Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
2ec510bd1e7504720e2969ebeccde787
Apple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
708d91464c8f5f9de07c54ea32e04338
Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
d3aedc1d21e4c6f53b73e22762727c7d
phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
7c0a1e1bb740848737f21d9abdbd4990
A cross site scripting vulnerability in Froogle allows for theft of the Google GMail cookie.
47c5c30fb8e4ac424d9837135fe87121
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Linux version.
bcffc6072284aaf27a7dc0c59a51f196
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Mac version.
c226e7818b8ac9cc81079f1067c16b39
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Windows version.
496e871e87204957f4eb73df77653a27
Ciphire structure graphic.
bc9a3260943b68e0abc5619df10bab8b
Ciphire Logo.
9df7b48b2e4065cb892fbd08ba7bb405
afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
63bfdb094032ddb2ed136b6291f3dcef
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
e3e011e54b992a3c0330f825609fb07d
knock is a server/client set of tools that implements the idea known as port-knocking. Port-knocking is a method of accessing a backdoor to your firewall through a special sequence of port hits. This can be useful for opening up temporary holes in a restrictive firewall for SSH access or similar.
6795a3c32d8e4373790bed50655360a9
Full version of the expand_stack SMP race proof of concept exploit that makes use of a locally exploitable flaw in the Linux page fault handler code.
4f314b5f96fa72c44fff19048f9962b6
Proof of concept exploit for the locally exploitable buffer overflow in Exim version 4.41.
aa9545a6aeb06b9e4cd8c085f6770585
Siteman version 1.1.9 is susceptible to cross site scripting attacks.
dfbac9435848a88522bc7e07e3e2fcb1
iDEFENSE Security Advisory 01.14.05 - Local exploitation of a buffer overflow vulnerability in Exim 4.41 may allow execution of arbitrary commands with elevated privileges.
c89e0df39e35bdf791e26e039588e1b6
Secunia Security Advisory - Paul Brereton has reported a vulnerability in PRADO 1.x, which can be exploited by malicious people to compromise a vulnerable system.
1c3c972b631549e8e1b94cff45c94d42
Second Call For Papers - DIMVA 2005. Second GI SIG SIDAR Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. In Cooperation with the IEEE Task Force on Information Assurance.
ba951586989aa1370f81bb4d1fa11fb5
Sun Security Advisory - User accounts created with the Solaris Management Console (SMC) GUI which are configured for password aging may allow login without specifying a password.
a5ab82c79195d43cec5e7a170b1ab56e
Secunia Security Advisory - Adam Baldwin has discovered a weakness in Encrypted Messenger, which can be exploited by malicious people to cause a DoS (Denial of Service).
b1316ec12da131dc090d439baa7a43e6
Debian Security Advisory 639-1 - Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release.
1b321b47d0b3443a6a50b4b94958e220
Whitepaper discussing how to exploit overflow vulnerabilities on Fedora Core 2.
3559a134fd68ccf8a3fa3739a40b45c3
Secunia Security Advisory - OpenBSD has acknowledged a vulnerability in httpd's mod_include module, which can be exploited by malicious, local users to gain escalated privileges.
e0906500a66de0985c1d943338ef0106
Secunia Security Advisory - Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
85cbac0e3308193593175dea41ec606c