Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
84e2b09060426c6ec450b10663b596544f0ebfdb7d54e49a64d0c51c4f5c3b6fAntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
f8e8f3a3b8a743716a9e93def8627372fa054b862ba2a8420c60e082e99c5be2gtk+ version 2.4.4 has heap and stack-based overflows that can allow for the compromise of an account used to browse a malicious XPM file.
109cfb0bda1034d53ac5db82dc78234e1d4ebcc321a14ba9479ce9f09f61a3f0libXpm versions below 6.8.1 suffer from multiple stack and integer overflows.
fbd8d4486d62e535a9c1f5d140133d5544c6c2766a0a06ffdf2218a3d4d8b4d9PHP versions above 4.1.2 and below or equal to 5.0.1 suffer from an exposure of arbitrary memory due to bad array parsing in php_variables.c.
afb6950881a4adf473bb29cac47e02559b458a3982c48313c7fdb03ba7a60852SUSE Security Announcement - Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.
87a70d13f5cc20c416e4b2c5025ab490ffacb14800f35874a59c8cd41fdde1cfSITIC Vulnerability Advisory - Apache 2.0.x suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf. In a setup typical of ISPs, for instance, users are allowed to configure their own public_html directories with .htaccess files, leading to possible privilege escalation.
9477ee2d98ddded93d0d277ed18e737445767878dc13e19f31e74199f9b89739New Firefox, Thunderbird, and Mozilla releases between September 13 and 14 address 7 critical security issues. If you have not already, upgrade today.
e9d350da84264e6d5b1ca1b7bc56d5d368693bc81e678bb46bc9cee697f2656eThe SMC7004VWBR and SMC7008ABR wireless routers allow a spoofed visitor to have administrative access to the devices and to retrieve the real administrator password.
47d93c8a01ae8a00f5ce8f50f01dbeef96e9fd7663203b415a618f92fee1c5d0RX is the smallest (1087 bytes) universal Windows reverse shell for all versions of Windows NT/2K/XP/2003 with any service pack.
b56a1fa9260aa95f38866b8d9f558e3c2b99a52e77955344d944c5e8acf34662TX is the smallest (924 bytes) universal Windows backdoor for all versions of Windows NT/2K/XP/2003 with any service pack.
4fa179d772d63a3c1e09cb980fc4aea305e2bf3f05388d8394775b3c1f03e66fSecunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
6d79767ff1e5f5b6058280f3115df61f03044adbe204b87b6fa57a85f52c56c8myServer version 0.7 is susceptible to a simple directory traversal attack.
5e346d4fd84051b1af43543997416ebc071e1b9ab8cae08865414f317085f778Secunia Security Advisory - A vulnerability in vBulletin 3.x can be exploited by malicious people to conduct SQL injection attacks.
ca896d08f3d8e09bf76ee26047bb3e42b2eeecbb928d54d7da493a7bd1bf11ffNISCC Vulnerability Advisory 403518/NISCC/APACHE - Two new vulnerabilities have been discovered in Apache. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team has discovered a bug in the apr-util library, which can lead to arbitrary code execution. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation. These vulnerabilities affect versions 2.0.35 through 2.0.50.
819928722d2c3ee7a440437b80c12521e6cbd9bd15899e997ed85366e5c80461BBS E-Market Professional suffers from path disclosure, file download, file disclosure, user authentication bypass, and php source injection vulnerabilities. BBS E-Market patch level bf_130, version 1.3.0, and below is affected.
fe6396baf023202a3aaa5e1cc4406171bca9fd0ede9d8fba31585a999b2ad73aNetwox is a utility that can be thought of as a one stop shop network toolbox. It includes a graphical front-end called Netwag. This kit comes with 150 tools that can be used to perform a multitude of tasks that are very useful to any administrator. It supports various protocols (DNS, FTP, HTTP, NNTP, SMTP, SNMP) and performs low level functions like sniffing, spoofing traffic, and playing client/server roles. Both Windows and Unix versions are included.
db7d112386f908aa3c2271b05fa647c4833507191b44eba6e22bf176b1f6b1b2Placid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events, and was designed for speed and to have little overhead.
b9ed5948f9f5d7ab54fbfbb89c074ec6b54bc6491627c28693e3e852342502f4fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.
c54576718b0a6155f91409a42cc370b9033a08e217db4ff590dc671aa39d5347Secunia Security Advisory - A vulnerability has been reported in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the mod_dav module. A malicious client can exploit this to crash an httpd child process by sending a particular sequence of LOCK requests. Successful exploitation requires that the malicious client is allowed to use the LOCK method and the threaded process model is used. The vulnerability has been fixed in version 2.0.51-dev.
ef5260a043741f97b12e17ce93e2350080f47c428dfdf460dacf8abd2c9e2ee0iDEFENSE Security Advisory 09.14.04 - Local exploitation of a design error vulnerability in Networks Associates Technology Inc.'s McAfee VirusScan could allow attackers to obtain increased privileges. McAfee VirusScan version 4.5.1 running on Windows 2000 Professional and Windows XP Professional operating systems is vulnerable. It is suspected that McAfee VirusScan 4.5 is also vulnerable.
07a63f3062f227327fe88d439d02b86ec30f9b7a0e2c503e4cc40fbc7148d85dSecunia Security Advisory - Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. These vulnerabilities reportedly affect versions prior to the following: Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8.
0a6ca10ffc4a3ba1127a2e7aff306ae4251a2daf157abd425b6d345403f1729dThis package contains example vulnerable C programs. The best way to learn exploit coding is by doing it. Start your search with the index.html. There are examples of buffer overflows (stack and heap) and format string vulnerabilities. All examples are exploitable with a standard linux/x86 environment.
b4a6e4ad9e67fa0be8869334a9ea7b86a7d1712e80c47179e80a481dd08dbd3bCorsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of fields containing an RFC822 comment, embedded file attachment blocking functionality can be evaded.
74251de47904aae76e4bffb4f916da01cf56d98e7b1ed49b5e0f83010829c5b5Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of non-standard separators, embedded file attachment blocking functionality can be evaded.
66ff35c775b45519831713986c8df93cd3e7b62b318c9ec3b8e112458a53ce8e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed