Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
d2f7efe7637cd9363466a80de70b288221b2c67b2aebea5ebadd611b0221bcbbAuthforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.
366adfda9dbdb2c6dfefa9c50f143fa535a77db17cbe0b7ef338f835e211f7dbaircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
64a9815f2897c5f4c544ece5357acb569770e125493793f59b7d8f208415dba7nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
a75128e2626f14ada625af996d0cc31e1ef291817127bdbba5e261920efd95a3The sftp server in ssh-3.2.9.1 from ssh.com may suffer from a remote off by one vulnerability.
8c93956e7669b4b8dc0b881882b3149e989a9c3c49c14cf81f26ba0dd84b0f15Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
6c83583361b6eac643ad28ec00b69b37e84140638e39e45f6f79b68236618c56Ubuntu Security Notice 459-1 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.
24139dfc21ec59756c03bff1b83a00a6e14f1c1709941f173dac2cab3ee8a8d9WordPress Akismet suffers from a cross site scripting vulnerability.
c58b33c5a88700c17f8a49c1e3dd50be6bbe12464020d73ce653e8e1337cc2b4Remote exploitation of a command injection vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with nobody privileges. The vulnerability exists within the code responsible for updating a user's password in the SAM database. Unfiltered user input is passed to "/bin/sh". This allows an attacker to execute arbitrary shell commands with the privileges of the nobody user. iDefense has confirmed the existence of this vulnerability in Samba version 3.0.24. Previous versions of Samba release 3 may be vulnerable. Release version 2 and below did not have this feature.
09d8dddb1bdf4c327afcf8233bd530bb69472f703ec593e9e88197895baafe67Fedora Core 6 (exec-shield) based Webdesproxy version 0.0.1 remote root exploit.
a597e3eae30fff3e173ea50fa5b8d93a0a45a5fcfe86ce236cd50280358629bfSonicBB version 1.0 suffers from cross site scripting vulnerabilities.
89536131142d22ebd0721e958f80cf261f62023d19c2d6999a6346c95e57e740SonicBB version 1.0 suffers from multiple path disclosure vulnerabilities.
1c74034eb2de7721f913efcc5bf99efb37250f57eb5c5834677497a4c212e738SonicBB version 1.0 suffers from multiple SQL injection vulnerabilities.
4238c5016d152f8249eae9a5bbfc2ea21a285513e6295e6c5aab388c1261a687Proof of concept code that demonstrates spamming vulnerabilities in Facebook.
0776225008a16e8ed6ea054c317572231bb5b9457af120343f808944c84a3ab9Facebook is vulnerable to a flaw that could allow an attacker to use Facebook to send mass emails to any victim address.
d9a1c44ef80d285e6f91bf3459dc786ba1623c63f4b02f3da1d1c378f35342e4BTCrack is a pairing handshake cracker against Bluetooth versions 1.0 through 2.0.
71e2be893da896bed2cd0fae228574c166f77063bfa981483bd59f634b1e59cdIn Samba versions 3.0.0 through 3.0.25rc3, unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
9e82fbe530a6ed212e4491072b4a99d5bc21489dc265219a522241d11631d74cIn Samba versions 3.0.0 through 3.0.25rc3, various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.
44a5bc88e32a784d90945493cb57c7cf6908f3a04ebe6ced34ff53e174361231In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.
02de903ea0f07758ea335309c38eb5f014df4b420fb1e348b4cbb54cbf6097e6Gentoo Linux Security Advisory GLSA 200705-14 - XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Versions less than 5.02 are affected.
dfeb074b5484bc8d9d64dac02e870671ebc4317e59431cfd071d2065879a29c1iFdate 2.x suffers from an unauthorized administrative access vulnerability.
219d01bcd37375c560406ea7ef180f6f8f821031304c136521ef59feeac8e9b0Debian Security Advisory 1290-1 - It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
be082b77c7a63122764d74206a6f9145da3669a0fa16d4defe10da27fa295b3fDebian Security Advisory 1289-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
c64e166fec13c2f963ed9074005676ddd21d12486c57ecd130b1cc58bb345e02spamd as included with Exim version 4.66 suffers from a buffer overflow vulnerability.
4b0f98d331b7749c0d64a655240d9befac04d5f48f9211580eb945a6b6df053fnotepad++ version 4.1 ruby file processing buffer overflow exploit for win32.
a94c3b69ca7e1bf525c7e26b2d1417c794a90e1191e066b5bf7ec61ad95b9338
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed