Remote physical device fingerprinting by exploiting small, microscopic deviations in device hardware: clock skews. Presents research showing accuracy equivalent to DNA matches, even when the target was hundreds of milliseconds away.
17e42aca61fb1e13d6384273c729283e39eb5b491370e0267bd70fdd7b2a8d12Physical device fingerprinting with TCP timestamp options. This is an advisory with content that is somewhat similar to a paper released around March 1st 2005 by a student at UC San Diego. The research was apparently conducted independently, though at the same time.
b4de6de4b311c4ab27f4d3f7102a136863fe0f5cb91de27acef22545932689f1E-Store Kit-2 PayPal Edition is susceptible to file include and cross site scripting vulnerabilities.
ac872074f1d371f1d96de015fc38c149d3b951e1b6eb8d240882fa2604fa3f38Various cross-site scripting and (possible) SQL injection vulnerabilities exist in ESMIstudio's PayPal storefront scripts. It may not always be possible to exploit some of these depending on how PHP, Apache, and MySQL have been configured, however.
d03061ea7d5a7ea3eb1416dbdfa817a53389af20ae542ec03be5886d095afffaphpMyDirectory version 10.1.3-rel is susceptible to a classic cross site scripting bug.
dc609682ea0be436f489714c736c23bb00e7ae0fb17eecc25ac54f603a31c330Gentoo Linux Security Advisory GLSA 200503-33 - Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing code of racoon. Versions less than 0.5-r1 are affected.
344b10d905106d75e0b928fecdc5658b4d02e3088beca6815d0f3a5855b033dbGentoo Linux Security Advisory GLSA 200503-32 - Mozilla Thunderbird is vulnerable to multiple issues, including the remote execution of arbitrary code through malicious GIF images. Versions less than 1.0.2 are affected.
ea980eb779657bb4c95e501cce5137daaf304417b185d45d2356cdb1aa9907e5Gentoo Linux Security Advisory GLSA 200503-31 - Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the remote execution of arbitrary code through malicious GIF images or sidebars. Versions less than 1.0.2 are affected.
34722b3781c6ab48eaf0417f7fafcb189d2c2197a5b82e98e2ee8224899dbde2Gentoo Linux Security Advisory GLSA 200503-30 - The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected.
9d55011510391e93916e5659f46da84667ab40997ad14fd73ea21b14aba0b7b5Maxthon browser versions 1.2.0 and below suffer from an information disclosure vulnerability via the m2_search_text property.
35d433c9ededc826bb1c5d3edff8514684d0c7d89b2113612b2fc0829ccdcf47The Netcomm 1300NB DSL modem is susceptible to a remote denial of service attack via being pinged.
488fd208679d8fd36d8e259117fd6e2adfa3eb81683451cc328d318382c2ef3fSmail versions 3.20.120 and below are susceptible to a remote root heap buffer overflow vulnerability and local signal handling vulnerabilities as well. Patch included.
687ed526cf062478c0cf3875a41bfd3238dd39ac7abefb34d516fac6450a322aOpenMosixView versions 1.5 and below are susceptible to multiple race conditions that allow for local filesystem compromise. Exploit provided.
b9c1093a21e505261adc128c3e17eed614abec30a08d7efe5bf1b6a323815f5aIron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
3facb37e0d7191a0c82b7cedb4235847db2011855f87f8c7ecd16a4dce9b821bTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
c6c0a0b7b86a3da405e57e770936c194aa744b11a029d922ce33e3af08788704A paper by Immunity describing in technical detail the details of the LLSSRV issue described in MS05-010. This paper also describes how this issue affects Windows 2000 AP SP3 and SP4 without authentication, something which was not described in the MS05-010 bulletin.
9a2d067a18b330af81f10c5e578a7b8b552bacf8da50268824d53fb63f24a752Secunia Security Advisory - Gangstuck and Psirac have reported some vulnerabilities in openMosixview, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
10fbe82d9178e18754b7a559938752496a8f4e962c81a220c0549b2b4be86dd2phpBB versions 2.0.13 and below remote user level exploit that makes use of an input validation flaw.
6063d27332d5f3503823051e6854c39f3a25d9019b23bebc49234540903a583fThis is a very simple exploit for a very stupid bug in Nokia/Symbian Series60 bluetooth device-name handling: basically, if your bluetooth device name contains a single newline character, a Nokia Series60 device which sees it will be extremely unhappy and go on strike. The attached "exploit" creates a file with a newline. Which you must then copy to your own device manually. All in only around 60 lines of Perl. However, securityfocus added this "exploit" to their archives, so why shouldn't we add it to ours as well?
546545508f77c1958b9ce1735612498007f1a7aa8fba1ec6093d8ace69c649dcSecunia Security Advisory - Two vulnerabilities have been reported in Dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) or poison the DNS cache.
d250102c09e7510c3f584263e94c5b24968626c9b0c7c8da90c0c971c2ce8a78Secunia Security Advisory - benji lemien has reported two vulnerabilities in DigitalHive, which can be exploited by malicious people to conduct cross-site scripting attacks.
b30f5a666a1304282f5c657c4f6fa7933bed69cf4c9674cd6a21054c1d8c9ba0Secunia Security Advisory - mircia has reported a vulnerability in Koobi, which can be exploited by malicious people to conduct SQL injection attacks.
0aa0e73ac2632675ea07c11b8418cd227eb86aa28e4caaa95d51a238183f155dSecunia Security Advisory - Alberto Trivero has reported a vulnerability in the Topic calendar module for phpBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
0e142eb6e84bbb92c03c2479536db6c4f043b46994a024c30816c99544b1ef08This is a simple script automating the equally simple exploitation of a trusted path bug in AIX. The problem lies in the invscout program.
f0c7b9b062abe8e53cf8f740bd579319dbb3ba0354d5f8b596e731d4cf5dce32Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
7314a0c6ebe50d8c71e44fcc520969a60d1d01a3c1a2e0a1d08b2b166eabf8ce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed