what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2006-12-22

Posted Dec 22, 2006
Site prelude.sourceforge.net

Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.

Changes: Fix compilation issue on system where ferror is not declared as a function.
tags | tool, remote, local, intrusion detection
systems | unix
SHA-256 | 2a35c94f1aab51fee089b72c5bd299e281d6d44199a9fed942c554d76fb21ce2
Posted Dec 22, 2006
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This new release introduces a new module ipauth_guest which can be used to add a guest system to NuFW. When NuFW tries to authenticate a packet and when this packet comes from a n IP where no client is running, then it can decide that this is a guest account which has some specific authorization.
tags | tool, remote, firewall
systems | unix
SHA-256 | 8614a4bd3f06dcda0dd7f4bfeeb1904c79d09b3cf08f9a5f510d73e1392eadc7
Posted Dec 22, 2006
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: More flexible detection of the LZO libraries when compiling. Fixed a bug where broadcasts in switch and hub modes sometimes would not work anymore when part of the VPN had become disconnected from the rest.
tags | encryption
SHA-256 | 0985993a0465b30c8b6c4ef50ec03fd810f520b1e344875e51df3db5bd18c538
TOR Virtual Network Tunneling Tool
Posted Dec 22, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Added async dns code, new dirport behavior, added a man page, and various other minor changes.
tags | tool, remote, local, peer2peer
SHA-256 | 3be8c89be5b927e73b77a82ca3d83f0f162fceea2d6a14ce1c0cf5333b36cd1c
Posted Dec 22, 2006
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Added the host to LogLevel 2. Added support for tcmalloc. Fixed problem with the initialisation of host_mut.
tags | web
SHA-256 | 316545c126f11be95deab5fb60d6a26e1aa644f9a8b5972219062ce6521e1491
Posted Dec 22, 2006
Authored by DarkFig

Ixprim version 1.2 remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | aec29fc93d3d359b2ff53e290036f5098f53c7fa9975ee28b67553cea97daac1
Netragard Security Advisory 2006-12-06
Posted Dec 22, 2006
Authored by Netragard | Site netragard.com

Netragard, L.L.C Advisory - @Mail version 4.51 does not properly sanitize email allowing for cross site scripting attacks.

tags | advisory, xss
SHA-256 | 39e68d57bada5a83cf9b09964668a0c6d5d4d57328013bb0836d4cd7e2938ac1
Posted Dec 22, 2006
Authored by Metaeye SG | Site sqid.rubyforge.org

SQL injection digger is a command line program that looks for SQL injections and common errors in websites.

tags | tool, scanner, sql injection
systems | unix
SHA-256 | 44417028b879d6d4fbf9915ad1cc1b82f2f4c92abdec94ba485af2b138092d0b
Posted Dec 22, 2006
Authored by GomoR | Site gomor.org

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. It only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3.

Changes: SinFP has now 140 signatures. Now works under big-endian architectures.
tags | tool, scanner, tcp
systems | unix
SHA-256 | b331059034af9107a5337cf0610c72d0451724675b3bc870cfbdbf7ae99ffe20
Posted Dec 22, 2006
Authored by Sergio Alvarez | Site nruns.com

NOD32 Antivirus software versions prior 1.1743 suffer from an arbitrary code execution flaw.

tags | advisory, arbitrary, code execution
SHA-256 | dcc3ac0483403c98b5780d90539d0fc3e3f9ac428aed9e62ae4ad4c049d3f440
Debian Linux Security Advisory 1240-1
Posted Dec 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1240-1 - Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.

tags | advisory, web, arbitrary, shell
systems | linux, debian
advisories | CVE-2006-5925
SHA-256 | 2fb87b3e15f1f071ef980b8d812b18f940443fa77e4eaea8cb13734a864200cd
CA Security Advisory 34876
Posted Dec 22, 2006
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.

tags | advisory
SHA-256 | 0f54412beb75b544d797f6a6475238fc984c6235fe7678318bc1b6e2c236672c
Technical Cyber Security Alert 2006-354A
Posted Dec 22, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert - Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey to address several vulnerabilities. Further details about these vulnerabilities are available from Mozilla and the Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to view a specially-crafted HTML document, such as a web page or HTML email message.

