devialog is a behavior/anomaly/signature-based syslog intrusion detection system which can detect new, unknown attacks. It fits comfortably in a heterogeneous Unix/Linux/BSD environment at the core of a central syslog server. devialog can generate its own signatures and can act upon anomalies as configured by the system administrator. In addition, devialog can function as a traditional syslog parsing utility in which known signatures trigger actions.
1a50e7511b151577c6cd239e8038f80484be34918c6dd6c17745b36118382ce6pff (Php Fuzzing Framework) is a tiny tool that was created with the intention of discovering security and general bugs within Php functions.
4d0f87948f015600b4b1c890ebfef7fe135aa49b4dad26119a4e5a0318cbf177Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
cb9f2b6d56f5edf99b2749783be1b338908f8c1a0448cfeb0202ca2e6560b96dMandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM.
b93f7091d5665ec325b2a2caf689a1202a84ce986a6349e9e4b73f464f28224fMandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
5107393e4fd81e9809c45ffa61f7908d2b0080c598bdc2a03bcb40b8d44ff5f2Mandriva Linux Security Advisory - MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
4cd2dfda3abd3da192347bfa5dc015404e12766bbaff61198e938995406ef8edUbuntu Security Notice 480-1 - Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images. By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
a91fd0d8897cea2f8f95ff0c15f6f4d49a35439230d108372680f4415a723593The NetFlow Analyzer version 5 and the OpManager version 7 suffer from cross site scripting vulnerabilities.
903687236cd10c8ffd7a15e78746a174fb05988d7562c1a2d88dab24ab95b07eTwo closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk versions below 1.4.3. The vulnerabilities are very similar but exist as two separate unsafe function calls.
f8c568288ac57f37876970170b85ef7a0517044d2040d05c9e0ec46a28c0b31cRedTeam Pentesting discovered an information disclosure in the Fujitsu-Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog, one is able to access the restricted management interface without proper authentication, having read-only access.
5755b77929aa8732a6106dbc0f56daca9ebbee9456be4374b8c2399f6649319dFujitsu-Siemens ServerView suffers from a remote command execution vulnerability. Full details provided. Versions below 4.50.09 are affected.
fe430650a728998307c6d048c7010061a71ac1937d2e822e77dc7c23229a75c3Saphp suffers from a SQL injection vulnerability.
7c8e345059cf40eecc8fe447c2cd1f16af32f68a13a9e253e8d991c7de450b59SaphpLesson version 2.0 suffers from a SQL injection vulnerability.
7b646c0af945c8cef1e75d40df3526fa1c1666c250debed4ca607679081c4b2aPacSec 2007 Call For Papers - The conference will be held November 29th through the 30th in Tokyo. The conference focuses on emerging information security tutorials.
19eb358fd5858e09648cf473141d4804f5fc3e5d2cb54d63ce1dd9b9aa6a3f22MySQLDumper suffers from a vulnerability access control set by Apache can be bypassed. MySQLDumper 1.23_pre_release_REV227, MySQLDumper 1.22, MySQLDumper 1.21b, and MySQLDumper Typo3-Extension 0.0.5 are affected.
e1fd27940c995a2c6095123f4bcba8081c0d55febd1d9cfa0a174b90a4b4cd62strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
22dbe200bdb6bab1a8ca22b98ba34d114eec2a214be03e706e73b378d37ae12fNuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
7173c566aa92f0eaa0dff61ddd260baf92706fabcc8bb685e372a83b0a27e09fproxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
1c2fa744beb99f46844eb518721c9c32d048bf7b15541d6acbef6457faedf066PNphpBB2 versions 1.2i and below remote SQL injection exploit that makes use of viewforum.php.
f2d71f5dedfaafaf25886422c9b3979f3c19d476ba1d10ac2d3d5c3c625ab4a5MyCMS version 0.9.8 and below remote command execution exploit (another version).
ae85759da36c893e9c701dcb092475edd7ead51eb6e7d07213a7cf47b75cc8d1MyCMS version 0.9.8 and below remote command execution exploit.
42552dc859e7baff343626cc60604bdc00e49ba8792705cb84428a6faaf14c8eGirlserv ads version 1.5 and below suffer from a SQL injection vulnerability in details_news.php.
b1ebd236d36062180742af83736dd5c6b02a2442f7f22294025bb7f9c219cecdSuperCali PHP Event Calendar version 0.4.0 suffers from a SQL injection vulnerability.
30a5d4b48a07ff794af334a3931013d33b001fd9fc2c6695ffca9fee7a2994b2ESRI ArcSDE version 9.0 through 9.2sp1 remote buffer overflow exploit.
df46026f9eb1982298a1ca0831d7d65491b1e330ba2fd901746986a95aff3904AXIS Camera Control remote buffer overflow exploit that makes use of AxisCamControl.ocx version 1.0.2.15.
42cd44db03c1b4137f6d0af6c1eaa8e85f175f14a776edd11edd395be64652ef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed