Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
80457d508b090b0a369b44a7fe2770de8236f33f467c3bc2e3f40e5c498e1ae3
disftpsc is a tool that makes use of FTP bounce and each port of the target machine is scanned using another FTP proxy.
bb497166b1d46ccb39f2fb2f0c332e465b827c6788e7d329cf482a7aa388dfc9
Proof of concept exploit for MultiTheftAuto versions 0.5 patch 1 and below. This causes Windows to crash.
7e8041ad033eae6cd20f4d216e558d443dba998b302a4bdf4c6b46835fdf9ece
MultiTheftAuto versions 0.5 patch 1 and below allow anyone to modify the motd and cause a crash in Windows.
c64d313f5dc7c205478d5c7de60955c0bda03b5c79cb6ea40f3641bdbca0b54e
Ubuntu Security Notice USN-187-1 - A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault exceptions under special circumstances (scheduling), which lead to a kernel crash. Vasiliy Averin discovered a Denial of Service vulnerability in the tiocgdev ioctl call and in the routing_ioctl function. By calling fget() and fput() in special ways, a local attacker could exploit this to destroy file descriptor structures and crash the kernel.
fae87c160625ea0aa26f17338f7d6f5053368777a81d857b5ae41a045d0dc217
The ContentServ CMS allows for remote file disclosure. Exploitation details provided.
7f023ffca1207787da7967c8d5fbee488ab07f7b2629827e0b3f0fd32b87fb26
Linux Qpopper poppassd latest version local root exploit.
359257daa77f9f0e2c89be1a887fb0aee80f2b97f3cb11af5a5f3c2e3e21073d
FreeBSD Qpopper poppassd latest version local root exploit. Tested on FreeBSD 5.4-RELEASE.
ec9e82155213753b712f0aa73de5fe9e2ef20be39dbc88b2b8f9c0fc19bed853
WzdFTPd versions 0.5.4 and below remote command execution exploit.
f7f9963844c4f4bd7d1a8a49da8c384e861ff2cf0f68aaf1cb006cec8543227d
Whitepaper entitled "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more."
f9a2ac7567ed51e0a9e6e4ff4008bf10f202d346e42b74a07fdaa5b5d39e055f
GeSHi version 1.0.72 is susceptible to a local file inclusion vulnerability.
1b769d2ceebbe29458133f77b4b4f3c635e125a1a866a8a371bdfc04f5cfe7df
Suresec Security Advisory - The malloc() function on Mac OS X insecurely trusts a debug variable, regardless of the fact that the calling application may be suid root. This can result in an arbitrary file being overwritten, which can be used to escalate privileges.
cdb59539bd347748b5b59524ac993ceffaf516ffabd88ddfebd8dcd9e1a43d1b
CMS Made Simple 0.10 is susceptible to a cross site scripting attack.
ef63f404102edc1137d3a52efae22ba5c90c46ae26e8aab7cf1e6a21d42a4e3e
This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
3ab52b06315c51be5592e0eb263596d926684a34f932ce28649184d7e7e1d185
Bilbo is a wrapper for nmap which makes it easier to scan lots of machines or networks.
bff8373389454c65b14bc6b10a52eeb0a1fc61967fab8ade193b6092b2787f01
MailGust 1.9 is vulnerable to a SQL injection attack that allows for board takeover. Exploit provided.
28ab60a0500bfc5e64b00a09e3e5cfc960c5842cc91fd51bd3f9c015be26ab73
AlstraSoft E-Friends is susceptible to a remote command execution flaw. Details provided.
04558972c962230e473329bbe394de586e275912854405ac5f3ace9b2e51a9bd
Gentoo Linux Security Advisory GLSA 200509-17 - Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process. The default configuration shipped with Gentoo does not enable the full PAM conversations option and is therefore unaffected by this flaw. Versions less than 1.230 are affected.
a2b323a8185b1247befd647c72d00f474b4dae1d7389cfb354d32de11d1f3ec6
Gentoo Linux Security Advisory GLSA 200509-16 - Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Versions less than 0.19.2 are affected.
7943ef5dd4c3e9711bd373818cc301f5f129200015fc560385abe50b03004649
Debian Security Advisory DSA 820-1 - Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer.
d39e1b10d15a759ca8220ce2607902c1ac4d3eea7d83cd7421c8f083820eb551