tags | advisory, web, vulnerability
SHA-256 | e107062e328dbd419858acefe8e2fad607022adda52781c93e6a34a0be90d649
Mandriva Linux Security Advisory 2006.234
Posted Dec 22, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-234 - XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic.

tags | advisory, web, asp
systems | linux, mandriva
advisories | CVE-2006-6104
SHA-256 | 8a127f50798d6860d450a586a8af3b0175981db6294bc0df3a14b9c3c9dfd77c
Ubuntu Security Notice 397-1
Posted Dec 22, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 397-1 - Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2006-6104
SHA-256 | 94419be4f07c7c1769569c844a7f0de39d524d4f3ae40d536ad18d6482417771
HP Security Bulletin 2006-12.88
Posted Dec 22, 2006
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability
SHA-256 | 5242bb67e4081b1f7e9f9ee63a21f4f1a19532ea06823226a4b41a89f43ae3f2
Gentoo Linux Security Advisory 200612-21
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-21 - The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12. Versions less than 1.8.5_p2 are affected.

tags | advisory, cgi, ruby
systems | linux, gentoo
SHA-256 | 9b5880e8331459d98744c8c54e9c6c1f39c8fc5f0f33c650d9602d9ce86f86c4
Gentoo Linux Security Advisory 200612-20
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-20 - M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. Versions less than 1.3.0 are affected.

tags | advisory, overflow
systems | linux, gentoo
SHA-256 | e28a5f46fd2cb63fa0d448c8c20cfe45f25c0fc0d77f910d130e27f8453c964e
Gentoo Linux Security Advisory 200612-19
Posted Dec 22, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200612-19 - Steve Rigler discovered that pam_ldap does not correctly handle PasswordPolicyResponse control responses from an LDAP directory. This causes the pam_authenticate() function to always succeed, even if the previous authentication failed. Versions less than 183 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | e64895cba6cea263dea3c75b42533b05a9f6df284ba411224f20bcd3856675f7
Posted Dec 22, 2006
Authored by Jose Ramon Palanco | Site eazel.es

The Mono XSP ASP.NET server allows for source code disclosure when a %20 is appended to a URI. Version 1.2.1 is affected.

tags | advisory, asp
SHA-256 | 35a0a5a28f626206a9628043116c7c862cab25d293bacf607501c972dd0dfa16
Posted Dec 22, 2006
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a arbitrary code execution vulnerability. Versions prior to 1.1743 are affected.

tags | advisory, arbitrary, code execution
SHA-256 | 68c8e00a070400f31b4f79d8fd1f5ed916dc36dd5153dcfabf13efd85383835a
Posted Dec 22, 2006
Authored by D. Fabian, J. Greil | Site sec-consult.com

SEC-CONSULT Security Advisory - Typo3 CMS versions 4.0.0 through 4.0.3 (along with other variants) suffer from a remote command execution flaw. Proof of concept included.

tags | exploit, remote, proof of concept
SHA-256 | 855559bf26aa89e08a42b32a4a13e9d2151e9b5cca1e5cb32c2673a8d897c507
Zero Day Initiative Advisory 06-051
Posted Dec 22, 2006
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected versions are Mozilla Firefox and Mozilla Firefox through

tags | advisory, remote, arbitrary
advisories | CVE-2006-6504
SHA-256 | 6c930915441d7aeff70bc73318e30776dc3e210ca3f2808e3a1360ebca8e497c
Posted Dec 22, 2006
Authored by Linux_Drox

Mini Web Shop version 2.1.c suffers from a cross site scripting flaw.

tags | exploit, web, xss
SHA-256 | 970873219107890b1946642cf65764cbf57ed2a3ecf4f22de9e3d32e36d4e031
Posted Dec 22, 2006
Authored by Marco Ivaldi

Oracle 9i and 10g file system access via utl_file exploit.

tags | exploit
SHA-256 | 6a855c171229fa36b67fcac3d0b5386b14c748ade5343c12a88b8cf49a41e5f0
Page 1 of 2

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    11 Files
  • 30
    May 30th
    46 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By