OpenPKG Security Advisory - UUDeview versions 0.5.19 and below suffer from buffer overflows and insecure temporary file handling.
35b2899d2b0e07cb9d100c68b4cec7d29aa763fda2a6efb61170d8727b6a1d5d
Extcompose, a function of the metamail package, fails to properly verify a file exists prior to writing to it, and will accept symbolic links, leaving it open to being an attack vector.
ecb0d56a71d017b5a7e9ee58f1fd7f55abb82c34705174f94c74945fd4205bde
S-Quadra Advisory #2004-03-12 - The Dogpatch Software CFWebstore 5.0 shopping cart is vulnerable to both SQL injection and cross site scripting attacks in the index.cfm script.
1c7ff362dc7ffadb306a13d097aaf4be167f49df0e94f977e162345e13c85b23
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
04cf289583b05882168daf3389154243157121ae87c09f2719deb24c322efbbc
Os-sim attempts to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. Supported platform is Linux.
7e5a0f94190655f731d026d3e6a77d99340c84b8f759db1e3c04a8c272afbfda
Eckbox is van Eck phreaking software. It interprets a radio signal emanating from a computer's monitor to recreate the image (in black and white) that is displayed on it. This could be used as a valuable security tool for testing otherwise secure computers, or for developing hardware and software to counter this type of remote shoulder-surfing.
8cffcc5c970467fe2414deedfdb0a9281ff8f7cfe8584a1398f8e9675585c3a8
Pegasi Web Server aka PWS version 0.2.2 is susceptible to cross site scripting and directory traversal attacks due to a lack of input validation.
ccd71dc5d0be8fa6f24ab7dc8902149371dfd6778c4a2812f4af37674bae8aa3
Due to a lack of proper input validation, cross site scripting flaws exist in MyProxy version 20030629.
41078aa5f506cbca271a880e944289d5e7e8c02397ef7ddf52bcaf65a7a9f401
Various cross site scripting vulnerabilties exist in the hushmail.com site.
d73566f676dd22af7f5a456848424ab6e59187f352f2cd0df4f994f998c084bd
cPanel Security Advisory - CPANEL-2004:01-01 - When trying to change a user password in cPanel 8.x.x, it is possible to execute commands as root. cPanel suggests that administrators disable this feature until a fixed version is released.
de07214fb14cedfac34abe7008de692d19d39c9a9c15972e2b70d9b2a04ff003
When trying to change a user password in Cpanel 8.x.x, it is possible to execute commands as root. Exploitation included.
b0fe35e9a94148384b318c44d5d223fd32ceb4ef21173dbdf28866c4156cc642
Exploit for testing a specific server to see if it is susceptible to a denial of service vulnerability found in Battle Mages versions 1.0 for Windows.
d2b584ade89590a754df4dbb854ff00858da8fc92a75afa919ef94377d3fc991
Battle Mages versions 1.0 for Windows is vulnerable to a denial of service server freeze. It infinitely loops when trying to read an expected data block after being sent incomplete data.
a1218e65d7cbe334c606426ef75b9583a74defddc3520cbb77e1caccfb06cab3
Adore is a Linux LKM based rootkit for Linux v2.[246]. Features smart PROMISC flag hiding, persistent file and directory hiding (still hidden after reboot), process-hiding, netstat hiding, rootshell-backdoor, and an uninstall routine. Includes a userspace program to control everything.
f7f3132f7abb9f75bf1761c20916f778d3487efed3356124798ff769d61224c4
Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LAN installations as possible. Because of its client-server architecture the scanner engine may be used for different frontends.
72713c29ba98a5edd5dd155d69d03c8aac5f83df2bdacc7135c9bdb215668f3e
Red Hat Security Advisory RHSA-2004:093-01 - Alan Cox discovered a vulnerability in the systat package where the post and trigger scripts insecurely created temporary filenames, allowing for a symlink attack using /tmp.
7f35413d7406806fe9f4889a2af2a17ef8d1c07ba68514c7a19b918b236d1707
Remote exploit for the Unreal game engine for Windows, MacOS, and Linux that makes use of a format string bug. This proof-of-concept is a proxy server able to modify the Unreal packets in real-time allowing the insertion of %n into the class names sent by the client to the server causing the remote crash. Games affected: America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, Tactical Ops, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, and XIII.
87f327452ec46e6b01fe3b3812aa44923bf4c03bcf59360267ddca9d1b307e79
Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.
0389286b9521691014e34e17612c2dcfe8bd007f7ea4a673870e7418734fa223
Remote root exploit for GNU Anubis 3.6.2.
3706cc19a90101297f16f0d876bb10fb413ee57eb509b253379de3d1b73e99e6
The Unreal game engine for Windows, MacOS, and Linux has a format string bug that allows an attacker to remotely crash or execute malicious code on the server. Games affected: America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, Tactical Ops, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, and XIII.
e0ba75525b76f3a8f0df41fe6ab0de28307f96f2564e4076dce7b1591c77c934
wMCam server version 2.1.348 is susceptible to a denial of service attack when in excess of 300 connections are made to it each supplying a small amount of non-standard data.
4655458b570f61dc784e7404370a9406fbf36e74b4e0c13b3c96c5752521fada
Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.
a99f1c18ee04688594c6a52ed176afb519764b78f2f8e40fa19a9bee468e49b3
NGSSoftware Insight Security Research Advisory #NISR09032004 - IBM's DB2 version 8.1 Enterprise Edition on Windows has a remote command server that runs as db2admin, but can have commands executed by a guest account, allowing for privilege escalation.
10520a56141855f73494c0672207628263e7a584f82ffe7e004331c3851054d9
Chat Anywhere versions 2.72 and below allow a remote attacker to add %00 before their nickname which keeps an administrator from being able to ban or kick the user from a room.
14185128d96eeea5b3852b9a09a83448b0516fa5957d6054b51ca837a5bf1d46
GNU automake versions below 1.8.3 insecurely create temporary directories.
4fe8ec255d16150836017807977251cf7d3bd4e1d16ae0888f7192f69264f718