exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 88 RSS Feed

Files Date: 2005-12-28 to 2005-12-29

dtSearchDUNZIP32.dll.txt
Posted Dec 28, 2005
Authored by Juha-Matti Laurio | Site networksecurity.fi

Networksecurity.fi Security Advisory (21-12-2005) - dtSearch versions prior than 7.20 Build 7136 uses an old version of the unzip library leaving it vulnerable to a buffer overflow.

tags | advisory, overflow
SHA-256 | 51fe330f144ef9e411e758192529c4211a81e18becbbabd007c96b44b0cad5a7
fiked-0.0.4.tar.bz2
Posted Dec 28, 2005
Authored by Daniel Roethlisberger | Site roe.ch

Fiked is a fake IKE daemon that supports just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi-MitM attack. Basically, knowing the pre-shared key, also known as shared secret or group password, the VPN gateway can be impersonated in IKE phase 1, in order to learn XAUTH user credentials in phase 2. The configuration supported by fiked is IKE aggressive mode using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5. Main mode is not supported.

tags | encryption
systems | cisco
SHA-256 | a3c0f94df312321737665ba55342cacbf979b1e14b3fe978db667ccda9b0a1c4
listener-1.7.2.tgz
Posted Dec 28, 2005
Authored by Folkert van Heusden | Site vanheusden.com

This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.

Changes: Added one-shot recording. Can now write its pid to a file when running in daemon mode.
systems | linux
SHA-256 | 1fe69c16d833bb5e3570d7b140f764bf60de159217c5fe4fbc149cbc6a90d529
pbnj-1.12.tar.gz
Posted Dec 28, 2005
Authored by Joshua D. Abraham | Site pbnj.sf.net

PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

Changes: Fixed to work with nmap 3.95.
tags | tool, scanner
systems | unix
SHA-256 | 7dfa75fbdc954a4750794868a286fdaeb24b761326de9ab0329d2dafc49a9f1a
Nixory_0.3.8.zip
Posted Dec 28, 2005
Authored by Alfredo Spadafina | Site nixory.sourceforge.net

Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.

Changes: Update function improvements. Code bug fixes.
SHA-256 | 5630db73a1592e8dd250705409ffc8cb713f63fb8a67bcfa8262c254d47f5053
VolksbankXSS.txt
Posted Dec 28, 2005
Authored by Constantin.Hofstetter | Site consti.de

Germanys second largest financial institute's ebanking portal (Volksbank Raiffeisenbank) suffers from several XSS vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 290d5918ad1f1085432ec191baf145feb7f4fe566eb730da9139519b1239600e
iDEFENSE Security Advisory 2005-12-22.t
Posted Dec 28, 2005
Authored by iDefense Labs, iDefense | Site idefense.com

iDefense Security Advisory 12.22.05 - Local exploitation of a memory exhaustion vulnerability in Linux Kernel versions 2.4 and 2.6 can allow attackers to cause a denial of service condition.

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | c5245485d568127229433cc694c9bc779d36c92af8ea1a3be2f97d9d1d1f74a5
libdejector-pg-80x-1.0.tar.bz2
Posted Dec 28, 2005
Authored by rjh | Site sourceforge.net

Libdejector provides a simple, easy-to-use set of libraries that help Web developers give their database queries a great degree of resistance to SQL injection attacks. It currently provides Python bindings to protect PostgreSQL 8.0.3 through 8.0.5.

tags | web, sql injection, python, library
SHA-256 | 3f1e3eaf57ca5c133399983802ed629ea788e5db87fb6499b7f6c5ee661e71b6
VirusScanEnterprise8.0i.txt
Posted Dec 28, 2005
Authored by Reed Arvin | Site reedarvin.thearvins.com

McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) suffer from a privilege escalation vulnerability in the naPrdMgr.exe program. POC provided.

tags | advisory
SHA-256 | e2f1b1bdec4568e658224d179453848008ee5a72d9af96c39cff6fa848b0b16f
alph-0.15.tar.gz
Posted Dec 28, 2005
Authored by Corcalciuc V. Horia | Site sourceforge.net

alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.

Changes: Fixed help displacement. Removed TEA. Added permutations support. Updated manpage. Implemented/ported several hashing functions.
tags | encryption
SHA-256 | a4b5a9e302ee881ca0d4be628393d73ca286d1dbcea298c16d6e02f9999052ac
p3scan-2.3.2.tar.gz
Posted Dec 28, 2005
Authored by Alan DeKok | Site striker.ottawa.on.ca

Pscan checks C source code for problematic uses of printf style functions such as "sprintf(buffer, variable)", which have been the source of many security holes. It does not check for buffer overflows or other misuse of function parameters.

