PRTG Network Monitor version 7.1.3.3378 suffers from multiple cross site scripting vulnerabilities.
929aabab18dd36ddc0d64df2ed1835203b3bfafb3b51f2c7989ed4531b579fda
Zero Day Initiative Advisory 11-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.
525d12ef9dcc8cc2e5dc96c1991ef7b8a03b2480d4d6e79b8ffdb56c08950dae
Zero Day Initiative Advisory 11-245 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handle certain data in the login packets. Malformed packets can cause the service in question to lookup a function pointer outside a predefined function pointer array. It is possible to set this function pointer to an address where user controlled data exists and this will result in code execution under the rights of the user running the Monitor Server.
a33a5097372aa85175aa3ce715085578d3c1258260b45dacbedcb9fe9a6fb67a
As a part of its ongoing Hacker Intelligence Initiative, Imperva's Application Defense Center (ADC) observed and categorized attacks across 30 applications as well as onion router (TOR) traffic, monitoring more than 10 million individual attacks targeted at web applications over a period of six months. This report discusses and analyzes their findings.
d8446dc2813a8f3f673ae8f51f4af9ade74f8848efa267da16853c3e1e98f85f
Red Hat Security Advisory 2011-1005-01 - The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack.
67b1dcce5be13e37cd2984523d1ddf937e78182e6e8cb6deeab1273daf93197d
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
a0b9e0ca95eec52b9bbf0c29529435da64af9b3dfa943dbeca0cd77bf223edf2
IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers.
ae1239dbe215828238bde7e4d18f0fa35e3f33bfb61ed97549a17cb1ea60cd42
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
63cd333011cdd550c0a27631a8353e140b57da531c51c13539a22cf06043130b
Mandriva Linux Security Advisory 2011-093 - gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. The updated packages have been patched to correct this issue.
133358eb9b1e3342049c27a40590ee8e54c1d3400f66cf8890d620267994722f
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
fa766fe30723a4ead11423eaaadb48810a1c500231d02e5f06181a0e9f4ab51a
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
cc95d1e84d5b9148291c292070e03babbd1b1a9329a594602e0fa0c9a6633e1b
A Call For Papers for Network Protocols and Algorithms has been announced. Network Protocols and Algorithms is a free-access online international journal, peer-reviewed and published by Macrothink Institute. It publishes papers focused on the design, development, manage, optimize or monitoring any type of network protocol, communication system, algorithm for communication and any protocol and algorithm to communicate network devices.
69d3d8af620a0172ec05f8c775ee0f18bbc47179e2fe92e7407bc6e16d1ee5d1
Secunia Security Advisory - James Burton has discovered a vulnerability in Up.Time Monitoring Station, which can be exploited by malicious people to bypass certain security restrictions.
8c801b13a918da8f5e0d92e2786f5b5da6b097a796fd71617478df767d461b5a
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
3be1c2c3ddf9fa21e38ce94750996f036a69b033f1baf6d76c0a960a040fd74e
Secunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring.
b4d6069e426a25db12c199bb0bbf8aa422382313fa55762cd42c7ef2936d28c6
agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.
38f56dbf017f6cb260c4abf55f422fe540e95a4058f589a88f6314183e1d8435
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
e39d3eff755a71deca8fd07ef36e2abcce5e3da5fca10682c30721ab94df7c01
Debian Linux Security Advisory 2193-1 - Several issues have been discovered in libcgroup, a library to control and monitor control groups.
40fcf028da92f70eff44c87096e51147d2b810162614fe7325a0ebea1a4cfe2c
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
e5db2b48632f159cc60a9a8e844140ef425c17ccade7bc2eecbe444fd5897ae1
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Monitoring, which can be exploited by malicious people to cause a DoS (Denial of Service).
92e9b768bddc2cac3e86dfd6b5f2c4d0739332663f0b715e3192a66dc3dbd85e
Secunia Security Advisory - Multiple vulnerabilities and a weakness have been reported in Tembria Server Monitor, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks.
7b463ca791d3a64388e8073aeba3f08c5a3997a46f858547b606328e280b26e9
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
e540629c6ff9fde640ac60a02cfab398a398992ca4c964d45644c176ae77aba1
A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.
163a065cfecd676df474c29e1bd95914935a34327f5d1ac24420581f6c99a5ae
Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.
bd43f55446ef0b1ec184ba04169d7ae96d5669d34c462d144c86fcb05e1fc3d3
Secunia Security Advisory - Some vulnerabilities have been reported in PRTG Network Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.
1c0a791fad46576a02e0ffd89acd6201cf9e0d0c022646a6ea1283014ad22eb5
arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.
d3166f0de57729902d84a61626794494c4eac80ee58241d07c813809328e62cd