SQL Injection and cross site scripting vulnerabilities exist in AntiBoard versions 0.7.2 and below due to a lack of input validation of various variables.
12b0c1bd53ad0721a6420f87983d18b9305401bfa84b40954e60d6ee13921cd1
Citadel/UX versions 6.23 and below are vulnerable to a buffer overflow that occurs when more than 97 bytes are sent with the USER directive to port 504.
aea378e63801bac88b6f441bca646722e75b24e31337df108dde36bc21e66ee6
Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
e2966120dd7842b90c0ed92aaf808e3c591775ecdf54ad1c5c76debaad9468e6
IRM Security Advisory 009 - RiSearch version 1.0.01 and RiSearch Pro 3.2.06 are susceptible to open FTP/HTTP proxying, directory listings, and file disclosure vulnerabilities.
4b5da6844da14d869b8b6a8df9ddcc0734547f1dab9d149dc17dea950607f571
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the CIFS Server. This buffer overflow could potentially be exploited to remotely gain access. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are all affected.
489a467000e80da4a56cf7cd2c7dcda1964dc5e6b63af8dc631919d160685254
squid-nufw-helper is an external ACL helper for Squid that provides Single Sign On capabilities. It uses the NuFW firewall suite and supports the NuFW users SQL logging scheme. The module allows for strict SSO identification and authentication of users on any Squid proxy, including transparent proxies.
53fe2b87e6a416303c64dee6e76dbddff23fcab234a2495288c6fe63fd11a498
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
6f642a621545af420022edb7ef25171ef66ff3e5d62c1f405896ce02cbab0c4e
aescrypt2 is a command line file encryption program that relies on AES-CBC-128 plus HMAC-MD5. It has been designed to be portable as well as very straightforward to use. Works on all Unix flavors and Win32.
885b5231ce8c86139776bd24f5e67961f4e0cac5142698d44fa1c578c37c68e8
Traceproto is a traceroute replacement that allows the user to specify the protocol and port to trace to. It currently supports TCP, UDP, and ICMP traces.
e9fa2b37c42ba46de92687d08a61aa8f1f9e15d361cb97843a2a39b3ca4c596d
White paper on basic security and hardening procedures for AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed towards AIX 5.2. This guide attempts to cover a lot of ground and offers useful and necessary insight for anyone administering AIX machines.
ecfb4a60e0e6196f9d9766af6ece08474e4efe2124ea8315a374f993c5861c7b
Secunia Security Advisory - Komrade has reported a vulnerability in FTP Surfer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling filenames. This can be exploited to cause a buffer overflow, which is triggered when the application is closed, by tricking a user into opening a file with an overly long filename from a malicious FTP server. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability has been reported in version 1.0.7. Other versions may also be affected.
7302b41fd2cadac75212f7ad6395ee1793f13632f8a261fa76ebed763f2c0c85
ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
49fdab9c6e54038eccdf55c5a3fa83ec824ccbc7158bd11e4f789fdb4f2b64d6
Secunia Security Advisory - Ziv Kamir has reported a security issue in FTPGlide, which can be exploited by malicious, local users to view usernames and passwords. The problem is that the profiles used for connecting to FTP servers are stored in clear text and are readable by any local user. This has been reported to affect version 2.43.
b7c427c23a9a0a477750e18bd0e160dc84cfddbc8fca0bb3e5daefbcfbd55a8e
A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
a95f22c88cf675223d49ae295c041d7cc10be88f9073b173b71766fd0da99725
Gentoo Linux Security Advisory GLSA 200407-19 - Pavuk 0.x contains a bug that can allow an attacker to run arbitrary code via a buffer overflow in the Digest authentication code.
e1f348cdd9478b5879ac32d090e420e4987fb67070b7c89c956718a1fb300cfb
A vulnerability in the Opera 7.x series allows phishing attacks due to not updating the address bar if a web page is opened using the window.open function and then replaced using the location.replace function.
2b64c28e854d3abd60765551937f3f7fd6835b5e59e4664a7233b171d8bbb4de
An authentication error in Mensajeitor allows users to post messages with administrative privileges.
291267c432e66e9bfea519ab11126bb85b5315d038d9b6ec81877b346c0c1ca8
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do about the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
2068e0dc61189a37487dcf432909540e30579e452907ccbbd97d914fd0e06911
keychain is a utility that helps manage ssh keys in a convenient and secure manner. It acts as a frontend to ssh-agent, but allows the user to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session. It also makes it easy for remote cron jobs to securely hook-in to a long running ssh-agent process, allowing your scripts to take advantage of key-based logins.
44b4e56288e77205a3719abecaf7ce059e72ca0593ff6a43b05c029739da2ba1
Microsoft Windows 2K/XP Task Scheduler local exploit that will spawn notepad.exe.
20e1631372e049c682c8f434c7e218433de0a741f529452b367684f45b732aee
Nucleus CMS version 3.01 addcoment/itemid SQL Injection Proof of Concept PHP exploit that dumps the username and md5 hash of the password for the administrator user.
f381b9e4184efeb21af8394ab8bfa4585b0b12a1ecc75b4d37d1c396de95e22d
eSeSIX Thintune with a firmware equal to or below 2.4.38 is susceptible to multiple vulnerabilities. These include having a backdoored service on a high port with an embedded password giving a remote root shell, various other passwords being stored locally in clear text, and a local root shell vulnerability.
c7d6d010b7722058b4e87e183838984d6663484de3c895b5781af6297637e073
Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.
aefe57e387f1f845c751e1078943c6c758ae74b2db1ff47970653f4b44b69547
Simple utility that will generate Linux x86 shellcode from provided text.
8f5e0de853ec45a6ed5484d10e28fb3854b1f9fe91fb9937f26a01d6e7b7e7b8
Simple utility to view hex.
aac4af0dd11b60dd8e9c9f7d53aac544ce99b0e1fedce792e18d52f71a54f3c7