Remote root exploit for Linux that makes use of a format string vulnerability in OpenFTPD versions up to 0.30.2.
992a2b4620c6e6d42ef0f142fa085a0d0be5f101fff990c01f51345f0c3d2e6a
Any oracle, ias, iasr2, or iasdb users with local access to an Oracle database can gain root privileges through the Oracle installation. Versions affected include, but are not limited to: Oracle 8i Linux Platform, Oracle 9i Linux Platform, Oracle 8i HP-UX Platform, Oracle 9i Solaris Platform, Oracle IAS 9.0.2.0.1 with patchset v9.0.2.3.
374ead87c238f3fb52d963a015b0dde48d33ed997d595aa399dd82eaeb345c63
A denial of service vulnerability exists in GnuTLS versions prior to 1.0.17. The flaw lies in a failure to handle overly long RSA keys.
ba19a812a7cc901aba7111f7eaffd6b809286bc9e0333cbf2a17e986bcd6ceec
Comersus Cart versions 5.098 and below suffer from cross site scripting flaws.
805dc71f2be3617ce9161b07c0c48f00ecaf3120eb8ea23cdcd4d3dfe3624b21
Denial of service exploit that makes use of a buffer overflow in an overly long Content-Length: setting for MailEnable Professional HTTPMail version 1.19 on Windows.
44f1af32a75af37294809c7bd8390c0271bf083f43fe1bf0783dc5028e8fef27
USRobotics Access Point version 1.21h embeds an HTTP server that is susceptible to a buffer overflow when an overly long GET request is supplied.
b434953d8942354d83a26837b7e99f689a36d1eec28aa4201db36617063223e7
Remote root exploit for Linux that makes use of a format string vulnerability in OpenFTPD versions up to 0.30.2.
4a813dbfde0c43338733a0d71011da4dee731192168cf758ffb58a3d80969bac
SCO Security Advisory - A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token. Another buffer overflow in the ReadFontAlias function in Xsco, when using the CopyISOLatin1Lowered function, may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.
4ee7da723ca7e03578f3c56edfc012de2a498633281d713c9c76de8fb7961a4e
Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
7f1618f5045e1471384270f4d2b8c1d4ecc3e2b59aabb4c54b4ca1439a4a6d2b
wpquiz versions 2.60b8 and below have some administrative scripts unprotected and accessible by the world on a default install. Due to this, anyone can easily obtain administrative rights.
7a9f10b22bb93616256191e25fe31336d16398fb756dbe729b5c205f298708bc
Fusion News versions 3.6.1 and below suffer from a flaw that allows for unauthorized account additions.
43dbb6da6a2f6ef71ce64f62c587f19b755719a3511bc2540b5fafdfe6a3bd0e
A vulnerability exists in jaws 0.4 that allows anyone to get in the control panel with administrator rights without a password due to a SQL injection flaw.
f767cd0ba50b63cc8d865b39c5d5f421f780b5dee8819bb12d1afce9c206f918
Cryptknock is an encrypted port knocking tool. Unlike other port knockers which use TCP ports or other protocol information to signal the knock, an encrypted string sent via UDP is used as the trigger, so sniffing cannot be used to recover the knock.
e70189e40ba1350e0ab3fe8dc9195b1857688a4941708ffb3019e30ea2028fdf
Microsoft Windows XP Task Scheduler (.job) universal exploit with portbind and connectback shellcode. Tested against Internet Explorer 6.0 (SP1), Explorer, and Windows XP SP0, SP1.
c0ad2fbcb9aafe3a76b903dc7caa191f29e0d66022d31612c07ee0125af77dc4
Technical Cyber Security Alert TA04-212A - Microsoft Internet Explorer contains three vulnerabilities that may allow arbitrary code to be executed. The privileges gained by a remote attacker depend on the software component being attacked. For example, a user browsing to an unsafe web page using Internet Explorer could have code executed with the same privilege as the user. These vulnerabilities have been reported to be relatively straightforward to exploit; even vigilant users visiting a malicious website, viewing a malformed image, or reading an HTML-rendered email message may be affected.
11bbd11b6668d31a09d5452be961d49d76b1777b98b435cadb5c70d79eaeacf0
Local exploit that makes use of the WAV header handling vulnerability in SoX versions 12.17.4-r1 and below. Tested under Slackware 9.1.
d82a19e5f51a9ba4c8460f5ece32002038c8d46ebcf499d30b11e369b76326c7
Keen Veracity Issue 13 - This issue covers blind scanning using ARP, playing redir games with ARP and ICMP, and various other topics.
c8bb3bd02229534d2c9008b9f39e9e9454955523158a2077af31ad42efc07ce9
Secunia Security Advisory - Microsoft has issued an update for Internet Explorer. This fixes three vulnerabilities, allowing malicious websites to cause a DoS or compromise a system.
f92f9894a7c9177137c8b43475aaae95ad0b1bd82bd43d3a34a38789e29f7583
LCDNetstat is a program that displays the TCP/IP connections of a computer on an external or internal LCD display.
b1d274a671ae41f50eb09ead91296cab40f622164f87ad08e7fe2b009414bcc5
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
a4a1f74bb049219f89232a941844d13e311d08bcdc144c050e3b346ae353e922
Traceproto is a traceroute replacement that allows the user to specify the protocol and port to trace to. It currently supports TCP, UDP, and ICMP traces.
e410ff2dee3fe0f69f846dcb6db214d8bdf4fa5efcfb36a35b3a11662724213d
MD5 Brute Force Tool is a program written to test the security of MD5 passwords by attempting to brute force them. The user can also specify the characters to use when brute-forcing.
1a7711a84c5d9788ed69fe759a50a484a015a92ad968d0d3b17cc1a9ae759d9f
DansGuardian versions 2.8 and below may allow malicious users to bypass the extension filter rules when processing URLs which contain a hex encoded filename.
3ddda2a7e2b72e403ad6f313fa884c9599c8109a42e3c31307666420162cab4f
LinPHA versions 0.9.4 suffers from SQL injection attacks due to an input validation error in the session.php script.
4f72ecc61296807b320ab5924efe1a1baf305919b45a9d9e935c73b1beae152a
A format string vulnerability exists in OpenFTPD versions up to 0.30.2.
3d14f8de65a15da5e2a16400f1ad225b52f93ab1e94fb25bdb07df8230707879