fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
e272a89bb05740d89b6d0eef96460f165e52b285cb635d39794bf0db91a8a7d5Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.
60428b231e6e685f90934eef256d10a1f276a4dc719c3d75122cf6e911385901WordPress version 3.3 suffers from a cross site scripting vulnerability during a 500 response when flagging a comment as a duplicate.
7e7f614355b2219cf1f6dc3c6b51dbfba33a39b627db55ee1b3e1189cf9ebe2bDebian Linux Security Advisory 2377-1 - It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.
14e886dd64794f4903819907a35afc505014e384c7107e2722545359da6f7a97The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
89816a35b8a9f04b4fc04c98f299607cd9a53676aa94bc1a7651f622d3302f2blog2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.
df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36Mandriva Linux Security Advisory 2012-001 - The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue.
8d2423bc16115f636ca68a4804864ce61b2388e41adacf7b62eff39a085a9e89FuseTalk Forums version 3.2 suffers from a cross site scripting vulnerability.
4cb9ddf9f90ee6b1dd5df043085228ede140042b3a356462e5fe32aa37d4a091Digital Whisper Electronic Magazine issue 28. Written in Hebrew.
87f4fb018f3f0219f652fcc490d7dcb143211a48d5cc097e7bbb7a2033797e58Plogger Photo Gallery suffers from a remote SQL injection vulnerability.
9e0cd3d5d4a2c0b373c70f0581a33cfcdc5478916e8f3ad6558bf64ac1aafe83PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
a40ed8e7683bd70412b64514013eea3551071db4f39c244052a9d36f89460954Secunia Security Advisory - A vulnerability has been reported in TORQUE, which can be exploited by malicious users to bypass certain security restrictions.
0d0620b52fc6be45a55604fe59ddf6ca94d08cc71ef5952080a0913692365cd3Secunia Security Advisory - A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).
4fe0e61526839307a97aacd68f00d01922fc4958c621a14de96b9d175948e2d8Secunia Security Advisory - A vulnerability has been reported in the JE Poll component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
d678875141a8a2bb3cceb80d3705cc45aa1077e5eed017b8f21e6972e7633910Secunia Security Advisory - Debian has issued an update for cyrus-imapd-2.2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
388440da31d001b51664ab517a2b51fdb4c42a76009aab3085a7dcc65bb2aa1f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed