p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
41d5cff0c19ab4add7345ce4326250d294cc6dec98912b229234e413320f7fff
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
04cc88a68ea5e59617fc1c8c6e8803d28242b3fa6cba44437c9da3022e0ce182
Secunia Security Advisory - Red Hat has issued an update for python. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
18d3a7a2b7ecdccceba0895d3e221ae785923bc6798c1e16b2cde112d0893f97
M-Phorum has multiple XSS vulnerabilities.
b79baab7df5386a738b3158923fdff3edf5c29495744c790555a9e5bb5e0ffc0
Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in txtForum Versions 1.0.4-dev and prior.
48251b6c78d7f011a1a382b1622f387e9b9421c9e742253a9f0b808aca614f36
Technical University of Vienna Security Advisory - arbitrary php script execution in txtForum Versions 1.0.4-dev and prior.
5e8cfb51c57c9eca4ce808ae98ce886b16cb8c2fcb0a3c6f0d2aebe019aa1519
Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in DCP Portal Versions 6.1.1 and prior.
b4caccb81d3a9bdfadaf0972984f3e3b84598b0f2991e69202f655898680ea06
Technical University of Vienna Security Advisory - multiple XSS vulnerabilities in MyBloggie Versions 2.1.3 beta and prior.
fc3fdb1f100b8b39b3e538171593081c324dae1fe811b1af9a2c650644a5b9cf
PHP Upload Center allows anyone to download users password hashes and upload malicious php scripts.
c9121b0e7c141f324a8113f226faa8d61c1346fe0babb7462765aa95ebe4f7a3
n8cms versions 1.1 and 1.2 suffer from XSS and SQL injection.
cbeb9a84efe8ff88818b084a4abdeb582aa02dddaa34adca0fd3a9fd8e4b75f6
It is possible to download the users password hashed in PHP Advanced Transfer Manager 1.x via a special URL.
94dd1adf4a7926508e3f52f536f7a190f575b355f715a85e793baf17aa2aa609
Jiros Banner Experience Pro versions 1.0 and below suffer from an authentication bypass vulnerability allowing any user to add a new administrative account. POC included.
fe7043c3de858341e8233f94103abd1387aaf31f2aa324efa0735d05074b070a
Denial of Service exploit for UnrealIRCd 3.2.3 adding/removing Q:lines vulnerability.
6d025d3b680fcdc21358730b855415d1c165aa1bb70ca818e2bcb1be328d6e0e
Easy File Sharing Web Server version 3.2 suffers from multiple vulnerabilities that could lead to system compromise.
a33505aa97f2b355e249415d1af996b6206bcf6816314844669f76bc19bb9782
INFIGO IS Security Advisory #INFIGO-2006-03-01 - After short research, a high-risk vulnerability was discovered in PeerCast Streaming server v0.1215 and lower. Unauthenticated remote users can send specially crafted request to the HTTP server that will cause stack overflow, what can be easily exploited for remote code execution. The problem is present in URL handling code.
c334b17bc91d38d44fffbe0e633dd84255953f426951b55f9564364c3c5337bd
Mandriva Linux Security Advisory - A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors.
749971e44af07b6b00d79d856c2f935b9c240a9e72dd94d9b3011d217b6f9bd1
Debian Security Advisory DSA 989-1 - Neil McBride discovered that Zoph, a web based photo management system performs insufficient sanitizing for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack.
d5a06f97d16141c6f068c47418d23f07b2ed8dbad8d4be9f67668b004e48d20f
nCipher Security Advisory No. 14 - During a major code review carried out for a recent release, nCipher discovered some undesirable features in the nCore code base.
1ae5d9062e54e3f748d30d81370d12a965f7708bdbdf544827dc40ec62f0c902
nCipher Security Advisory No. 13 - Application programmers using the nCore API to calculate and verify CBC MACs may have accidentally implemented a MAC protocol which fails to detect certain modifications to messages it is supposed to protect.
0113ab7cdf5e9f25e993a9424d301409fc7a05775d327031d07c8b8691d0f116
nCipher Security Advisory No. 12 - In some circumstances, Diffie-Hellman keys generated by an HSM may be less secure than previously thought. An attack which recovers a vulnerable private key is (for typical parameters), expensive but possible.
04af3808636943702fa919ce246c65e59d130466c753606a7326f9b9e9df00d8
QwikiWiki 1.5 suffers from multiple script injection vulnerabilities in index.php, login.php, and pageindex.php.
6fe9f961b16a9b3fb9bd7dbc6839e54b62f887ed93a529b4a0c5a24e2b3960a6
ADP Forum 2.0.x is vulnerable to script injection while posting messages.
2ed2a823d9229a7713b6bb331294325d16d362411301591c45b30cd9ecb08eed