radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
6b593dea6977f832910bfa6511c8c52762e74503a1edd6c4e71466afa52c7dfcafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
ccf388983b47fc1f8e85226a1d1f4d1b44f41a5bfdc7587b72148fcb0777f171iDefense Security Advisory 05.23.07 - Remote exploitation of a stack-based buffer overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. Opera 9.2 supports BitTorrent downloads. If a server sends the browser a specially crafted BitTorrent header, it can lead to a buffer overflow. The buffer overflow is triggered when the user right clicks on the item in the download pane. iDefense has confirmed the existence of this vulnerability in the Opera version 9.2 for Windows. Previous versions may also be affected.
27c3e133fe921c6258e20a9c2bd7db28f04bad4933ae646b769e8a46bc06e3e4FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.
8e2a86c43663ab976f1486f288aeb153a35b6755fa7c13f24c4527aa1cd9f14dSecunia Research has discovered a vulnerability in various eScan products, which may be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp). Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. eScan version 9.0.715.1 is affected.
84fcea0897dbcc7747ab1ab311052fadef29a9ac5675225bdb6fefbc7edd8d6e2z project version 0.9.5 is susceptible to SQL injection attacks.
8c1f0ad31e3bed991d06a6fc23cf198ac14ce4d6f9c1dae5aed59b395f0ed348An input validation vulnerability exists in the Cisco CallManager version 4.1 and possibly in earlier versions as well.
e8ec52bed7f7a15a6801ff5345ef0d8dcd9b16a7993afa2f2e9359f96d9661e7Simple Skype password cracker written in Perl.
2cd132cbd745bc4cf6895908ce3042740fe1ac6c1a9ec1575fb664736f5b3bfcUbuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
3fb2cb00293b9433bb7a314ad1133ece46c6ffedfee76a4d5aa89f878f586f2aMandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
c32d185de2531fd55fb4bb35f45a43423744d5fefac8aee1b0ed53a5b35d92e6Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aaphpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1eUbuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
ca0598a357569fce6ff669d7a3d77867c42650072d28dcc5457252e477124a60GMTT Music Distro version 1.2 suffers from a cross site scripting vulnerability.
1a0899d47b570e020d1cb2e46605734664563b5be76559eac2a7d188516cc3fcHP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
27057cb2fd99d8068558967fbe04a29bf3a5da8e7670c9421cc5131fc4465279The SRI (Romanian Secret Service) web site suffers from a cross site scripting vulnerability.
e06346ba4ed87594a59beb8b723f5609c1fc58ce693c886b0ebcfddcfea8348fClonusWiki version 0.5 suffers from a cross site scripting vulnerability.
289d9544c7f43f9c4c6fa455f0685062750af0d98e316537030a2a0c7b60ad38Seccheck is a feature rich, modular, host-level security checker for Solaris 10. Easily expandable with customised modules, Seccheck produces highly detailed reports based around known and published security best-practices and guidelines. It also produces recommendations on how to fix flagged security issues.
9d9784d9c3be953f976d0f5821ed15d163b127f5a474f9fcc3200fe1df98c103FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
a0746637f5138fab1d05f36d2739eaa287d102dd2b3c9adec47d675395dde8d1Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
6e95cac97dd31c0672d924b0560b7cefdfee1c459633660ce49287159ace5b7fMicrosoft IIS5 suffers from NTLM and basic authentication bypass vulnerabilities.
62deb75d4279d8e14703bd0f0c22f77345ca3d79b23d558d052acdb9ec13c878SniffJoke implements sniffer/IDS evasion techniques. SniffJoke runs on a network connected box by selectively applying evasion techniques to sessions involving it. Evasion application is governed by user rules and implemented with a netfilter/ulogd module.
fa26b5c1f7404da6b5ac31e14a7fe20607c48b583e5075bb8539ff76fdf04493BoastMachine version 3.0 Platinum suffers from a session hacking vulnerability.
b9939faf019e51e377ba9bd0a15a4a5d3e290a41e5be8ae123e3b113ca794505Jetbox CMS is susceptible to a cross site scripting vulnerability.
6ac317ad7caee78d4ad3a8792a585c3248aa1aa76ceadc5f4d61776064d276ea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed