Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
10ff9fd6b49ee1e3cd8c808c144b15f6e07c3764175082f806d06f9debed2005Vodka-tonic is a cryptography-steganography hybrid tool. It a three level security system for paranoid people.
939d79539e16de5957014ff791e73841ffc30d31151048e1994b972a873a0122Symantec LiveUpdate is susceptible to compressed archive attacks known as zip bombing.
2673b88a121041513379080564220f8659436f861cf25d1939c9738f8b4f4a07Gentoo Linux Security Advisory GLSA 200411-09 - A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users.
712ff42172183aa18195d65849d77bae25090163b5a8b43e7b187bc13a76502dSecunia Security Advisory - Gemma Hughes has reported some vulnerabilities in MailPost, which can be exploited by malicious people to disclose some system information and conduct cross-site scripting attacks.
abdc80782b8157240cfd8f1f33b3d15d19f7db25c6d3d9b398566cb65cf5d3c3Technote web board products are susceptible to a remote command execution vulnerable that has been around since 2000.
9162575cff330a3a6f5f758112febfe761eec00fa08132654395f203897273d9Zip console application by Info-Zip is susceptible to a buffer overflow condition that can be triggered and exploited during a recursive compression operation.
274803fde916bd9e952281ab6546188a8fdc6b1c96a71fcd827aee6005de24b5Callwave.com's customer service automated termination service is vulnerable to caller-ID authentication spoofing, enabling arbitrary termination of customer accounts.
171555055c098024d7fb30eb1ea9a57dc49c2128b9f5392a611a4f04e6da62e5Proof of concept denial of service exploit for iptables versions below 2.6.8 that makes use of an integer overflow in the logging functionality.
9fb075c2caa69909e37955b2818aea2dfacccb41c87a16e0ea4845eaa43faa5asherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
71c3b4794f274cf60f3568a7bcae464ed7a0556ec5625d6df534207018bf763balph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
f335954da217460b076f3f87442e489aa22dee7fab393097a7cb1146a3f533d1Secunia Security Advisory - plonk has discovered a weakness in Mozilla and Thunderbird, which can be exploited by malicious people to enumerate valid email addresses.
70cbcb1b1cb32898e5e0826f8c3451eaafea87e3f85dbc1dcdbe128b0054c35bA vulnerability has been discovered in F-Secure Anti-Virus for MS Exchange, which may prevent detection of malware in certain archives.
bb2297adabcabdaa680484a6360d87b55765bfdb694dbdea225a540c4d52044eSecunia Security Advisory - A vulnerability has been reported in Gallery, which can be exploited by malicious people to conduct script insertion attacks. Some unspecified input is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious user data is viewed.
9dc001abb18d60bff935f6640c50bcf5d0f9eacde4953f1c5f38938eef6b0d7aSecunia Security Advisory - Two vulnerabilities have been reported in FsPHPGallery, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose system information.
ce52a0cde3b8ff8e1259ee58df0a9008e51cde29a53565ab26a0e5692adefcafSecunia Security Advisory - Some vulnerabilities have been reported in Gbook MX, which can be exploited by malicious people to conduct SQL injection attacks. Gbook MX fails to verify input passed to various scripts properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3e52d9bc3314053a1e0edead28e14c55df26b88e34aeaf5fc14b537be47359d5Gentoo Linux Security Advisory GLSA 200411-07 - Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process.
d19faeae338287a91db3df7b0ae3dcde4baf11b232ad9cf5b44389b8c9f02728Sun Security Advisory - Using malformed client certificates, a remote unprivileged user may be able to crash a Sun Java System Web Server or a Sun Java System Application Server.
c22de5d73a25dc36f7a16867e65399740d2d09aec1446ebb6bb6b6e693c1e922There is a security bug in Microsoft Internet Explorer, which allows to show any faked target-address in the status bar of the window. Tested in Microsoft Internet Explorer 6 SP1 (6.0.2800.1106) with all patches installed on Windows 98.
07bc6af07060fd1c49b121465a16289a56c53c4e7ac151fd1697434a5d9e16ffGentoo Linux Security Advisory GLSA 200411-06 - MIME-tools does not handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses.
0d752924082c8519f3679d52cc3525795d8f3ba98117c4d978e197daf6ce6380Web Forums Server versions 1.6 and 2.0 suffer from directory traversal attacks and also store passwords in cleartext.
a2ccfb0e3ea3b6862542182bc05b4cba9dc2ca266d01b59dc2356f382aebbde0Methods exist to allow for Microsoft ISA authentication bypass when the server is configured as a proxy.
20d67b32faeaa9d4c6a6633a67f0bc202a0ca8b8aa5ad2d7669d258aff6babccCisco Security Advisory - A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct. Only version 3.3.1 of the Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine is affected by this vulnerability.
5d9223d179086964baa6711e3d4713507dccf6304265e119bbcf3b8eb1a60d52Secunia Security Advisory - Lyndon Dubeau has reported a security issue in NetGear FWAG114 ProSafe Dual Band Wireless VPN Firewall, which can be exploited by malicious people to read or manipulate configuration information. The problem is that it is not possible to disable the SNMP service nor change the default SNMP community strings. The problem has been reported in firmware release 1.0.26RC4. Other versions may also be affected.
ce8088360acd36d27b92b5320bc300140c19379438b86e163025f5ac775e72bcGentoo Linux Security Advisory GLSA 200411-04 - A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.
f4350556f83cf6b1617ccc40ffd62de9f984c342079ae225d5d8e791d6841a37
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed