Gentoo Linux Security Advisory GLSA 200503-29 - A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Versions less than 1.4.1 are affected.
96c4242123809d1429ef462689659c010fe012116e599881e6a523f1fbc49c25
Gentoo Linux Security Advisory GLSA 200503-28 - Jouko Pynnonen discovered that Java Web Start contains a vulnerability in the way it handles property tags in JNLP files. Versions less than 1.4.2.07 are affected.
8e2ab8d748ac834891f2f6e5124c3bcf51cf9ad70702c382ccb2c3b56fc5ab14
Trillian versions 2.0, 3.0, and 3.1 are susceptible to a buffer overflow vulnerability. The AIM, Yahoo, MSN, RSS and other plug-ins that connect to an external web server have a buffer iteration overflow in their handling of HTTP 1.1 response headers.
45125550c02d75c94f65198c6b0b20fbcfc43d9d7cbf78c18d4086b54f4095df
The o2 Germany cellular provide has mass messaged their customer base in a manner that might promote SMS-Phishing.
049326b92b5699195c777c5f6c4af2541bef5ca0b19e35fac6f98ef09d089afb
Secunia Security Advisory - James Bercegay has reported two vulnerabilities in Double Choco Latte, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a vulnerable system.
ae446a5097f6219bbe61700074393cacb22e132ac8f514ec276038996d4bc5f5
Secunia Security Advisory - Francisco Alisson has reported a vulnerability in Vortex Portal, which can be exploited by malicious people to compromise a vulnerable system.
e57f31012afdfabf94aac5cc95531b276a7eeb341159f60b0f6d821b7f03b26b
The Oracle Reports Server 10.g (9.0.4.3.3) is susceptible to cross site scripting attacks in an example jsp.
4b42999c29687556552c450533c4cd10dfda867c0918e33b2b82699661235c9e
Secunia Security Advisory - mircia has reported a vulnerability in Interspire ArticleLive 2005, which can be exploited by malicious people to conduct cross-site scripting attacks.
597b389e755e50566125f63507110ede1188a042352a195f2f71ad6298eb3644
Secunia Security Advisory - Two vulnerabilities have been reported in Mozilla, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
5539938eeb1303153c9aabde9711dd27216fbcbdf771fe2a68d3884f06c31cb7
Secunia Security Advisory - Mark Dowd has reported a vulnerability in Thunderbird, which can be exploited by malicious people to compromise a user's system.
b9e76392507f232dfe92cf92e2a1d1b86008571aeb3d7ed59bdeb97c981a7ebd
Secunia Security Advisory - Three vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
0c54496454c17b292386df7c351ffb4ecebb79389e30b9875bb9d517a221317c
CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft.
2cdfe31997fff723cd665adf730411f3a7dd77e9ed01a235184add2fbf8b1795
Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.
111d602c6d49d7cf172b6d139521c1cabf83ed7201a241e1186dee257802ea76
Ubuntu Security Notice USN-100-1 - Javier Fernandez-Sanguino Pena noticed that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), this could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking cdrecord.
4cf08a2a30bb3b2909745c3e9606276b191419dc4ca55f5463124c3180c7fcc9
Whitepaper discussing the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services.
d845104342be64b7e0981391fa4587731812589b1eaa8df8bb900cb3c06d39eb
Web Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.
6caf1ed5d6a9f25b75acf4adba7d8d25877548097bc1e32c33cbdd10fce7536c
Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed.
652f3ffd352987862023f21352d71cd9b85d877cd03282f393f3d00cedee8a5a
SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl. It provides efficient methods of determining which test case has caused a fault, offers more testing granularity and a friendlier user interface. Happy vulnerability searching.
6f8e40ebced231abc98ee810fa50e440085cb8daf39fb376e11fd4e3630cfc37
Nessus version 2.2.4 is a free, up-to-date, and full featured remote vulnerability scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available This is the automated *nix installer.
8877db4220b9c258e9fc7326ad0f8aaec1f499ab218105a0d328b578c3e141f2
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
176e2ad8d0251cdf2e24d55b9f290e8ac50d6fceefc0ca908fd45d06ada3bb07
Codebug Labs Advisory 08 - Topic Calendar 1.0.1 for phpBB is susceptible to cross site scripting attacks.
bc64b25734b4ce0cf4bc9f5202bb8cfb37448fc4e3c557f8b9dc7905a6e9b617
phpSysInfo 2.3 is susceptible to cross site scripting flaws.
997c6e061bcef28ef540a639cef2a7fa6dfc3996de479cb79ba942a528a7f54f
Attacking PC based 5250 terminal emulations from an iSeries server. Paper describing how insertion of commands inside an AS/400 application allows them to be executed as a command on the connected PC.
217d0c1b9f177df1e380748a230cda90e51eeffaca5ecf0c5331199b95d7e20e
The Vortex Portal is susceptible to a remote file inclusion vulnerability.
254cd3b147b49663725f0bae937ddccf0adb7a9945c2bc82bcfb690ef8823214
A vulnerability was found in SurgeMail's Webmail file attachment upload feature. This vulnerability may be exploited by a malicious Webmail user to upload files to certain locations on the server, obtain file listings of certain directories, and/or send certain files on the server to him/herself. Two XSS vulnerabilities were also found.
bc8b30081d411a63cbb46392a69ad71e4bd6cf541f5daa935b7d38c891ea4700