Changes: Update RipMIME to 1.4.0.6. Various bug fixes.
tags | overflow
systems | unix
SHA-256 | 570bdf87132b23120339e247809dc2cf37c2735d504f4e1072528c04d940bb5f
aimsniff-1.0alpha.tar.gz
Posted Dec 28, 2005
Site sourceforge.net

AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network which has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an AIM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with AIM login names (handles). A basic Web frontend is included.

Changes: Various enhancements.
tags | tool, web, sniffer
SHA-256 | f4c02e39706b17f94d5b03b3f34c4e94aed2e960d52f47bee669050273ff6831
plash-1.15.tar.gz
Posted Dec 28, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

Changes: Various enhancements and fixes.
tags | tool, shell, kernel
systems | linux, unix
SHA-256 | 8da706b8f21b81bf4cecc61fa0445f92ec7f250b2b4ddf619184f4a6ed6af72e
httprint_win32_301.zip
Posted Dec 28, 2005
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.

Changes: New multi-threaded engine. SSL in formation gathering. Automatic SSL port detection. Various bug fixes.
tags | web
systems | windows
SHA-256 | 0269ed87702b8247197f1b02cc80cd8c4664eb533c6726c854917c0b1aec0d4b
httprint_macosx_301.zip
Posted Dec 28, 2005
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Mac OS-X release.

Changes: New multi-threaded engine. SSL in formation gathering. Automatic SSL port detection. Various bug fixes.
tags | tool, web, scanner
systems | unix, apple, osx
SHA-256 | 236a57095d6bff81876c8a62710f6b82c3bed33378d46652976ee9b60b5abe46
httprint_linux_301.zip
Posted Dec 28, 2005
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Linux release.

Changes: New multi-threaded engine. SSL in formation gathering. Automatic SSL port detection. Various bug fixes.
tags | tool, web, scanner
systems | linux, unix
SHA-256 | 41eee3f135949f3b588e89ab0912e2e4e2d328d213f1b6103808ad205e6f7a41
httprint_freebsd_301.zip
Posted Dec 28, 2005
Authored by Saumil Shah | Site net-square.com

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.

Changes: New multi-threaded engine. SSL information gathering. Automatic SSL port detection. Various bug fixes.
tags | tool, web, scanner
systems | unix, freebsd
SHA-256 | 168127b70bc87f1a6e9256ed4aa3a076a7a23c7155e3fe8d5b11a25dc880fcce
NCISACIS-CFP.txt
Posted Dec 28, 2005
Authored by Jeimy J. Cano

The Sixth National Computer and Information Security Conference ACIS 2006 (NCIS 2006) invites all researchers and practitioners to submit research papers in security topics.

tags | paper, conference
SHA-256 | efe65068a2349fc067722f77d14d981df8bb5f8f4710a60e59e89628705c15f7
ciscoACS.txt
Posted Dec 28, 2005
Authored by Oleg Tipisov

Cisco PIX / CS ACS suffers from a downloadable RADIUS ACLs vulnerability.

tags | advisory
systems | cisco
SHA-256 | 6f16059639e83d55bc12bb4a13b51373fd439c7b0266db849011c26e6b3c9d58
fetchmail-SA-2005-03.txt
Posted Dec 28, 2005
Authored by Fetchmail | Site fetchmail.berlios.de

Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as "previously fetched", it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.

tags | advisory, denial of service
SHA-256 | 10352b536e05066e2e158d6fd8f19e2e726cce5f9c80d65ac839b59b616a77f1
Ubuntu Security Notice 232-1
Posted Dec 28, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-232-1 - Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.save_path' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server.

tags | advisory, denial of service, local, php
systems | linux, ubuntu
SHA-256 | 905265186e06d6da8f8e8c07d612c4dec22b3136a977f6e423073f1fdcbcd904
Ubuntu Security Notice 231-1
Posted Dec 28, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-231-1 - Updated kernel packages fix numerous problems.

tags | advisory, kernel
systems | linux, ubuntu
SHA-256 | 13510316310319019041a6413dcba60c7bb70f240b7f4298b4c2269ff911ae83
Mandriva Linux Security Advisory 2005.238
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
SHA-256 | 1782882c8205876d1db951ca810d0fc801afaa59174c5a22677905bc9045eeea
Mandriva Linux Security Advisory 2005.237
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
SHA-256 | 48e0742c5304c09a95746711f644a25532d52435c5ba701d7963b649065be6bb
Mandriva Linux Security Advisory 2005.236
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers.

tags | advisory, remote
systems | linux, mandriva
SHA-256 | 0e13a2bcaa6869705766460f020d1dc826fd673dcb42fae5cf36f52d2916fcdd
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close