Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9
alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
dc503670f5f50d3ad7205836f7cffd273c52e9e3cd8ae3c5148dffb95ce8cf59
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
33dc70a8d8f4ad20a9c9b8d476d431c713d8d94f1859b3efbaf1e178b36c2ca3
NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
16167952e4a334334f8e9f53be5a84c690ceb13b0bf7fabe3c999102077196ee
FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
57d3e2021cf583ef60e92fa4663cf0592f650b690553594f83cc8d3adaa30f7e
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
ebc866c7d70166ac76ab0fa158e4bbf42780b4bd360e177f7a6586778b301374
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
8116398679eccdbf701b7ebca4b67fe6ccad023fff3124c4e36a8accaf56bfa9
TinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
98f16bdd1ed8e7c52ef2032c59e1c0133c9971783122aa2b521f93e71e62b79c
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
7a8c364fe1653c8f9d64054d07d2272ea239a5225ce2044024d79467df873c18
Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.
b215a779092dd0caca33f471515297a08cca5d1ca016e757d5235e56f8590ec5
Noah's Classifieds versions 1.3 and below are susceptible to path disclosure, SQL injection, cross site scripting, local file inclusion, and remote code execution flaws.
222c5ab8614a5070ec578a3880f833eec8e4283ef7b6e8203c91dc0d803fb051
IPSwitch WhatsUp Professional 2006 is susceptible to a denial of service condition. Details provided.
9119a80ec0c9b33ed189c8cd59ba6129630ab16b6e6653b0067d501c16b92142
IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.
f8316bbc40f81a1d40c3e902f0af3406d89e4ee05c47d023e44a90dfd9660f25
Whitepaper discussing how DNS can be used for detecting and monitoring in a network.
b210657f8b0be23d7de0e86fc07f759d512f4e750767b85e19f8522445c088bf
SUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.
15d9a76deb0ec2aec35d0fd89ec0f8a1a6a0c027a8f78750b5a4004c3e19d4d5
Runcms 1.x is susceptible to cross site scripting attacks.
cc0222c4844dfb019b0120e9b8f26813cc93d65224b05ad5bec32e9b1a19088d
South River WebDrive version 6.08 build 1131 is susceptible to a buffer overflow vulnerability.
6e6576a6ba534e62e3cf726664e8ffa2521c1d35fed2beaa540783da83a32ad6
Whitepaper written to address both FUD and rumors surrounding the release of detailed information about the InqTana proof of concept worm.
97f38cd5ac3a5a8e7f37fced12c45e663ce5ca7f24ea52a2d3c528ce2ed49f19
Exploit for the Windows Media Player vulnerabilities discussed in MS06-006. Written in Perl.
bb7d11bbd0b5d375eb88156ba7c14a48802c78cd9b354a8fddc33c3472cc07b2