NixFo NG is a script that scans Linux-based systems and does a complete inventory of anything installed, available, manipulated, or other wise.
db785dbd9a4085d4dcc6b07a2a3a10b5d79173c341fd2b8b4d2d7afe40497f75
K-MAC is an ethernet MAC address changer for Microsoft Windows. Binary only is included.
0104f64eef2f6985be3e5b122680828a7fa5e39bceabe2877a175932d52b552e
Hafiye 1.0 has a terminal escape sequence injection vulnerability that can result in a denial of service and remote root compromise. Exploit included.
2993ef3947a5ac963374139c0072f900346d288754b6f9793b5cc5d393d67c15
Bird Chat version 1.61 is susceptible to a denial of service attack.
3fd39ba61940268943a877e48620af76ea13d357c808d10f8725f4e5f0bf3a91
MusicDaemon versions 0.0.3 and below suffer from a remote denial of service and flaw where /etc/shadow can be extracted. Exploit included.
86d30b650082a4e71e7432e3cf564661de0639f7bc511f7a95e81c5f202a2ff8
AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
ec4720d9c7d4ab4b9477b7189c0ab79357e41d8ca4cbabfad14b2487a48a9a86
An unspecified vulnerability with an unknown impact has been reported in Novell Web Manager on Novell NetWare 6.5.
622530c4e4842b852d35adf6494b6a01eb2c009199653f013e352bc3558626ce
KDE Security Advisory - Konqueror suffers from a Cross-Domain Cookie Injection vulnerability.
b677033eae041feccfc0d629be666a7a4a676bbb34a2b617d81f358a7e7b56b9
Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available to help measure the effectiveness and minimum requirements necessary to succeed.
9a2a3ac2a7fab73e3531616d10a18f3463f39a502124e0e16d8a70bef8f02b21
JShop has a flaw in page.php that allows for cross site scripting attacks.
09ce1578e5d1e6cf20228662db59cd5e311a262c1bd1c3a532a675641ae5b29f
Axis versions 2100, 2110, 2120, 2420, and 2130 Network Camera along with the 2400 and 2401 Video Servers are susceptible to passwd file retrieval vulnerabilities, unauthenticated admin user additions, and hardcoded login/password flaws.
d1d78c221379418bea65762e89060fc19d494c26f885bd544cfcb10625efd868
eGroupWare version 1.0.0.003 is susceptible to a cross site scripting flaw.
2857363dac9c43f2774402925a849c4b3610100a22158155e0488e996121c3ff
A bit of a rant about how Microsoft and Virus scanners fail to properly pay attention to .txt file extensions and how they can be used by attackers to fall into the background.
229dfa0b0c78a9b80ce0ca073eee096c97a84c01ed37e967a28cc0d2f6cc95f2
Heap overflow exploit for the qt BMP parsing bug foundd in versions 3.3.2.
5f0e53294c355773c2f38b6454412d756b958c6cb98ef187c12fb0b5bcfb115e
imwheel version 1.0.0pre11 uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.
f6ab085f417793a02d07c3de39249974381b31d162ecd131d00e5b53e4085e33
Sympa versions 4.1.x and below are susceptible to cross site scripting attacks.
dca5ea288d664feb25de06ceaa5845417be3a151f5960a1b08d989b0f6436781
Mantis suffers from a remote PHP code execution vulnerability when the REGISTER_GLOBAL variable is set.
a70413a0d6384063116146614076f527699b5ef8da05f1e7d3c3af253afadf40
MyDNS is susceptible to a SQL injection and directory traversal attack that allows for arbitrary file download. Version 1.4.2 fixes the SQL injection bug while the other bug is in all releases.
c36816d86fbea1b951d53fd79107db3a521ddd12c0f07d1c786aac6deabbedd6
Mantis is susceptible to multiple cross site scripting vulnerabilities.
a6f58dd97966c39ee1d173207fb0d4d25219702ee1bad263cc675e5318ce6bef
Nihuo Web Log Analyzer version 1.6 is susceptible to a cross site scripting attack.
c263e36a8fee317f2235aa8dd8ff0783574b8734019449d3d921a4e478f2dbae
The sarad program used at the British National Corpus is susceptible to multiple buffer overflows. No authentication is required to perform the attack and they are network based.
3b5dbe5c14fa19bf31747e7ab1ad0dfe738810272c2dbce61216a3114a9177e7
GulfTech Security Advisory - BadBlue Webserver version 2.5 is susceptible to a denial of service attack when multiple connections are made to it from a single host. Exploit provided.
9dbe4e55fe1e227f34cc5142b74962afa63e4be85ce1d38e91e344f0ef74106e
Secunia Security Advisory - Lukasz Wojtow has reported a vulnerability in MySQL, potentially allowing malicious people to compromise a vulnerable system. The problem is that the mysql_real_connect() function does not properly verify the length of IP addresses returned by a reverse DNS lookup of a hostname. This could potentially be exploited to cause a buffer overflow and execute arbitrary code.
76cd75c8de4325b740e31c9fed621c75bd46469dea33b514242004d83f456dda
It has been discovered that Zone Alarm stores its configuration files in a directory that is forcibly left accessible to EVERYONE under Windows.
5267c7003017156a72b6a7fc6baedb7920bb27746633c9b9bb21b8e935e526f2