Fileutils 4.1 programs crash when working with huge directory trees. Proof of concept included.
9b92da80932cccb05d1b78007d83a22161864bc8382d6afa2e21cdfded8047e5HP OpenView Network Node Manager 6.41 and 7.5 running on Solaris 8 and possibly other versions suffer from an input sanitization vulnerability leading to command execution.
3e81f46fdcedfadbe17c7ee06e37ef2087c97af56053ad55459cd886e0a9cd78The new iTAN security feature for online banking promoted by german banks does not protect against phishing attacks and trojans as claimed.
cb1adf92269713fa4bf2b3ab42a898b4be796883e01115470b2291968fd231e9notSPIKEfile is a Linux based file format fuzzing tool. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It operates on an existing valid file and creates fuzzed files. It utilizes ptrace to pick up interesting signals and dump register state.
a2711126e8e8aebe618ca5d104cfa7e7468de6b5e3b1deee14a96dc6200dd065FileFuzz is a graphical, Windows based file format fuzzing tool. FileFuzz was designed to automate the creation of abnormal file formats and the execution of applications handling these files. FileFuzz also has built in debugging capabilities to detect exceptions resulting from the fuzzed file formats.
5a48c119109eb4bb7ff3b47201cae195735e48aa12255c9ab609f151d6fd7ee7SPIKEfile is a Linux based file format fuzzing tool, based on SPIKE 2.9. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It uses standard SPIKE scripts to generate files and utilizes ptrace to pick up interesting signals and dump register state.
56cfbaebafdad233b4cdf6e8075cef5dfbee94c35cdf1f519178d47016e00352AIRT (Advanced incident response tool) is a set of incident response assistance tools for Linux. Tools allow you to look for hidden modules, processes, and ports. Additionally, two tools will dump and analyze hidden modules.
fa4e37a903f7eb885ccc5be899262208a30d0272b59169f9e477b5de7ea0879fGNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
77a6b3f2b104bd6387f228dfd1f65ac68c4fc61ecad61c8b62e4a332791f082fSysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
e79617a3497971702e0be67e1f70480b75311ba9e0f36b43e84dacf09d1d3019Password protected windows bind/reverse shell backdoor written in Visual C++ Archive password is set to p4ssw0rd. Use at your own risk.
0475009407cb1326228f33e0edd9b896Astaro Security Linux 6.0.0.1 suffers from several vulnerabilities.
23dc7633c5a9b447fdb1049d7a5414bb229327bbae59eb7b99df53cbe0999110Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
e296dc932558876aa03691cc4ba4a8ff742813c8186cbe20bf4bf2e7e1e662baInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
67dac94f58834ac95814d61aff301273abab4bf7af28c2c919f89dbece0aae80A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device.
c78df857068d0651a0e2e8ea70b1df85952d226a1d91be949a7a2474ffc93450Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root.
1eb757480487e5bde151ffe0b5c8a09b452e11ae2137fe90de1c1c1398988c76It has been discovered that libpam-ldap, the Pluggable Authentication Module allowing LDAP interfaces, ignores the result of an attempt to authenticate against an LDAP server that does not set an optional data field.
a74992637e7caddaf288f4816c0a816ce56ad09221e09eaa931c5a8815a9e774A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. The default configuration on Debian has SPF checking disabled, so most machines are not vulnerable. This is explained in the "courier" manpage, section SENDER POLICY FRAMEWORK KEYWORDS.
4791db65b070115c9319262602f28a2428e8d493c034f745fedfc4a9a49b79ffGentoo Linux Security Advisory GLSA 200508-17 - libpcre fails to check certain quantifier values in regular expressions for sane values. Versions less than 6.3 are affected.
224bda203275253f4274882215e35069c1a73ee408abb30f862e41a7cc47ac47Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
1ea81aaa2aa236628ac103090c6ba94ca9fabfeb20d246d321c0a91cc7b54d51Secunia Security Advisory - Two vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions.
51b1c5f0892cfab0d57a8221cd05d237a39bd44486061557538e74f451378444Secunia Security Advisory - Maksymilian Arciemowicz has discovered a vulnerability in PostNuke, which can be exploited by malicious administrative users to conduct SQL injection attacks.
133ece29c89761df1c92e41b04b9a93bdb747053223f15aa1c95b3621f9b2968Secunia Security Advisory - Gentoo has issued an update for tor. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose or modify certain sensitive information.
c673188a76d0dafc7c15679819b22ea46f7c6da5fa110372843de5dd81a15698Secunia Security Advisory - Donato Ferrante has discovered a vulnerability in Home FTP Server, which can be exploited by malicious users to access arbitrary files on a vulnerable system.
2b755b75be2fa4b2ebd14998b8a07242a92f17271db2939dc5d2441e908f90d9Secunia Security Advisory - Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious administrative users to conduct script insertion attacks, or by malicious people to bypass certain security restrictions or compromise a vulnerable system.
2cee8ba228708e549f7d184c6322bb69c7c38a1ec6d4ae42c915e108b42f8ea5Secunia Security Advisory - Filip Sneppe has reported a vulnerability in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service).
38f4737b6e6cdc8991b8227d81480f79f3ddfbc995425df1acd9c74c836cb2ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed