Cisco Security Advisory - Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks. A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.
0fc1660d805f9db93b2f86459e3c50bd8ddc7a115b82343390d08c79b10a1348
ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.
c6b17bb453d52744e3c14270258284ead1e82fe3fff997919a781b5809c62d15
Denial of service exploit for Kerio Personal Firewall version 4.1.1 and below. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet.
2322c9ec4c631f18cfd73bf2a92082547345dcbf8b87c4dea72b485d9fc23ee3
Another SQL injection has been discovered in VBulletin Forums 3.0.x.
145e0d535e94017af9326e14595bea3ae597663ec9c333b27519f2e31525e6bd
Gentoo Linux Security Advisory GLSA 200411-19 - Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.
e7acf02ff8eb1af9a153c34492eccda803936a7a3d40d828a15ce24ecd5470a4
Secunia Security Advisory - A vulnerability has been reported in MIMEsweeper for SMTP, which potentially can be exploited by malware to bypass the scanning functionality.
d60932cf5dc14f91a5a02f20b8b6b66c3a01d611a496ea82382dac1711383470
Port scanner for Windows 2k/XP that is functional for both IPv4 and IPv6 networks. Binary, source code, and more information included in the archive.
a5bb3c8af652db7efbafd7ed702fd2112f87069ce86f720b9a5ce564f052c16d
THCSSLProxy is a small command-line SSL proxy for Window that is useful for penetration testing SSL services like HTTPS, SMTPS, LDAPS, POP3S, and more.
459707e52373c4c4554abf4a7c9af27ea3bb65cac657dfaa9466661d1f32da37
Technical Cyber Security Alert TA04-315A - Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. A buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of various elements, including FRAME, IFRAME, and EMBED. Because IE fails to properly check the size of the NAME and SRC attributes, a specially crafted HTML document can cause a buffer overflow in heap memory. Due to the dynamic nature of the heap, it is usually difficult for attackers to execute arbitrary code using this type of vulnerability.
dde5a26a7a4fb4dc3e79f0d5ca018fa7314b3d9e764f02c135b67d484a8eea60
Secunia Security Advisory - Isno has reported a vulnerability in CCProxy, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of HTTP requests. This can be exploited to cause a buffer overflow by sending an overly long HTTP GET request. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 6.0. Other versions may also be affected.
e1d743bac1a3fd1ee60d4d2392726e763433e4e7f3fbd44e532a0f825b31099b
Documentation on three vulnerabilities that were found in version 1.42 of 04WebServer. It includes a XSS vulnerability, lack of character filtering when writing to log file, and potential server restart problems after requesting a DOS device in the URL.
9e30e3662081d2b140cfec3c5c3ba0d3fb33894ffdf8a8d49135d7fe6b9219ca
Gentoo Linux Security Advisory GLSA 200411-18 - Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Versions below 2.0.52 are affected.
76d1d2898fb7705175f98e96ff30e6079808022a4cae65af6ca975adad7473fa
Cisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
89807afc17f23328aab35d1069b6eb558975a974913e0b9e6ca6b7d05ac7da8f
Hotfoon, an Internet telephony utility, is susceptible to automatically opening up malicious links.
ddc1e8ae83b7a0c9f1ed84cc9287c94d6a5020c9168bb9b740df9b2a9018e98c
Remote buffer overflow exploit for SlimFTPd versions 3.15 and below. Binds a shell to port 101.
72f616af4023fdd34e495c1bf2a94ae7cdbc6f584edcc17bfc9bb7541143cabd
LSS Security Advisory #LSS-2004-11-3 - There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC 2.8.9 is processing responses from an IRC server.
02fa0c273544d6c6d6ca526d37deda64a325e297648c1b5d576c8fe3f8f09317
Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.
6d1a1dcc2d1f40d16e7881000db74eeb1ea2358c6b174e5ef41c1033b6596cf8
YPOPS version 0.6 exploit that binds a shell to port 4444.
c13361895b2312a5aceebae12adcb8828b7f7a609ec446af093637d7dbfb40d5
The Nortel Networks Contivity VPN Client authentication error message provides more information than is necessary, thus allowing an attacker to discover existing users on the system.
6576f41f0da4b9552072593807ebc01db35f906e9339e3d99c75ff808b443230
SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.
7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45
The PHP application WebCalendar is susceptible to cross site scripting, http response splitting, code execution, path disclosure, and privilege escalation vulnerabilities.
04d765060243653b3a30ecc05d58fd77ebd4ed9f01c79850ecc9c7a6106b048f
tcpreplay is a BSD-style licensed tool to replay saved tcpdump files at arbitrary speeds. It provides a variety of features for replaying traffic for both passive sniffer devices as well as inline devices such as routers, firewalls, and the new class of inline IDS's. Many NIDSs fare poorly when looking for attacks on heavily-loaded networks. tcpreplay allows you to recreate real network traffic from a real network for use in testing.
0f2732c1b64fed61645d2db794a9029ad0a4621f6f38b0bbfc0c7e7c3e0de8fa
XScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock and has more than 150 modes.
26c217a35c5382d69ad6392dbb870448fd936dd1105f44894c3652d59bfc2ed0
SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.
d9d821493c5ca2ab189f62c8a2ae870d7c19a24ab945ffe74ee48826b92daf4e
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It includes HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs. Supports 18 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Cisco Pix.
1113f3457bdaca5ece514f97f066903383fb67f53713d9fc7fd37a5a3db0837c