p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
41d5cff0c19ab4add7345ce4326250d294cc6dec98912b229234e413320f7fffNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
04cc88a68ea5e59617fc1c8c6e8803d28242b3fa6cba44437c9da3022e0ce182Secunia Security Advisory - Red Hat has issued an update for python. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
18d3a7a2b7ecdccceba0895d3e221ae785923bc6798c1e16b2cde112d0893f97M-Phorum has multiple XSS vulnerabilities.
b79baab7df5386a738b3158923fdff3edf5c29495744c790555a9e5bb5e0ffc0Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in txtForum Versions 1.0.4-dev and prior.
48251b6c78d7f011a1a382b1622f387e9b9421c9e742253a9f0b808aca614f36Technical University of Vienna Security Advisory - arbitrary php script execution in txtForum Versions 1.0.4-dev and prior.
5e8cfb51c57c9eca4ce808ae98ce886b16cb8c2fcb0a3c6f0d2aebe019aa1519Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in DCP Portal Versions 6.1.1 and prior.
b4caccb81d3a9bdfadaf0972984f3e3b84598b0f2991e69202f655898680ea06Technical University of Vienna Security Advisory - multiple XSS vulnerabilities in MyBloggie Versions 2.1.3 beta and prior.
fc3fdb1f100b8b39b3e538171593081c324dae1fe811b1af9a2c650644a5b9cfPHP Upload Center allows anyone to download users password hashes and upload malicious php scripts.
c9121b0e7c141f324a8113f226faa8d61c1346fe0babb7462765aa95ebe4f7a3n8cms versions 1.1 and 1.2 suffer from XSS and SQL injection.
cbeb9a84efe8ff88818b084a4abdeb582aa02dddaa34adca0fd3a9fd8e4b75f6It is possible to download the users password hashed in PHP Advanced Transfer Manager 1.x via a special URL.
94dd1adf4a7926508e3f52f536f7a190f575b355f715a85e793baf17aa2aa609Jiros Banner Experience Pro versions 1.0 and below suffer from an authentication bypass vulnerability allowing any user to add a new administrative account. POC included.
fe7043c3de858341e8233f94103abd1387aaf31f2aa324efa0735d05074b070aDenial of Service exploit for UnrealIRCd 3.2.3 adding/removing Q:lines vulnerability.
6d025d3b680fcdc21358730b855415d1c165aa1bb70ca818e2bcb1be328d6e0eEasy File Sharing Web Server version 3.2 suffers from multiple vulnerabilities that could lead to system compromise.
a33505aa97f2b355e249415d1af996b6206bcf6816314844669f76bc19bb9782INFIGO IS Security Advisory #INFIGO-2006-03-01 - After short research, a high-risk vulnerability was discovered in PeerCast Streaming server v0.1215 and lower. Unauthenticated remote users can send specially crafted request to the HTTP server that will cause stack overflow, what can be easily exploited for remote code execution. The problem is present in URL handling code.
c334b17bc91d38d44fffbe0e633dd84255953f426951b55f9564364c3c5337bdMandriva Linux Security Advisory - A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors.
749971e44af07b6b00d79d856c2f935b9c240a9e72dd94d9b3011d217b6f9bd1Debian Security Advisory DSA 989-1 - Neil McBride discovered that Zoph, a web based photo management system performs insufficient sanitizing for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack.
d5a06f97d16141c6f068c47418d23f07b2ed8dbad8d4be9f67668b004e48d20fnCipher Security Advisory No. 14 - During a major code review carried out for a recent release, nCipher discovered some undesirable features in the nCore code base.
1ae5d9062e54e3f748d30d81370d12a965f7708bdbdf544827dc40ec62f0c902nCipher Security Advisory No. 13 - Application programmers using the nCore API to calculate and verify CBC MACs may have accidentally implemented a MAC protocol which fails to detect certain modifications to messages it is supposed to protect.
0113ab7cdf5e9f25e993a9424d301409fc7a05775d327031d07c8b8691d0f116nCipher Security Advisory No. 12 - In some circumstances, Diffie-Hellman keys generated by an HSM may be less secure than previously thought. An attack which recovers a vulnerable private key is (for typical parameters), expensive but possible.
04af3808636943702fa919ce246c65e59d130466c753606a7326f9b9e9df00d8QwikiWiki 1.5 suffers from multiple script injection vulnerabilities in index.php, login.php, and pageindex.php.
6fe9f961b16a9b3fb9bd7dbc6839e54b62f887ed93a529b4a0c5a24e2b3960a6ADP Forum 2.0.x is vulnerable to script injection while posting messages.
2ed2a823d9229a7713b6bb331294325d16d362411301591c45b30cd9ecb08eed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed