NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
cc101b286ce4c1bc5d3b5088e5b69e1377ce5e7a7f5ced1832e967fc8a2e5a7dNuface is a web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
fed6776736106c76df50ecf9c82353a23a72fadf3afd707d4c98feb96c79b869OpenSC consists of a SmartCard library that uses any common transport API (e.g. PC/SC, CT-API, OpenCT) as its backend and applications that use the library. It has been tested extensively on Finnish Electronic Identity (FINEID) cards, but a number of other PKCS #15 and ISO 7816 compatible cards work too. Also implemented are a PKCS #11 module (e.g. for Mozilla Web/email usage), a PAM module, somewhat working OpenSSH support, an OpenSSL engine, a few basic tools, and a PKCS #15 structure generation tool for supported cards.
8534e82dd53208c82a29961455f29d8f3b6350fa2be721e537463d8f6f9d6164PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
d4e7e79172c4e4ad322fe3149abe7020ece9cda7fba3a132fb62d41bf8b01642OpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
3df187f63eb6694652098238bdf967b304dad8f62e9219be4cf3b6d5ec5db58bUltra Crypto Component remote buffer overflow exploit that makes use of CryptoX.dll versions 2.0 and below using the AcquireContext() function.
450971ae74450e851185f89b5554d88740d1fe72a4772cb6352c0e12c2a0b971Ultra Cryto Component suffers from an insecure method vulnerability in CryptoX.dll versions 2.0 and below in the SaveToFile() function.
e8687e48dac974bdfc0377f2c94670e30ad964a3bf5470a35bab7072db434d28AuraCMS version 2.1 suffers from remote file attachment and local file inclusion vulnerabilities.
701c6da9045815b7b14d3950421c198c9ea721b4f767519a29d154f07e3791ebphpReality version 0.02 suffers from multiple remote file inclusion vulnerabilities.
e0d2c50c6b6a5fdbe0d8fdfb1de6deb6c2bfa86658be2a967fdf4bfbeef2cfccSisfo Kampus 2006 suffers from a remote file download vulnerability in dwoprn.php.
952a5d673a3fae37ce2b7eaec8820cf8750e7e9c31d6d50a7326cdb406376bc4Yahoo! Messenger booting exploit that makes use of a malformed code presented during file transfer.
0f25f802b23d56ffae0ce643b178de303c3eb8ede122c6997faf9fdfed3b6651Secunia Security Advisory - Debian has issued an update for xorg-server. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
f48500a5adad121dd8d05532734f25f9d8f0bd34f68581cf52d56eda74859ff9Secunia Security Advisory - A vulnerability has been reported in X.org X11, which potentially can be exploited by malicious, local users to gain escalated privileges.
9ec46dc0287cef869dd9a4fb5f93ed12199130316564c3b9c1c4201a507e53baSecunia Security Advisory - Fedora has issued an update for snort. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4f89d3261e818bbae1d9e8c1fc409cd9005e55a91e2aff56999aeb17c51bbb60Secunia Security Advisory - ZhenHan.Liu has discovered some vulnerabilities in Baofeng Storm, which can be exploited by malicious people to compromise a user's system.
271aad7c5ae92b46cfda379a9ae39920c84e448cc1fe630877e16187de87821cSecunia Security Advisory - Fedora has issued an update for clamav. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
fce4bf32fd6c1197b54132fe354b40ada8e9cab86f2ef914685a2d32f76b3455Symantec was notified of a potential denial of service vulnerability in the device driver SYMTDI.SYS. A specially crafted IRP sent to an IOCTL handler function could allow memory to be overwritten because the address space was not properly validated in some versions of the driver. A potential attacker must be logged into the computer to attempt an exploit. A successful exploit of this vulnerability could potentially allow that user to crash their computer.
e3faa8ab20a31dd129a8644f9134348b722cf64cb7381a0fae571dd600f36645Call For Papers for ShmooCon IV. This conference will be held February 15th through the 17th, 2008. It will take place at the Wardman Park Marriot in Washington D.C., USA.
9fad0922cfccdc6158223ad26a2a7ec369efae6851f56ea002578d60ce708ccePHP versions 5.2.4 and below suffer from open_basedir bypass, code execution, and denial of service vulnerabilities.
2ac0579947b814ecf20ce6a033b7d1899cca4e970cbaa827e83bd802003aa599Debian Security Advisory 1370-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web.
93f6567ba744954674e9d9ae373992eb4a83951dfb09c3ae279e026fb56a4972Debian Security Advisory 1365-2 - Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
1c24a73e9acc226703f7b159db841005bdd926073cc2ca4226f1b7f8ce7222a7The myprofile.php code from www.social-networking.tv is susceptible to a SQL injection vulnerability.
4a720ed70c47432efe2b96f90e741b918f0acef4f8aa0a48184062df1b662734Husrev Forums version 2.0.1:PoWerBoard suffers from a SQL injection vulnerability.
c11410b8284dd3770e86a637f3b774c80a9da104fe6097a02dc030c470d23cf4Proxy Anket version 3.0.1 suffers from a SQL injection vulnerability.
9957895b7afb2c01268af97b5c9c0a9bc02e84621a5e8f6aa1af238f62527ecephpMyQuote version 0.20 suffers from multiple SQL injection and cross site scripting vulnerabilities.
df2f8d15e870ddedf3e13d288ae129f1a6a32e933c45f055ef248ebf26a4f56b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed