tcpick is a textmode sniffer that can track TCP streams and saves the data captured in files or displays them in the terminal. It is useful for picking files in a passive way. It can store all connections in different files, or it can display all the stream on the terminal with colors.
bb94f2f9ea81aeb645619fbe9b3b9a29
Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.
860fda64f6cd95c7472fcb4c0a1cc6e6
Abuse problems exist for the DIRECTORY object in Oracle. Patches have been released for this issue.
803258067f733e8a856a457aa6a0a7c1
iDEFENSE Security Advisory 01.18.05 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. Version 3.00 is affected, possibly earlier revs as well.
cd9ba618d021a52a31157d9195bfe578
SCO Security Advisory - SCO has just come to terms with the fact that chroot jails can be broken out of.
ecfe697c76f391c282530a2991633fbe
It appears that the Microsoft patch released to fix the HHCTRL.OCX vulnerability discussed in MS05-001 can still be exploited using other IE bugs that are not patched.
e8e7c9edc03c858823b43abe69069c07
NGSSoftware has discovered SQL injection and buffer overflow vulnerabilities in Oracle 10g and 9i database servers.
1c1c31a52f2d42ce6a4abb3d45aceeda
Remote fingerprinting tool for Oracle and DB2 that allows for discovery of versions and OS information.
c7864372da1e20d5aa25b8a8f210b74c
NodeManager Professional 2.00 buffer overflow exploit that binds a shell to port 2001.
d3ea564e89596c5826d835b8f712e9cc
Debian Security Advisory 644-1 - Danny Lungstrom discoverd a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.
12496d9f2e9feaf4f297bccb999e0e65
Debian Security Advisory 643-1 - jaguar of the Debian Security Audit Project has discovered several buffer overflows in queue, a transparent load balancing system.
b9259d6d512eaddad1fd8e67a9bf50aa
The Netegrity SiteMinder smpwservicescgi.exe is susceptible to a remote data inclusion vulnerability that allows for phishing attacks.
2d8ada3ab66ec8268d82e552fa2e164c
The Novell GroupWise WebAccess error module handling has a flaw where a malicious attacker can circumvent the login procedure.
b0d1478da0d41ff19dbc734c7afca5ee
Proof of concept local exploit for Exim version 4.41.
a710a65db5bce4ca9cedd2b3d59cc373
Peer2Mail Encrypt passdumper exploit version 1.0. Versions 1.4 and below are affected. Tested on Win XP SP2.
e6376162f2a711928b65864775d81550
INCA nProtect Gameguard has a flaw where it allows for unrestricted I/O access.
039aa93fdd22aa2f7142107830c8d559