Corsaire Security Advisory - The ServerMask 2.0 product from Port80 fails to full obfuscate header fields as promoted in their functionality. Detailed exploitation given.
7c87da8d19d481cd57af93b5bfb5090c438a002b7e201a42d24b3a916a318bc3Gentoo Linux Security Advisory - Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when using the inline MIME viewer for HTML messages. Versions below and equal to 3.2.4 are vulnerable.
338772f1964e654a99b8dc4a6f0e980ac1e4a7ea73c917388191d47d8380d55fHP Security Bulletin - A potential security vulnerability has been identified with HP Process Resource Manager on all OS versions running PRM C.02.01[.01] and prior. HP PRM is also used in Workload Manager, so this also affects WLM version A.02.01 and prior as well. This vulnerability could potentially be exploited to corrupt data on a system running PRM.
9f424afbc0a755d466b6bc6755b91cb3ab370a97e4a5a25e37abdd2b2a137e37The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This release includes 18 exploits and 27 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
195684a4f6d09e6f917ef6262ce313ea03c6d46913e117ac7b0c365f39688bf4GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
902422ab591fdb44c98c904b50391541b37caf05f20a8a05978358902698a38aThe Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
93acccb9dfe362d3f5fe4bb7dac727680341d124ac1770799631c5005e47afe1SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
d7f99cff51f03a16c57974aa7a3408056742999935580611ef1b98941a67dd8cEtherpuppet is a small program for Linux that will create a virtual interface (TUN/TAP) on one machine from the ethernet interface of another machine through a TCP connection. Everything seen by the real interface will be seen by the virtual one. Everything sent to the virtual interface will be emitted by the real one. It has been designed because one often has a small machine as his Internet gateway, and sometimes want to run some big applications that need raw access to this interface, for sniffing (Ethereal, etc.) or for crafting packets that do not survive being reassembled, NATed, etc. It can even run on Linux embedded routers such as the Linksys WRT54G.
863b14ae38d57610a3f33bb0a980374d2bd5221a339d16cc7410e46504b28957GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
aaaf4fa43812eb36dbf0bd7f4c5ebe6dd0791f282df704e0f737d1764d895a5aServ-u local exploit that achieves SYSTEM privileges using an old known buffer overflow. Tested against version 5.1.0.0. Lower versions are also susceptible.
473ef11f792615061dda874fb67854ff071fc75cf98c38a620e638cd1fd1ead6Web Audit Library (Wal) is a python module that provides a powerful and easy API for writing web applications assessment tools, similar to what Libwhisker does for Perl. Wal comes from the need of such a library for python. Writing web security tools using Wal is very straightforward. Wal provides the following features: send/receive/analyze HTTP 0.9/1.0/1.1, HTML parser, cookie support, anti-IDS, decoders/encoders, and much more. Requires python 2.3 or later.
d766189ecc039b81c388c3fd4c5c97f4f7a228f1e49597be0d0ef1a1d0fe0a29Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.
972d6fe44e1fb797e09e548c7999686a7e9c3eebf006c0c00a601a175aa174e5Williams Database Page Parser version 1.0 allows for arbitrary code execution due to a lack of input validation.
cbfa8c12c73d5c756aba20353eca3e25bba564b0698a166dd0991457ad84a4a7Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.
0d6e35558759b1bdcd894b8bb220468dfd6b6bf378afd89402c3fdd83f660625Typepad weblogging service is susceptible to a cross site scripting flaw.
11a5c797b20a6de2049a9f83ce9f07498398ce19087e85ec4771c68b6709cfefMoodle versions 1.3 and below suffer from multiple cross site scripting flaws.
39474593751158e5581fbeb17433849d7501b0600c4082a99e0be49a561c7f56
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed