afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
733ee495b9979603e102afbec061968d3ded59e088c0985156b9b853efb19951PHPBB version 2.0.x - 2.0.10 is susceptible to a SQL injection attack.
4f053ca2bbaab78236728fbce72ffbc174d33b87706583f643af3eea32ae60cbPHP Bug Traq 0.9.1 is susceptible to SQL injection attacks.
45b549cb770039550a7badbf33fbf71cebed496975d3c1ae265c705d6e195c0fWhitepaper written to demonstrate that a shadow software attack is still possible. Winner of the ISW contest.
ac162a8e79af20c3b9196fab6fd12f64ea40f0f7fb57bedb4d9b9efa8d383bceRemote attackers are able to execute arbitrary commands in the context of the TWiki process for TWiki versions 20030201 and possibly in other versions as well. This flaw is due to a lack of proper sanitization of user input.
ac52112bc5ecb5d1c0b1b78be42869a3a5320137a2621f2fc66722fa6a94c04cSecure Network Messenger versions 1.4.2 and below suffer from a remote denial of service vulnerability.
b377941d0d36b5ed895485dbb5fd65db7ff06a1742ee0d1054119a629f139007The Alcatel/Thomson Speed Touch Pro ADSL modem suffers two security flaws allowing an insider to poison the intranet zone configured in the modem's embedded DNS server.
9bbdb6331e0c1c32a010de746600968e00b87e55d153201e72c3355b25408791Sudo version 1.6.8, patchlevel 2 is now available. It includes a fix for a security flaw in sudo's environment cleaning that could give a malicious user with sudo access to a bash script the ability to run arbitrary commands.
ae15d1dca83013b781fad2452080e5a499a8900efc4c6eaf12c3d0b18223c869AppRecon is small java tool that tries to identify applications by sending appropriate discovery broadcast packets. It currently finds PcDUO, SQL servers, and PCAnywhere. Source version.
96da068b9983635836978b40a0c279b98d04bddc777672204d57dbf0a2371d12AppRecon is small java tool that tries to identify applications by sending appropriate discovery broadcast packets. It currently finds PcDUO, SQL servers, and PCAnywhere. Binary version.
f4c7a1c06e12ec17e811639cd56271e818a10ece9c8a944861fa3d971f4ab34fFull analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.
a7c9529c4a026a4b4e4bdc5504bca409a177465b073217315de3f57e6b4fec18Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do: Sid Enumeration, passwords tests (common and dictionary), enumeration of Oracle version, account roles, account privileges, account hashes, audit information, password policies, database links. Source version.
ff82a3702f41f76dc68c3001663e5b2abeed11b39c29bd9695c60f499d431b83Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do: Sid Enumeration, passwords tests (common and dictionary), enumeration of Oracle version, account roles, account privileges, account hashes, audit information, password policies, database links. Binary version.
568c87e8ec57fcf37039bb2ea2fae79f326b566146e67659b846809bede4fb77Secunia Security Advisory - A vulnerability has been reported in UNARJ, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of long filenames in archives. This can be exploited to cause a buffer overflow by tricking a user into opening a malicious archive with a specially crafted path.
1b24393f6cc4b6c4ca04e89be845c1da2f1efb313196b5f887f342b10cadbf96Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
e2f26f3846de20178516424d49eb1349c6e9cf88956b078515ebd781394c5fa9Small paper describing how to add a quick backdoor into the setuid code for the Linux 2.4 kernel series.
d6a0b3435bc1259c10ef9e200f0493134aa6cc54884d849d2d3fd905ee01a0eeThe HP PSC 2510 runs an FTP daemon that is not configurable and allows anyone to upload a file to be printed without any authentication.
bf18f5acc8b050331a601891143389bed2576254e0deb4d4b227d1305ea658a9Technical Cyber Security Alert TA04-316A - There is a vulnerability in the way Cisco IOS processes DHCP packets. Exploitation of this vulnerability may lead to a denial of service. The processing of DHCP packets is enabled by default.
6d7e0df60be9abbc7bb549866d6dd8df85bbe76ad2cdc57356c933aab7f8eb8eGentoo Linux Security Advisory GLSA 200411-22 - Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.
2e4ad81859058f5f403a9fbc0e0f71e82875af13830ea244ece4a6e1088b855cGentoo Linux Security Advisory GLSA 200411-21 - An input validation flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles.
aa86bb696a8a65c378c83c31a6f74c86cb050a8eb76172d735a65943c42081b1By using hex encoded characters, it is possible to bypass the Zone Labs IMsecure and IMsecure Pro Active Link filters in versions prior to 1.5.
9ad480fc1508982f331ebe96771a14724dd47832f298d852b8a5ffb68d6e8b94phpWebSite 0.9.3-4 is susceptible to an HTTP response splitting vulnerability.
dccaec73a8efd8950f8ae5d5e5c5a5c3551434628a5919356513dad14e1260c1Additional information about recent discussion various entities have have with CyberGuard regarding their firewall.
19a8fdfc846e0b21cb2afdc9ab53f7ffe3fc6bccf1b0ccea948f74b104c2a750Technote remote command execution that spawns bash style shell with the webserver uid.
cf7c847a221079fefe6e5f2151df78d97bdcebfe14ada1a2da7e7178466d56dbA SQL injection bug exists in Phorum versions 5.0.12 and below. Exploitation example given.
273145d61ee5d47316156922e22a25efedd2e1f51e7919932c33fb24ac3b2ffe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed