Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
b05f72bd3493e1d0b8d1ee90794c20b56668c3916fe59f0c1ec9dedcf40e49fe
Apple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
980e29b173e8a41638fcc56d3e43c65e0fadd1fe21f3843fda8f99b6a5c8e1ce
Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
bc6ce20ca36bb68498535718c232cac09a37599b8dae319f5270eaad999cd7b2
phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
ccab1b3b37dc00b2ce75e69c79399eccdef31a6d7916011f4463b9fbd94ccd62
A cross site scripting vulnerability in Froogle allows for theft of the Google GMail cookie.
0179530cd2417889ba6e45be56a4de62e152084a405eb4c88b5500db98b06304
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Linux version.
bdfc2649e91ce2b41ee5e43996b86d3c3b0e317f286e72bd676000f255675af7
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Mac version.
ec8feaaa68a21e2b005424481e8d36eb6ccd04e667a1f62a188da1443d9653ed
Ciphire Mail is an email encryption tool. It works in conjunction with your existing email client. It operates seamlessly in the background and does not interfere with normal email routines. It encrypts and decrypts email messages, and can digitally sign each message to provide authentication and guard against identity theft. It resides on your computer, between your email client and your email server, transparently encrypting/decrypting and digitally signing your email communication. It is compatible with all email clients using standard SMTP, POP3, or IMAP4 (including SSL/TLS variants and STARTTLS support). It is free for consumers, non-profit organizations, and the press. Windows version.
24828474d6e348a5e920f0149d58837c5b581be9d2c568269e6be1d7db7eb797
Ciphire structure graphic.
470f09d7607ecef2b435c3dce9cefa3bbefb2953614fc3ff558183404b0d84af
Ciphire Logo.
dd8d525636073e62571f0a02aaa473010551a55836ec098f57d43c37dd3f4e0b
afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
7225d43ab26cccb002706ef7a5a34608180b4034947e0e844593c860456d3b21
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
79d713c1411443c095526795a481e4f6660b7c5c6713739b9df1bd6a034b8212
knock is a server/client set of tools that implements the idea known as port-knocking. Port-knocking is a method of accessing a backdoor to your firewall through a special sequence of port hits. This can be useful for opening up temporary holes in a restrictive firewall for SSH access or similar.
181c2274988180f6f2b5dc3bdeb928c4c69d886c492afd7007a3489477cb522b
Full version of the expand_stack SMP race proof of concept exploit that makes use of a locally exploitable flaw in the Linux page fault handler code.
145d1f9c198c773549d49a4c5ec104fe0cf2f1f1a0edb16986e3f10aa42ac5c6
Proof of concept exploit for the locally exploitable buffer overflow in Exim version 4.41.
a3703739ac743a76f5e34f4b14e40e5c169129e1431122ee072a0597ad2ba497
Siteman version 1.1.9 is susceptible to cross site scripting attacks.
e80dd8eb12e76829443ea47b0ca233d7382c4328f5d33c7d4206955bd26662b5
iDEFENSE Security Advisory 01.14.05 - Local exploitation of a buffer overflow vulnerability in Exim 4.41 may allow execution of arbitrary commands with elevated privileges.
8c68f85820a6d392854c8ee38660da2dbde1dce5e3fef51f779a0767d67f3fb7
Secunia Security Advisory - Paul Brereton has reported a vulnerability in PRADO 1.x, which can be exploited by malicious people to compromise a vulnerable system.
a013a202c050ec0aaa5d5e1321489120b84e3795fe4567b6088d5dbd2169f22c
Second Call For Papers - DIMVA 2005. Second GI SIG SIDAR Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. In Cooperation with the IEEE Task Force on Information Assurance.
de3b0cd63c91a8442dbc5dc997a9195679c9dbb531f2ba7fa53ee8763cf156e1
Sun Security Advisory - User accounts created with the Solaris Management Console (SMC) GUI which are configured for password aging may allow login without specifying a password.
5b984bbbf10361d8f40fa865167285d7f404412c1e1be05f7c3e732225484dd8
Secunia Security Advisory - Adam Baldwin has discovered a weakness in Encrypted Messenger, which can be exploited by malicious people to cause a DoS (Denial of Service).
f38900b7e4080e79f6b633c0c67dabefbb821e879e89799bf8ce2a2f859b157f
Debian Security Advisory 639-1 - Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release.
6e494d1c570983087beb8807fe9e593a7d73c5a74adf2e3bcafa401dcefff021
Whitepaper discussing how to exploit overflow vulnerabilities on Fedora Core 2.
ce8fbbf3bbf762d554c5dc6acb53007e695dfa5905008870f4bdc2b2bbe139f2
Secunia Security Advisory - OpenBSD has acknowledged a vulnerability in httpd's mod_include module, which can be exploited by malicious, local users to gain escalated privileges.
c5723ffea326c98deb549d95dd6275a70c6165c0b7b9c0a230a3b9ac8b4fb167
Secunia Security Advisory - Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c0b16ab48e3e1fa7c055a566e9b58522c6b3d4a31b7ee6f14a5ed5fa765eacfb