Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
80457d508b090b0a369b44a7fe2770de8236f33f467c3bc2e3f40e5c498e1ae3disftpsc is a tool that makes use of FTP bounce and each port of the target machine is scanned using another FTP proxy.
bb497166b1d46ccb39f2fb2f0c332e465b827c6788e7d329cf482a7aa388dfc9Proof of concept exploit for MultiTheftAuto versions 0.5 patch 1 and below. This causes Windows to crash.
7e8041ad033eae6cd20f4d216e558d443dba998b302a4bdf4c6b46835fdf9eceMultiTheftAuto versions 0.5 patch 1 and below allow anyone to modify the motd and cause a crash in Windows.
c64d313f5dc7c205478d5c7de60955c0bda03b5c79cb6ea40f3641bdbca0b54eUbuntu Security Notice USN-187-1 - A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault exceptions under special circumstances (scheduling), which lead to a kernel crash. Vasiliy Averin discovered a Denial of Service vulnerability in the tiocgdev ioctl call and in the routing_ioctl function. By calling fget() and fput() in special ways, a local attacker could exploit this to destroy file descriptor structures and crash the kernel.
fae87c160625ea0aa26f17338f7d6f5053368777a81d857b5ae41a045d0dc217The ContentServ CMS allows for remote file disclosure. Exploitation details provided.
7f023ffca1207787da7967c8d5fbee488ab07f7b2629827e0b3f0fd32b87fb26Linux Qpopper poppassd latest version local root exploit.
359257daa77f9f0e2c89be1a887fb0aee80f2b97f3cb11af5a5f3c2e3e21073dFreeBSD Qpopper poppassd latest version local root exploit. Tested on FreeBSD 5.4-RELEASE.
ec9e82155213753b712f0aa73de5fe9e2ef20be39dbc88b2b8f9c0fc19bed853WzdFTPd versions 0.5.4 and below remote command execution exploit.
f7f9963844c4f4bd7d1a8a49da8c384e861ff2cf0f68aaf1cb006cec8543227dWhitepaper entitled "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more."
f9a2ac7567ed51e0a9e6e4ff4008bf10f202d346e42b74a07fdaa5b5d39e055fGeSHi version 1.0.72 is susceptible to a local file inclusion vulnerability.
1b769d2ceebbe29458133f77b4b4f3c635e125a1a866a8a371bdfc04f5cfe7dfSuresec Security Advisory - The malloc() function on Mac OS X insecurely trusts a debug variable, regardless of the fact that the calling application may be suid root. This can result in an arbitrary file being overwritten, which can be used to escalate privileges.
cdb59539bd347748b5b59524ac993ceffaf516ffabd88ddfebd8dcd9e1a43d1bCMS Made Simple 0.10 is susceptible to a cross site scripting attack.
ef63f404102edc1137d3a52efae22ba5c90c46ae26e8aab7cf1e6a21d42a4e3eThis presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
3ab52b06315c51be5592e0eb263596d926684a34f932ce28649184d7e7e1d185Bilbo is a wrapper for nmap which makes it easier to scan lots of machines or networks.
bff8373389454c65b14bc6b10a52eeb0a1fc61967fab8ade193b6092b2787f01MailGust 1.9 is vulnerable to a SQL injection attack that allows for board takeover. Exploit provided.
28ab60a0500bfc5e64b00a09e3e5cfc960c5842cc91fd51bd3f9c015be26ab73AlstraSoft E-Friends is susceptible to a remote command execution flaw. Details provided.
04558972c962230e473329bbe394de586e275912854405ac5f3ace9b2e51a9bdGentoo Linux Security Advisory GLSA 200509-17 - Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process. The default configuration shipped with Gentoo does not enable the full PAM conversations option and is therefore unaffected by this flaw. Versions less than 1.230 are affected.
a2b323a8185b1247befd647c72d00f474b4dae1d7389cfb354d32de11d1f3ec6Gentoo Linux Security Advisory GLSA 200509-16 - Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Versions less than 0.19.2 are affected.
7943ef5dd4c3e9711bd373818cc301f5f129200015fc560385abe50b03004649Debian Security Advisory DSA 820-1 - Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer.
d39e1b10d15a759ca8220ce2607902c1ac4d3eea7d83cd7421c8f083820eb551
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed