iptgraph is a kernel patch that adds hooks to the netfilter subsystem for the purpose of tracking the statistics of IP packets being processed and iptable rules being triggered. It currently supports Linux kernel 2.6.11.11, 2.6.12, 2.6.12.3, and 2.6.12.4.
43eb584de08fdb0097db58a1e4fc0f9b3df61ae70857be8d44bf67bc08dab01bNinja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
d24a665624c479709b5a91d7303bfba53f43f48945d7908c4bf833a39220f7c8Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. It implements the standard FMS attack along with some optimizations, thus making the attack much faster compared to other WEP cracking tools.
ee449f4909fa8f4fed09da045eb24c44a43d30c300fe4664c1f9146b815f17c1Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
ba3ca0b2cbb2323bf730283ba3e93983b93c16bf657c4a78442e1241f594c2e5Zorum 3.5 is susceptible to remote code execution and directory traversal flaws. Exploit included.
75c3a0e5bdd561aaf7e44e601cd1377ea2e29ba452e42683a4ff48564cc47fdbProof of concept buffer overflow exploit for Chris Moneymaker's World Poker Championship version 1.0.
e5186c3c15301e48877b9d74d4c8d81d964b0e20e531c2f04717ebf60af15384Chris Moneymaker's World Poker Championship version 1.0 is susceptible to buffer overflow in the creation of the string that states the user's name joining the game.
fc7d506283bb2c39607e2efc7e042d013adfaab98f6c037c75fb967ac09efa34Technical Cyber Security Alert TA05-229A - Apple has released Security Update 2005-007 to address multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
2172d753fb743f6dde9c566d2e0a4c43f1944304734a8f0c8be9e13956e77cc3Emefa Guestbook 1.2 is reportedly vulnerable to an HTML injection vulnerability due to a lack of properly sanitized user-supplied input.
9902ed2d23dcac2d814fd059bf6ab9d6bc965f2c3aab42d6436fce90009d9ce6PHPFreeNews versions 1.40 and below are susceptible to SQL injection and cross site scripting attacks.
bccc9e9a7dc931ad6edaa966c934728da196b6ce84f1d6e2a6d856eca2891ac5The GroupWise client sometimes caches the user name and password in memory while it is running. A hostile user with administrative access to the machine where a user is logged in may dump memory and find username/password pairs of logged in users. Versions below 7 are affected.
daccc6c0233f0bedb5d274a00e22cbb85f2201a94c36fb64ed82282708ac3f80MSN Messenger password decrypter for Microsoft Windows XP and 2003. Includes the entropy value thrown in from the credui.dll GUID.
73d3162712d5b43af42864df4b5146f3dfcd067cb576e0530d1faa70df6ffa24phpAdsNew and phpPgAds versions 2.0.5 and below suffer from an arbitrary file inclusion flaw. Detailed exploitation provided.
6833a14c5428a1ab7069a247b24dedc54ba6daa383bffdce736f79ab0ab23c66Gentoo Linux Security Advisory GLSA 200508-09 - The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Versions less than 2.19 are affected.
9d8575a59702648b07b2cce8826e4aff6fdb3e7bd6a2b40ba21dda4416ec2d5eCisco Security Advisory: Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. CCA includes as part of the architecture an Application Program Interface (API). Lack of authentication while invoking API methods can allow an attacker to bypass security posture checking, change the assigned role for a user, disconnect users and can also lead to information disclosure on configured users. Versions affected: CCA releases 3.3.0 to 3.3.9, CCA releases 3.4.0 to 3.4.5, CCA releases 3.5.0 to 3.5.3.
2e0b28b5d5eafeafea32f1160b39960b09b5c19cbdc3be83260e2b0464e09eb2phpAdsNew and phpPgAds versions 2.0.5 and below suffer from arbitrary command execution, SQL injection, and various other flaws.
f6f37d6d21bfc6b7554889b68c9f913aaca557b529dc0afcabbdf7cc88811289WinFTP Server version 1.6.8 suffers from a Unicode buffer overflow.
ab27d046e0f4447dc1ecf476c43ed829dad3671be63c87b0b1920cc65e40a8c5PHPTB versions 2.0 and below suffer from multiple PHP injection flaws.
35182f28e0799a54d286a2c618ac46b67f411b5800bf94b1a40f5cd00ae1c347Debian Security Advisory DSA 777-1 - A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and Galeon will be automatically fixed as it uses Mozilla components.
fe7dd80389549d09099729c84fc045224101401ce5646a8f9b9cdf2fd780fc64mediabox404 WebRadio and WebTV manager is susceptible to a SQL injection attack that allows for login bypass. Versions 1.2 and below are vulnerable.
04669a921c6ceaddd612ede1c6c7d5a931d34d7e36deeca64cf09e1f7d91af7dSecunia Security Advisory - Thor Larholm has reported some vulnerabilities in CPAINT, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.
acafb7052a3fe041ac249354888a09a2bd50cbb3a50edf74bbf3c6f025d3f837Secunia Security Advisory - Steve Scherf has reported a security issue in Linksys WRT54GS, which can be exploited by malicious people to bypass certain security restrictions.
0a7ac43485cbb74c6096ad77a4695b550e63e38f3f548ff888c9676231dc955bSecunia Security Advisory - John Cobb has discovered some vulnerabilities in ECW-Shop, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
100456acce4b47db73f4ba0a7ee6ab52dbb53610400184686d0f6f5b7c73dbebSecunia Security Advisory - Three vulnerabilities have been reported in Legato NetWorker, which can be exploited by malicious people to cause a DoS (Denial of Service), gain knowledge of sensitive information, or bypass certain security restrictions.
1dbe6c3a63c383c904f7f587ad79d056da2df65f5d32d3723dfdda71ff009e6fSecunia Security Advisory - Multiple vulnerabilities have been reported in Xerox Document Centre, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or cause a DoS (Denial of Service).
db3bb580a4d301689d5ffe9f7ac0363196f1560ea056472ff269667bbd0efcb3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed