A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
12ce83076532db48c47f399738af649c0bdf94d5f28b6ba69af460b995a2bdb6
This document details the procedure for performing microcode updates on the AMD K8 processors. It also gives background information on the K8 microcode design and provides information on altering the microcode and loading the altered update for those who are interested in microcode hacking. Source code is included for a simple Linux microcode update driver for those who want to update their K8's microcode without waiting for the motherboard vendor to add it to the BIOS. The latest microcode update blocks are included in the driver.
4ecff8d0555e0bd10657e9dff39c32e92fc331ea26ca0cac5995390818707ac2
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a Unix server to run invisibly, with all TCP ports closed.
fe08f9f4735f367d27a07601ee33249065b847e1e7f2bc91e9fdb851705818ab
Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
07e88e9a638298baf1818d056ec714b8942bfdcd19ae5d8f7e063df84ee54129
Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
678349fe0f5740544c4c032a294d1fb0aaa173deede39851cd1f4a8580219ec0
Flash FTP Server version 1.0 (and possibly 2.1) for Windows is susceptible to a directory traversal attack.
e7c4a69fa6e9f50ddd7601dff354fb1131acb92290e55902121fbc0a85973a70
A buffer overflow in Whisper FTP Surfer 1.0.7 occurs when the client tries to delete a temporary file with an excessively long filename.
3b3913524789d35c5e21520048a207b0cfef8054b143741b863697319ae8af91
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
98d195eff8e0a76a2a9a5c188dd3cd2054a2036fdd56667c46f82a523c574a49
Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
ac141fb486a64681a233918cc01f9f75ce9685cf2a5b03ba3dd389392c586b9e
LionMax Software WWW File Share Pro version 2.60 is susceptible to a denial of service attack.
c62a3a7b6729e3b80e5b839e7d2059f48258be6d200c5f3d7b84840bc6da9740
Several Lexmark printers have HTTP servers embedded that are susceptible to a denial of service attacks via an overly long Host argument.
9200bd8aa5813490ac9c3e9a260256993f45be32771a1f1fb673c9cbf0fb1d18
Secunia Security Advisory - Jordi Corrales has reported a vulnerability in CADSLR1, allowing malicious people to cause a Denial of Service.
eccc9211bdc15f5068d07448cb567d25b213c146062183c3352436b3ba9d6e3a
Due to a vulnerability in the Sysinternals PsTools share mapping, an attacker with a user account can execute arbitrary code as an administrator.
afa2b3db99139b18f9779cb16ab7ebf5920c2aaf5e39becbcf6b41bd48024acf
Manipulate_Data version 1.3 - Search data on a harddisk/partition/file, extract the part you are interested in, and write it back after you (maybe) modified it.
12e88c8cdb102daca79c783fd147b8c94413b17e76d8675374dec07de2fc3c0f
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
ddb7b048407b5fb6e587f9d11c817ea961cbbe0e1900e0c62a25b7999562554c
Proxy Scanner is a tool that tells you whether or not a proxy server can bounce your connection.
fabe21aa1f3980a895c2d11bb0db9e397210a048532f9c75d549c855484e7445
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
8ed52ce0450ea76df099cbfc6c6c6a7d5a52e320e28b88c797ef0de5059866d3
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
5a27f4838510b8ddc788712db24cf81d219bf431e3ac48a7eb629028020f4aff
Exploit that makes use of the mod_userdir vulnerability in various Apache 1.3 and 2.x servers.
8675f32c6af2043f644707d59bb74ae4eaf2e430aa1fb582122c2f9c86d7012a
Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
85cc4c2281d795a7b27631f775a592828561823a3d15c1fe7e7cc969a0414e31
Secunia Security Advisory - Lostmon has reported a weakness in I-Cafe client, allowing malicious users to by disable the software.
80b75d5f1b4a5f89d1ee0cdc8fe71be78001681f051ca500c5b7314b6e886d0d
Secunia Security Advisory - PunBB 1.x, Nucleus 3.x, and BLOG:CMS 3.x all suffer from a flaw where system access can be gained due to a lack of input validation.
457f046835019de8732a58b41bcae39662b69a04597c072414a80d8faa282e1e
SCO Security Advisory - Multiple vulnerabilities have been found in the MMDF binaries included with SCO Openserver versions 5.0.6 and 5.0.7. These include buffer overflows, null dereferences, and core dumps.
f78bc63931e13a59fb61612fe42904a3de9bc9c717ed7cd53c2d6e79a6eb8a55
Unreal Decloak Toolkit version 0.1 illustrates the weak hashing system vulnerability in Unreal ircd 3.2 and previous versions.
b9f87a775c864e80c21ef6545cc72dbd0c4a0132cffc171c5d13262d8058894b
IEXPLORE.EXE file version 6.0.2800.1106 and MSHTML.DLL file version 6.00.2800.1400 are both susceptible to cross site/zone scripting flaws.
adf292c1753dbb9a45642cd37fcc3a60abe2952a1004a4a51d48cb8e38659b95