Whitepaper giving an overview of a security assessment against Windows NT machines when penetration testing. Provides insight from both attacker and administrative perspectives.
f705ae5f0ef37d54227812c9a52ff8ac0207987b4489cfb8224af55ad18e2103
Secunia Security Advisory - A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to bypass certain security restrictions.
8ea371b8728a7aafe7a1feb2e6d8f4daf69f468638f58ec38b7721fa12121126
Two news flaws have been discovered in BIND. BIND 9.3.0 suffers from a denial of service flaw in its validator. BIND 8.4.4 and 8.4.5 suffer from a denial of service flaw due to an overrun exploitable in the q_usedns array which is used to track queries.
5926d2b1570d6b79c9dbf0eb3627bc595490c75b56c5ef11db4748fc5171fd12
Debian Security Advisory 659-1 - Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The configuration file gets installed world-readable and the same flaw that exists in mod_auth_radius for Apache is inherent in libpam-radius-auth as well.
23970a322ee025947949b427b88cd9aa8a5be13adf076f41317674fcacab8334
Siteman versions 1.1.10 and below remote administrative account addition exploit.
b877cfac097f68de3a9f7a2e28a40d53104a37f15d43fac11d8a0e3616a63bd3
Local root exploit for /usr/bin/trn. Tested on Mandrake 9.2, Slackware 9.1.0/10.0.0.
01582be97fed45d219f9fdddda6cbadc367a0d5d9c76671520bd0222ed537e2d
Remote format string exploit for Berlios gpsd, a remake of pygps. On Debian, it achieves uid of gpsd. On Redhat, it achieves root.
9cf987a3eb342c6394cc4295306f491839c95483078d7f507c259c3482d304c3
Berlios gpsd, a remake of pygps, suffers from a format string vulnerability that is remotely exploitable.
91f4951eb6348f3788887678a4451b9998f3f8c3cbacfcc1f0fda31e97293782
Whitepaper discussing the scope of information gathering used against web services. First in a series of papers defining attack and defense methodologies with web services.
41051ad1f79babf058f6e50a6da49759baee349f285fbc702e91c39d819f38f8
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
e49c838f75cdb2e17b23615fb4f9edca1937914ebd4c5588a5633fd1fb4d7016
White paper discussing the smashing of the Linux kernel stack.
96b0072d117741d1bfea9486c04178f967e4cc35cc5fae75bf7faef4e74dec7e
phpEventCalendar version 0.2 does not check title and event text when the data is inserted in the database, allowing for arbitrary HTML injection.
e8a699fef2e513e4378aa82199db727c3e572800b81722fc116d8c0e405fae00
Sun Security Advisory - A security vulnerability in the DHCP administration utilities dhcpconfig(1M), pntadm(1M), and dhcpmgr(1M) may allow an unprivileged local user the ability to execute arbitrary code with the privileges of root.
28d9fe4db2eec10195999416b29730e9a7757b54eb86793f5cefd1b241f69e4f
Debian Security Advisory 658-1 - The Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
33c649bdecf8390f19cc8ac37b7fe39371b11a83ce1bcdbec402e17800600144
Secunia Security Advisory - A vulnerability has been reported in BRIBBLE, which can be exploited by malicious people to bypass certain security restrictions.
49eed3024e0d77fd91982e0b5803f06cbf50a7556e65b4c8a7455ba4ea6deafb
Debian Security Advisory 657-1 - A heap overflow has been discovered in the DVD subpicture decoder of xine-lib. An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG. By tricking users to view a malicious network stream, this is remotely exploitable.
498b369f0d2a898c3a04161eb4c4a99551dffdf5ad433f3d72826e8074c9aee1
Debian Security Advisory 656-1 - The Debian Security Audit Team has discovered that the vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.
12a94e185f0315de627dd903f9482a3c97a473fe34f836fa4025467494c764bc
Debian Security Advisory 655-1 - zhcon accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.
522851362d262be05d4670766589389ed2043f1bfa8c3e992e3f7b9a58503231
Exponent CMS version 0.95 is susceptible to full path disclosure and cross site scripting vulnerabilities.
cba48bf52bb176ac8e8bda738703049a1c0e2915e1885ece04e0b5b76e7fb5a5
Detailed analysis of three different vulnerabilities that reside in AWStats which all allow for remote command execution.
74511a1c2d8b5d0dd45ea1e139574de5434d44c4a7e1207c7f78f2ac9324e365
White paper discussing the new ASH family of hashing algorithms. They are based off of modifications to the existing SHA-2 family and were designed with two main goals in mind: Providing increased collision resistance and increasing mitigation of security risks post-collision.
150fa7a85ac85ec3d91ca4a2ddc89e7acfe8f22d268b5d91541cd64b1165ebcc
Gentoo Linux Security Advisory GLSA 200501-31 - teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.
ed0dba4c77a665b500b135c1364a2634203b2a6511a369e8f746a7ebccd40c7a
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
7e5f59e36fea86dee34f35054a38c3def77a7e649306f58a478ebb0b875aca8a
The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here..
ebe4d9a3204ad599a3cdbe43f230345f48e5736d5746187f93756eac0728694c
Small application written to make life easier. It dumps C style opcodes between two provided offsets.
4e7b34bd72aa38097381c48faee3882bfff8bfafa9e16fcbd8a7d692399b7651