Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
dc503670f5f50d3ad7205836f7cffd273c52e9e3cd8ae3c5148dffb95ce8cf59Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
33dc70a8d8f4ad20a9c9b8d476d431c713d8d94f1859b3efbaf1e178b36c2ca3NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
16167952e4a334334f8e9f53be5a84c690ceb13b0bf7fabe3c999102077196eeFSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
57d3e2021cf583ef60e92fa4663cf0592f650b690553594f83cc8d3adaa30f7eAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
ebc866c7d70166ac76ab0fa158e4bbf42780b4bd360e177f7a6586778b301374Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
8116398679eccdbf701b7ebca4b67fe6ccad023fff3124c4e36a8accaf56bfa9TinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
98f16bdd1ed8e7c52ef2032c59e1c0133c9971783122aa2b521f93e71e62b79cRootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
7a8c364fe1653c8f9d64054d07d2272ea239a5225ce2044024d79467df873c18Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.
b215a779092dd0caca33f471515297a08cca5d1ca016e757d5235e56f8590ec5Noah's Classifieds versions 1.3 and below are susceptible to path disclosure, SQL injection, cross site scripting, local file inclusion, and remote code execution flaws.
222c5ab8614a5070ec578a3880f833eec8e4283ef7b6e8203c91dc0d803fb051IPSwitch WhatsUp Professional 2006 is susceptible to a denial of service condition. Details provided.
9119a80ec0c9b33ed189c8cd59ba6129630ab16b6e6653b0067d501c16b92142IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.
f8316bbc40f81a1d40c3e902f0af3406d89e4ee05c47d023e44a90dfd9660f25Whitepaper discussing how DNS can be used for detecting and monitoring in a network.
b210657f8b0be23d7de0e86fc07f759d512f4e750767b85e19f8522445c088bfSUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.
15d9a76deb0ec2aec35d0fd89ec0f8a1a6a0c027a8f78750b5a4004c3e19d4d5Runcms 1.x is susceptible to cross site scripting attacks.
cc0222c4844dfb019b0120e9b8f26813cc93d65224b05ad5bec32e9b1a19088dSouth River WebDrive version 6.08 build 1131 is susceptible to a buffer overflow vulnerability.
6e6576a6ba534e62e3cf726664e8ffa2521c1d35fed2beaa540783da83a32ad6Whitepaper written to address both FUD and rumors surrounding the release of detailed information about the InqTana proof of concept worm.
97f38cd5ac3a5a8e7f37fced12c45e663ce5ca7f24ea52a2d3c528ce2ed49f19Exploit for the Windows Media Player vulnerabilities discussed in MS06-006. Written in Perl.
bb7d11bbd0b5d375eb88156ba7c14a48802c78cd9b354a8fddc33c3472cc07b2PEAR::Auth version less than 1.2.4 and 1.3.0r4 suffer from SQL injection flaws.
3181e9c1c858d0f66f213ffc468ef66ca9bf67e04f13d99ad1b4daaf96b43fb3Global Hauri Virobot is susceptible to an authentication bypass flaw.
3b3ac939a77acd88b3bd2b1eb448a9cedf10c16a6c06e1f6d4abbb794893e7b3PEAR LiveUser versions 0.16.8 and below suffer from an arbitrary file access vulnerability.
4f1104c84c5633441416416b6cdd57c8f560b13447508ef49b8bd0aee07eb9ccThe Mozilla Thunderbird 1.5 address book allows fields of an unlimited size, allowing for a denial of service condition to be exploited.
aacb29ea08cb4255c83f773299c7973921482ef69a32875d3a009c236cb94e7eBugzilla versions 2.17.1 and above suffer from SQL injection flaws. Versions 2.20rc1 through 2.20 and 2.21.1 suffer from cross site scripting flaws. Versions 2.19.3 and above suffer from sensitive data exposure flaws.
d93dee336abbfc43b275e42b4bba586d4cf78c544d317c84f7e33195ad077cecBlockbuster.com is susceptible to cross site scripting attacks.
8929769eff845e40b6bcccc1e9982328c09cfd50bbce1d114a60ad369a40fd64
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed