what you don't know can hurt you
Showing 51 - 75 of 727 RSS Feed

Files Date: 2006-02-01 to 2006-02-28

Posted Feb 26, 2006
Authored by Debasis Mohanty | Site hackingspirits.com

Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.

tags | advisory, web, vulnerability
SHA-256 | b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9
Posted Feb 26, 2006
Authored by Corcalciuc V. Horia | Site sourceforge.net

alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.

Changes: Added BEALE. Removed unused variables. Fixed some hash returns (new character). Removed special character for complex parameters. Changed permutation and combination output file method. Added ZIGZAG. Corrected cipher count. Updated manpage.
tags | encryption
SHA-256 | dc503670f5f50d3ad7205836f7cffd273c52e9e3cd8ae3c5148dffb95ce8cf59
TOR Virtual Network Tunneling Tool
Posted Feb 26, 2006
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Various bug fixes.
tags | tool, remote, local, peer2peer
SHA-256 | 33dc70a8d8f4ad20a9c9b8d476d431c713d8d94f1859b3efbaf1e178b36c2ca3
Posted Feb 26, 2006
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This release fixes a critical bug that was introduced in 1.0.19, on the client side. 1.0.19 installations were unable to authenticate against the nuauth server on some SASL configurations.
tags | tool, remote, firewall
systems | unix
SHA-256 | 16167952e4a334334f8e9f53be5a84c690ceb13b0bf7fabe3c999102077196ee
Posted Feb 26, 2006
Authored by pixelbeat | Site pixelbeat.org

FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.

Changes: Added translations for Malay and Chinese (simplified). Various improvements and bug fixes.
tags | tool
systems | unix
SHA-256 | 57d3e2021cf583ef60e92fa4663cf0592f650b690553594f83cc8d3adaa30f7e
Posted Feb 26, 2006
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | ebc866c7d70166ac76ab0fa158e4bbf42780b4bd360e177f7a6586778b301374
Posted Feb 26, 2006
Authored by Todd Troxell | Site logcheck.org

Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.

Changes: Various updates. See changelog.
tags | tool, intrusion detection
systems | unix
SHA-256 | 8116398679eccdbf701b7ebca4b67fe6ccad023fff3124c4e36a8accaf56bfa9
Posted Feb 26, 2006
Authored by Stephan Martin | Site tinyca.sm-zone.net

TinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.

Changes: Fixed bug, which made keysize always 4096. Implemented correct usage of openssl crl depending on openssl version. Added tar file support for export.
tags | perl, encryption
SHA-256 | 98f16bdd1ed8e7c52ef2032c59e1c0133c9971783122aa2b521f93e71e62b79c
Posted Feb 26, 2006
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added support for Fedora core 4, FreeBSD 4.11, 5.2, 5.3, 5.4, 6.0, CentOS 3.3, CentOS 3.5, 4.1 and 4.2, Debian 3.1 (AMD64), RHEL WS/AS/ES 3 Taroon update 6, RHEL WS 4 Nahant Update 1 and 2, and Slackware 10.2.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
SHA-256 | 7a8c364fe1653c8f9d64054d07d2272ea239a5225ce2044024d79467df873c18
Posted Feb 26, 2006
Authored by nono2357

Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.

tags | exploit, javascript
SHA-256 | b215a779092dd0caca33f471515297a08cca5d1ca016e757d5235e56f8590ec5
Posted Feb 26, 2006
Authored by trueend5 | Site kapda.ir

Noah's Classifieds versions 1.3 and below are susceptible to path disclosure, SQL injection, cross site scripting, local file inclusion, and remote code execution flaws.

tags | exploit, remote, local, code execution, xss, sql injection, file inclusion
SHA-256 | 222c5ab8614a5070ec578a3880f833eec8e4283ef7b6e8203c91dc0d803fb051
Posted Feb 26, 2006
Authored by Josh Zlatin

IPSwitch WhatsUp Professional 2006 is susceptible to a denial of service condition. Details provided.

tags | exploit, denial of service
SHA-256 | 9119a80ec0c9b33ed189c8cd59ba6129630ab16b6e6653b0067d501c16b92142
IRM Security Advisory 17
Posted Feb 26, 2006
Authored by IRM Research, IRM Advisories | Site irmplc.com

IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.

tags | advisory, remote, root
SHA-256 | f8316bbc40f81a1d40c3e902f0af3406d89e4ee05c47d023e44a90dfd9660f25
Posted Feb 26, 2006
Authored by Antoine Schonewille, Dirk-Jan van Helmond

Whitepaper discussing how DNS can be used for detecting and monitoring in a network.

tags | paper
SHA-256 | b210657f8b0be23d7de0e86fc07f759d512f4e750767b85e19f8522445c088bf
Posted Feb 26, 2006
Site suse.com

SUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.

tags | advisory, overflow
systems | linux, suse
advisories | CVE-2006-0736
SHA-256 | 15d9a76deb0ec2aec35d0fd89ec0f8a1a6a0c027a8f78750b5a4004c3e19d4d5
Posted Feb 26, 2006
Authored by Roozbeh Afrasiabi | Site kapda.ir

Runcms 1.x is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | cc0222c4844dfb019b0120e9b8f26813cc93d65224b05ad5bec32e9b1a19088d
Posted Feb 26, 2006
Authored by Adrian Castro

South River WebDrive version 6.08 build 1131 is susceptible to a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 6e6576a6ba534e62e3cf726664e8ffa2521c1d35fed2beaa540783da83a32ad6
Posted Feb 26, 2006
Authored by Kevin Finisterre

Whitepaper written to address both FUD and rumors surrounding the release of detailed information about the InqTana proof of concept worm.

tags | paper, worm, proof of concept
SHA-256 | 97f38cd5ac3a5a8e7f37fced12c45e663ce5ca7f24ea52a2d3c528ce2ed49f19
Posted Feb 26, 2006
Authored by Matthew Murphy

Exploit for the Windows Media Player vulnerabilities discussed in MS06-006. Written in Perl.

tags | exploit, perl, vulnerability
systems | windows
SHA-256 | bb7d11bbd0b5d375eb88156ba7c14a48802c78cd9b354a8fddc33c3472cc07b2
Posted Feb 25, 2006
Authored by Matt Van Gundy

PEAR::Auth version less than 1.2.4 and 1.3.0r4 suffer from SQL injection flaws.

tags | advisory, sql injection
SHA-256 | 3181e9c1c858d0f66f213ffc468ef66ca9bf67e04f13d99ad1b4daaf96b43fb3
Posted Feb 25, 2006
Authored by Xpl017Elz | Site inetcop.org

Global Hauri Virobot is susceptible to an authentication bypass flaw.

tags | advisory
SHA-256 | 3b3ac939a77acd88b3bd2b1eb448a9cedf10c16a6c06e1f6d4abbb794893e7b3
Posted Feb 25, 2006
Authored by James Bercegay | Site gulftech.org

PEAR LiveUser versions 0.16.8 and below suffer from an arbitrary file access vulnerability.

tags | advisory, arbitrary
SHA-256 | 4f1104c84c5633441416416b6cdd57c8f560b13447508ef49b8bd0aee07eb9cc
Posted Feb 25, 2006
Authored by DrFrancky

The Mozilla Thunderbird 1.5 address book allows fields of an unlimited size, allowing for a denial of service condition to be exploited.

tags | advisory, denial of service
SHA-256 | aacb29ea08cb4255c83f773299c7973921482ef69a32875d3a009c236cb94e7e
Posted Feb 25, 2006
Site bugzilla.org

Bugzilla versions 2.17.1 and above suffer from SQL injection flaws. Versions 2.20rc1 through 2.20 and 2.21.1 suffer from cross site scripting flaws. Versions 2.19.3 and above suffer from sensitive data exposure flaws.

tags | advisory, xss, sql injection
SHA-256 | d93dee336abbfc43b275e42b4bba586d4cf78c544d317c84f7e33195ad077cec
Posted Feb 25, 2006
Authored by Matthew Benenati

Blockbuster.com is susceptible to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 8929769eff845e40b6bcccc1e9982328c09cfd50bbce1d114a60ad369a40fd64
Page 3 of 30

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By