GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
fcfe9788eeb86aec8286a2aeb63d69a461d680c8c18bd1fb23cf0ca451ff0c22Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
d6a8d99407835d5ef5f471f4db9dc3295c0a351b03cabd88fa7aa8ca2167387aalph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
f5aa51c872acee7a128dfa5f2f8514077b82dcdc2b49d6ef166acb365868e644Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6cda0a49500a9a6297a838d0bb6f347a2a1857f1f1255ba8263ff1a53bdd19c3iDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'passwd' command allows attackers to gain root privileges. The problem specifically exists in the parsing of a long string passed as the first argument to the set user id (setuid) binary 'passwd'. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.0. Earlier versions are suspected to be susceptible to exploitation as well.
06f374addaad971696f3fd627b3ccd5ce05a153954a982d03ec4316d20337483iDefense Security Advisory 02.07.06 - Local exploitation of a design vulnerability in QNX Software Systems QNX Realtime Operating System (RTOS) allows attackers to execute arbitrary commands with root privileges. The problem specifically exists because QNX RTOS 6.3.0 ships with world writable permissions on the file /etc/rc.d/rc.local. iDefense has confirmed the existence of this vulnerability in QNX RTOS version 6.3.0. Version 6.0 was also tested and found to not be vulnerable.
6a78bfbd31d4f7cf0b96d3ac4c7a99bbfeb4320ca03b220a0bb56bb47726ecb0iDefense Security Advisory 02.07.06 - Local exploitation of a denial of service vulnerability in QNX Software Systems QNX Realtime Operating System (RTOS) allows attackers to crash the operating system. iDefense has confirmed the existence of this vulnerability in QNX RTOS version 6.3.0. Version 6.0 was also tested and found to not be vulnerable.
ccb9b46bd5f2b099f7a2bee5dd441ced33e5e0458920f64abac0088da29a8d99iDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'su' command allows attackers to gain root privileges. The problem specifically exists in the parsing of a long string passed as the first argument to the set user id (setuid) binary 'su'. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.0. Earlier versions are suspected to be susceptible to exploitation as well.
6e53e1f158f6377d548767905fc1643e8cffe307c362ebf7b0e261aa720e1e6eiDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'phgrafx' command allows attackers to gain root privileges. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.1. Earlier versions are suspected to be susceptible to exploitation as well.
839efc4794ca46cdb0cc87df7d761034676e0d44ab2efa1c3a18943f99740779iDefense Security Advisory 02.07.06 - Local exploitation of a race condition vulnerability in QNX Neutrino RTOS's (QNX) phfont command allows attackers to gain root privileges. QNX Neutrino RTOS is a real-time operating system designed for use in embedded systems. The problem specifically exists because phfont spawns another command, phfontphf, without proper sanity checking. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.1. Earlier versions are also suspected to be susceptible to exploitation.
d3c8f2616a38424c6d71c227d7d427ea7bcd5c7f1038f64f9629a51824bdc97diDefense Security Advisory 02.07.06 - Local exploitation of a stack-based buffer overflow vulnerability in QNX Inc.'s Neutrino RTOS Operating System allows local attackers to gain root privileges. The vulnerability specifically exists due to improper handling of environment variables in the libph system library. iDefense has confirmed the existence of this vulnerability on QNX Neutrino RTOS 6.3.0. All versions are suspected vulnerable.
c54f86cbe6e34902d7e0df31596a8e3466d5982ce10691f06a38499e53df9120eyeOS versions 0.8.9 and below suffer from a remote command execution flaw.
4a0497bee8ed948c5a1838391a11c40d8391c7632f127331f8d05fc169f462a0OProfile versions 0.9.1 and below suffer from an insecure path vulnerability that allows for privilege escalation.
b454c12397be526761d5759cd1aced4d1fadc94ac06775c457dfd4e824b6349cSeveral vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Version of Mozilla Firefox below 1.5.0.1 and versions of SeaMonkey below 1.0 are affected.
0b913a4940b9c1df8bc0877a60ff3d579cb186e228c0c21ed540d188f86298b9MyQuiz version 1.01 remote command execution exploit.
0a7cb4b6e0130e49d68b2a145976e7fbc68a64334f724b284c83c44452d1cf85NGSSoftware has discovered a high risk vulnerability in the Lexmark Printer Sharing service which could allow a remote, unauthenticated attacker to execute arbitrary code on a Lexmark printer user's computer system with Local System privileges. A workaround is included in the advisory.
17c2a0cb655fbe259348176d404b85e1491d9c102c09b66f0487118c56e74bbcThe design flow in the way The Bat! 2.x displays messages allows attackers to spoof RFC 822 headers and more.
ad0f681bcad8c9274be2769c052fb5e6dbf1f003fec29f7f9f7f7d1023ba0bdcProof of concept exploit that resets Sony/Ericsson phones via a flaw in Bluetooth.
69cb4697fe7ae13e375c9aafe468cf4269b76c5f26cdea0ba16392f54d714f4cTest exploit to see if a BCB compiler is susceptible to an integer overflow. Versions BCB6+ent_upd4 and below are susceptible.
2ab5749e3553c55c3612119fdb9d21acdfe2f5883a753a13e22f4e06e9a3569fEudora WorldMail 3.0 Windows 2000 remote SYSTEM exploit written in perl.
361603b12539a65e33b078a869e68ab0f69445a9256ccb1d2e26f31f6fea8611SQL injection exploit for ASPThai.Net Guestbook version 5.5 and possibly higher. Grabs the admin username and password.
4cd6f25c37d847c0919c5147a5de1d2eeb5a48d63ba14af76dfc64126018eeb2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed