Paper written to discuss application layer denial of service attacks with a test script that provides an example attack.
99e71bfefca08435bffe95e4201c73896fedd95f61d35792f8b30c3e2718aeb9
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
b60471ef0660af9f86f2826ae396969c0a8035a57b2f4f638f650e66d2aed4a2
CACTI version 0.8.5a suffers from full path disclosure and SQL injection vulnerabilities that allow for complete authentication bypass.
11017bef293374204c51adc94d8aff90fedb0d6463b136ea5f0d21379b42ac8b
IpSwitch IMail Server versions 8.1 and below password decryption utility. This server uses the polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break.
cdcde4da494127219fe8e50e8653ac8d70b3426eb86611ca50861a09255e7b4a
Proof of concept local exploit that makes use of a denial of service vulnerability in IPD (Integrity Protection Driver) versions up to 1.4.
c616f6a4ee3f92a68144069a0fadfefe7d0b92e5bb2761b380e5c0cebe792c8e
Next Generation Advisory NGSEC-2004-6 - The IPD, or Integrity Protection Driver, from Pedestal Software suffers from an unvalidated pointer referencing in some of its kernel hooks. Any local and unauthorized user can crash the system with some simple coding skills. Versions up to 1.4 are affected.
50720f87318f3a42e9784937201bd48fcc7fed7624a51ca79ec89c25f61005c5
iDEFENSE Security Advisory 08.16.04: Remote exploitation of an information disclosure vulnerability in Concurrent Versions Systems (CVS) allows attackers to glean information. The vulnerability exists within an undocumented switch to the history command implemented in src/history.c. The -X command specifies the name of the history file allowing an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them. This issue was patched in the latest (June 9th) releases of CVS, specifically 1.11.17 and 1.12.9.
f268381547d56c35860bc93b1ae5cbc7dede9a48d3f4a6f4aca9198b5b120a68