a7
Chris Evans Security Advisory 2004.1
Posted Aug 5, 2004
Authored by Chris Evans

libpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.

tags | advisory, overflow
advisories | CVE-2004-0597, CVE-2004-0598, CVE-2004-0599
SHA-256 | 9fc510600a44d8e31608573552503b13a04a1c01395734a87d480c64618ef40c
Fwknop Port Knocking Utility
Posted Aug 5, 2004
Authored by Michael Rash | Site cipherdyne.org

fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.

tags | tool, scanner
systems | linux, unix
SHA-256 | 9650502e2cea77f436fb0a866d6d49819e7bc22e6d8bb0817da57228f1fb6604
Posted Aug 5, 2004
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: Updated various bits of code.
tags | imap, library
SHA-256 | e7fd87dd6a1343aea742814e47d7a04ffccc0d051817c916fab4657bea45b034
Technical Cyber Security Alert 2004-217A
Posted Aug 5, 2004
Authored by US-CERT | Site cert.org

Technical Cyber Security Alert TA04-217A - All applications and systems that use the libpng library versions 1.2.5 and below are susceptible to several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.

tags | advisory, remote, arbitrary, vulnerability
SHA-256 | 2e6b583e3cd882338a1877dfdce7abe25d050a36cd02d978497fe119a07f1f64
Posted Aug 5, 2004
Authored by Donato Ferrante | Site autistici.org

Free Web Chat suffers from both denial of service and resource allocation bugs.

tags | advisory, web, denial of service
SHA-256 | b362a9f9b51a02212145eb681c34e6703a1ce8028a93fa4e37eeca36ea288982
Posted Aug 5, 2004
Authored by CoolICE

thttpd version 2.07 beta 0.4 on Windows is susceptible to a directory traversal attack.

tags | exploit
systems | windows
SHA-256 | 8ce037e5fde72e96c8c9a8d297d49ac93812fff192124870c7ada125fbc0c01e
Posted Aug 5, 2004
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: 3 new modules including CVS, SMTP-AUTH, SNMP. GTK-GUI updated. Small bug fixes.
tags | web, cracker, imap
systems | cisco
SHA-256 | 74bb4d2e7a6dd6cc3d47ef3112f18d66021dcbbb8411a5bb7b5e5e8121445fea
Posted Aug 5, 2004
Authored by Bruce Ward | Site doorman.sourceforge.net

The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.

Changes: Fixed several bugs.
tags | tool, tcp, rootkit
systems | unix
SHA-256 | 5669f3b557c15b343f152b34edc206bd33e874613ddc50ea1418d89cd20dc8dd
Posted Aug 5, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Successful exploitation allows local users to have access to kernel memory. Kernel series affected are 2.4.26 and below and 2.6.7 and below. Full exploit provided.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2004-0415
SHA-256 | 92706af943a287522ac0045554f0149a454453a2c0f2f0482f4e4f98d714283a
Posted Aug 5, 2004
Authored by HexView

Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.

tags | advisory
SHA-256 | e6a95aba557fecb0404997af5ad693bdb744910e82a8e30d9cad43caeeb4742e
Posted Aug 5, 2004
Authored by Dominus Vis

GoScript version 2.0 allows for remote command execution due to a lack of input validation.

tags | exploit, remote
SHA-256 | a20e454e6f775142f9f45026076fa8df5eb5fb923e053a1fe8d45bb307ae6d57
Echo Security Advisory 2004.3
Posted Aug 5, 2004
Authored by y3dips, Echo Security | Site y3dips.echo.or.id

JetboxOne CMS version 2.0.8 keeps system passwords in an unencrypted state and also has a remote code execution flaw.

tags | advisory, remote, code execution
SHA-256 | b1e5dc4defffff99c27ff9d8f7a58a28058aa20c7886e2691265f0547b90ded7
Posted Aug 5, 2004
Authored by y3dips | Site y3dips.echo.or.id

eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.

tags | advisory, xss
SHA-256 | 60638bbb95e9a7ce651c3e384bfaaa636ff1aff85d2311db1f9d4c5907dfc386
Posted Aug 5, 2004
Authored by Donato Ferrante | Site autistici.org

When over 40 connections are made to Webbsyte 0.9.0, the service crashes.

tags | advisory
SHA-256 | 12c2dcce1b42eb0808a9da9ec432387ab867d5469e37f8251f8f8ea3d4e6ff64
Posted Aug 5, 2004
Authored by Andrea Luzzardi | Site sig11.org

pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.

Changes: Various fixes.
systems | linux
SHA-256 | 6e30403879ec19196e18de414075fa15c8adb0741e3c08b048e128243a55304d
Posted Aug 5, 2004
Authored by Daniel De Luca, Laura Nunez, Carlos Sarraute | Site coresecurity.com

Putty client versions below 0.55 suffer from a flaw that allow for arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | 856165b9a1019d82da170dc548b0101ac9b2f7a3ed57d807f51a58edcb9bc56c
Posted Aug 5, 2004
Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in WackoWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 871d905f6c1ccf7f4d9ef89edfa21e046946319eaf00cb0fc7ac0b68250d4f27
Posted Aug 5, 2004
Authored by Mark Ellzey Thomas | Site juniper.net

Juniper Networks NetScreen Advisory 59147 - A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen firewall can crash the device before having to authenticate. Upon execution of the attack, the firewall will reboot or hang, which will prevent traffic to flow through the device.

tags | advisory
systems | juniper
SHA-256 | 9bcd70260d6dde060190ee50a49684a445f003622c74f3d12acdfc64e035c869
Posted Aug 5, 2004
Authored by Ziplock | Site impost.sourceforge.net

Impost is a multi-purpose scriptable network protocol security auditing tool designed for analyzing network attacks and exploitations while operating as a honey pot or packet sniffer.

tags | tool, protocol, intrusion detection
systems | unix
SHA-256 | 328d901e82f37fe312a9613a3c34162a1cff4ff1757abb3e917170bb12532c54
Posted Aug 5, 2004
Authored by Marc Schoenefeld | Site sunsolve.sun.com

Sun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.

tags | advisory, java
SHA-256 | 441d16f4938f5f20a31b65a37e706bd5bb719aa73130e7418c55e5fea7934e5d
iDEFENSE Security Advisory 2004-08-02.t
Posted Aug 5, 2004
Authored by Zen-Parse, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 08.02.04: Netscape version 7.0, 7.1, and Mozilla 1.6 are susceptible to a SOAPParameter constructor integer overflow vulnerability that can allow for arbitrary code execution running in the context of the user running the browser.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2004-0722
SHA-256 | 88413467e44183e31e567dec2fc2a3d60529654bdf33627a4cbbcf7719b47e98
Posted Aug 5, 2004
Authored by MS Blows

A vulnerability in WHM Autopilot versions 2.4.5 and below allows malicious attackers the ability to access usernames and clear text passwords.

tags | advisory
SHA-256 | 37a784924f73c52e2f1d8ba17ae1d4fb01c61b4651de4a06076fa4664d9f515d
Posted Aug 5, 2004
Site pldaniels.com

A security flaw in ripMIME version 1.x allows attackers to bypass filtering software.

tags | advisory
SHA-256 | 1149ac92bd31c03d520f85fdf4148ad5d0356181a7f051c3a3dc6ae6132c231a
Posted Aug 5, 2004
Authored by Chew Keong TAN | Site security.org.sg

Proof of concept bindshell exploit code that makes use of a buffer overflow vulnerability found in BlackJumboDog FTP servers versions 3.6.1 and below.

tags | exploit, overflow, proof of concept
SHA-256 | 086e7e22e2463b7bbcc13eb02b167f80971aed861197c0f0d06aaa01a7342f14
Page 1 of 3

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By