Flaws in SP2 security features, part II - With Service Pack 2, Microsoft introduced a couple of new security features. However, some of them suffer from implementation flaws.
28a5ff6c2253f4f3033f8366da87986794ec4f93e78315699a8e20aa3c132977Secunia Security Advisory - A vulnerability has been reported in phpScheduleIt, which can be exploited by malicious users to bypass certain security restrictions.
6463cab561ef7043ed89be1ff8a4fd0b0c1b984b2901d75032c1886e60db4bf2Trustix Secure Linux Security Advisory #2004-0058 - Various security fixes have been released for gd, samba, sqlgrey, and sudo.
af1941d44b2d625d6d648c069094f5e516373122e419fdc1bc2f119121a1cbe4Writing IA32 Restricted Instruction Set Shellcode Decoder Loops - This article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits the instruction set. Most of it is based on the author's experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set.
2aea2ebf088e500f6e82bebaad1ecbf8639a257cb6f76e1538ffef1687c2a19aDebian Security Advisory 593-1 - A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic images could lead to the execution of arbitrary code.
7c45a6e3ec9a467c69c8afd772906d6b506f4cf8f42fee772a85fdca2c32c2d9SNS Advisory 79 - Microsoft Internet Explorer contains a vulnerability that could cause a Cookie to be overwritten under certain conditions. Tested against Microsoft Internet Explorer 6.0 Service Pack 1.
f8e8e031b29edfbd8f4c1c957c970be213c8034091cdd7faf4b2a53d38a67228iDEFENSE Security Advisory 11.15.04 - Multiple vulnerabilities have been found in Fcron 2.0.1 and 2.9.4. Local exploitation of vulnerabilities in the fcronsighup component of Fcron may allow users to view the contents of root owned files, bypass access restrictions, and remove arbitrary files or create arbitrary empty files.
1e3a7a297e5c9cf6eef481188a172658e3a5fce82dfb0d82a7bcfd0ddfb53772Hired Team: Trial versions 2.0/2.200 and below suffer from format string, malformed packet, and status/kick remote vulnerability flaws.
48d0de0d8b027316b2b64bb516c71819b83ddb7fbf4b158332b44601757163cfSecunia Security Advisory - benji lemien has reported two vulnerabilities in Aztek Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c94a8e0a416b43021010d5676ed7d0d5c0c48429bdf844cb73ae325802749d5Secunia Security Advisory - Digital-X has reported two vulnerabilities in Private Message System module for PunBB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
3a3920afb7b9e888dac9dc382ade8c9cbdfc15f96638b6a65a7e03a3c6e1f0a3TipxD versions 1.1.1 and below suffer from a local format string vulnerability. Proof of concept local exploit included.
bd7c3d962bfd392f9d0af4f86b1f47acbfce58b9232069d15848c54ccdb24870Secunia Security Advisory - Frank Mileto has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to disclose sensitive information.
d4ec931c32eac56df2a1ec5fc9724dd68008d82a99ecc7e79baba9771efa06baSecunia Security Advisory - A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of command line arguments.
59cbbcfa7e686fe8ef8eeed0c62e0acfde336cb713778930512d78d59c1d0234Password article that discusses common attacks and possible solutions.
3538e96f4db235417b69d3fe2694ab99b4e8ae7672633c45c99c2eb10fb74699TWiki Release 01-Feb-2003 and below remote code execution exploit in perl.
0a072dc39641233ff8523728ea4118373e6bd2bb4fa0c66b9edc40ca2e45e42dGFHost PHP GMail remote command execution exploit that achieves webserver id privileges.
3f16949c103704d441900ba1b74ee6b4743175756fe13c17ced1c7e2e43e7eceSamba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.
19cd039a672527a6b47d2c45a1745de3a774b639ca25e062a5e1932683d23767Call for papers for the Bellua conference being held from March 21st through the 24th. It will take place in Jakarta, Indonesia at the Hotel Borobudur.
bc06ebed080fe2c1da23d35f2f95485a972a98357aaa8c2272f68e3d49dac0ecp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
78702c2f8f43e546c8002d842fad47e077f205f16b6ac210cff5a285cdfe0d58Floppyfw is a router and firewall on one floppy disk. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy.
d5898b34b5e8fcca1c55049ddfb0c0e80cc8679971127e9acf53605cf04c3502The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here..
18c3643d5abc13291c89be6422f9faeb0f6c33a58497aa372db196c07b342521alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
2e562a5d56a143716ae8404d7ccca3b9a2034aaf751fc306ca68e3bd9bc69c2fVuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
86d0fcdd27e195df1a3081104e7057415b9929878a05adb79a7311ee4cd8c054Army Men RTS version 1.0 is susceptible to a format string bug that results in a denial of service.
b0edb52988fc0c2d479204cb4e5f55a2738415330abf4e16111143b5dbafc2dbThe Attack Tool Kit (ATK) is an open-source utility to perform vulnerability checks and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP). Check the website for more details. Source version.
7f89c48dbd6e74ad67035543136179675a0328f040fcecf4319d6c1e658b63ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed