FreeBSD Security Advisory - The oops port, versions prior to 1.5.2, contains remote vulnerabilities through buffer and stack overflows in the HTML parsing code. These vulnerabilities may allow remote users to execute arbitrary code as the user running oops.
6b5297110c94a870cd6dd4a7328fcc42fc3c830171f96973fba0b7a54701dd6a
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
5e30575cc63be30df6b4b637dd5e05ab0836a7fa95e367d067e9467d7e46bca6
nscache is a simple program to browse the Netscape cache directory with a GTK UI. It shows the contents of the browser cache in a three level hierarchy of files: protocols, servers and documents or in sorted list. nscache permits you to view files from the cache, remove files, or gather various information about specific files.
df651862c22c4c0976cf3c5ee5ae6b2034297d5b5d99e50765a28d834f4c4ad9
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
265ef6d504ae0845cc74ac8071dd13d2d566681f45a60cdcf482172aaee828e5
Mailfilter is a flexible utility to get rid of unwanted spam mails, before having to go through the trouble of downloading them into the local computer. It offers support for one or many POP3 accounts and is especially useful for dialup connections via modem. You can define your own filters (rules) to determine which e-mails should be delivered and which are considered waste.
a5b370fd8401c648a189e9be91ea89c2ecc7d631f547974d45cfb68ad897be50
Bind-8.2.2P7 patch which logs all bind version requests to syslog.
d0d8c08c122dbec91cd98ddcd3c4ab3b3a49a3c1848f3c67bf6bec2aacc4dec0
The Stealth Kernel Patch for Linux v2.2.18 makes the linux kernel discard the packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Does a very good job of confusing nmap and queso.
c9b80f8592515b7c5614c60bdf8d23e5306e04fcb2e021b964f0ed18041325ff
Cgichk is a web vulnerability scanner which automatically searches for a series of interesting directories and files on a given site. Instead of focusing on vulnerable CGI scripts, it looks for interesting and/or hidden directories such as logs, testing, secret, scripts, stats, restricted, code, robots.txt, etc.
8a0ab0f66d6a55d9091a4daa12b32a1dbbc5aec652a3158bb0b5ffb0464af184
fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
ade062b651435cad1292f8c79ec185edca2ffedd627f4042a5c91ed1bb0f77e2
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: A good year for the bad guys, and much more.
23b78fa26b43a92a1b64d9bea364ed236d79d46634eaeb1d9bbf14b2114ba066
Red Hat Security Advisory - The ed editor used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.
603f90530a97c999b489e1a19cb700af30630f6caf6f02cf9dd87d401c6b6620
everythingform.cgi uses a hidden field "config" to determine where to read configuration data from. Allows remote attackers to execute commands. Exploit URL's included.
01ce9f63078ea884e7545c04bce65a8e11c4e87b1fcbdb0508d60474d1357b4f
Itetris v1.6.2 local root exploit - Exploits a vulnerable system() call.
13a0ac0bf7a88ce8832d4b779b8bebc6e5d04c2c956942c7b7664e4ff6f8a7ac
Debian Security Advisory - A bug in the database reading code of slocate makes possible to overwrite a internal structure with some input. This can be used to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This is fixed in slocate v2.4.
24e59b5dc48649f6a9258edf08a87a8b7537a1b2ddb866b04b56715dceb03bcb
Debian Security Advisory - The problem that was previously reported for joe also occurs with other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name. Unfortunately that file was not created safely which made nano vulnerable to a symlink attack. This has been fixed in version 0.9.23-1 (except for powerpc, which has version 0.9.23-1.1).
6cf26c8a6c9303180c410ab4dc3cda34443b39eec2c11bf8bd3908081f04eff4
Red Hat Security Advisory - A problem exists where BitchX will process malformed DNS answers, allowing an attacker to crash the client, or possibly access the BitchX session remotely. This is fixed in v1.0c17-3.
b63aa4217992472a30e4427aab9dce2b9401c5bb0e47d6b1a64b2995359b2286
Exploit for the Bind NXT remote root vulnerability, which affects Bind v8.2 - 8.2.1. Compiles on Linux, tested against Irix, BSD, and Linux. Includes Irix shellcode for breaking chroot.
febfc0b34d825bb1fd2b1ea1e96374fa6816966c45c2f8ac101caef72cf4b91b
Reverb is a tool to access firewalled, dynamic-dialin and otherwise protected hosts.
9548ad877de5a2911412ee36598b233d8e3896399e75768fa1aa5b678c016314
OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory.
e60d36076da9b2566b60a358f1600945cb7392b7f05305acfc0f2dfa49415169
Ckermit v7.0 local buffer overflow exploit for Linux/x86. Not setuid by default, but often installed setuid.
a764a6764b205afa2af181409160d382cd7900bb0e413755bae2fd0a686d98de
This Shareware program is an user friendly alternative to the built in eventlog viewer of Windows NT. Besides it allows to conveniently watch the eventlogs of the machines of your network. As soon as an unfiltered event occurs on one of the watched machines, a popup window will inform you about it. You can even start programs of your choice in response to events of your choice. Last not least Elwiz shows some important information about the watched machines.
7ad33242268057a6ff10e53683b25c4b8a5f24fcd639c460c40699edeb1b7fdf
Advanced Archive Password Recovery (or ARCHPR for short) can be used to recover lost or forgotten passwords to ZIP (PKZip, WinZip), ARJ/WinARJ, RAR/WinRAR and ACE/WinACE archives. At the moment, there is no known method to extract the password from such compressed files, so the only available methods are "brute force" and dictionary attacks (for ARJ and ZIP formats, known-plaintext attack is also available).
70f8aa78b7a0da27f290d5feade5857bfd0812119150cdd8cfc45bbd19470118
Advanced Lotus Password Recovery v1.02 is a program to recover lost or forgotten passwords to the files/documents created in IBM/Lotus applications (all versions): Organizer, WordPro, 1-2-3 and Approach. The passwords are recovered instantly; multilingual passwords are supported.
0e8704380169052d315e597ecff7cd351e418e290db9c3baa4fdb06caeeba944
NDiff compares two nmap scans and outputs the differences. It allows monitoring of your network(s) for interesting changes in port states and visible hosts. NDiff should be useful to network administrators, security analysts, and other interested parties who need to monitor large networks in an organized fashion.
f779f0dc5b5ec7204915096b9863b1b7c5c7fa078181c15dbceb4afb0fd0caff
xlockmore is an enhanced version of xlock. It incorporates several new commandline options , which allow you to run it in a window, in the root window, in a different size/location, change the size of the iconified window, to install a new colormap and delay locking for use with xautolock.
9089db84a38d940c8efc42d7183198b9eb542928804e446207e6c28794a3261f