Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
900970fc068773d754d8933eac0a6e68db1989453c1ebb6b191b834c484f1a07A vulnerability in the Easy Chat server allows access to files located outside of the "webroot" due to the possibility of trivial escaping the webroot by typing ../.
1ba6514dc76dc30874d70b47c661fca981be3bd1447ee0f283bc252d5d1fca3dA directory traversal vulnerability has been discovered in Enceladus web server beta 4.0.2. It can be trivially exploited by simply tying ../ as part of the URL to view directories or files outside of the webroot.
45baa81b8ebd39cec7e815c9ada004401417b35fbd5e6ea2b893461d52a7ed5bA cross site scripting vulnerability exists in Netegrity IdentityMinder Web Edition 5.6 SP2 for Windows and Netegrity Policy Server version 5.5.
60d8395a6691d3d4f0676d76c918575f97a8d986d0e069c2a2e903bd448fa6ffThe DI-624+ SOHO DLINK router suffers a script injection vulnerability that uses DHCP as a vector of attack.
d856de4fb4db87ed8574faf55666d66f7965ff1088c03f36522efd2cfcfa846eFreeBSD Security Advisory FreeBSD-SA-04:13.linux - A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation under FreeBSD. All 4.x and 5.x releases are susceptible.
95b92b3471dd0e17e060ce2b12c19604cca3827443a6bfe6ad4fc2e0fa9df522A lack of sanity checking in Centre version 1.0 allows unprivileged users the ability to change administrator options and create new accounts.
d807a0fae0b3b4095b2aa40f70ea4d4a25e1b17df1521ae12a2acf5f9d7e285fLotus Domino 6.5.0/6.5.1 has a flaw that allows every user the ability to change their quota on an imap-enabled Domino Server to any value.
1e05e346aab6dbd5c1d556e36fe01a66288355026f247923391d7eb1c139ca3eSecunia Security Advisory - A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites. The problem is that the browsers do not check if a target frame belongs to a website containing a malicious link, which therefore does not prevent one browser window from loading content in a named frame in another window. Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site. Affected browsers: Safari 1.x, Opera 5-7.x, Netscape 6-7.x, Mozilla Firefox 0.x, Mozilla 0-1.6, Konqueror 3.x, and Internet Explorer 5.x for Mac.
fb629750ab3d15674f76f3960bdef832ef7bc42602c49e107817ae08c89f9591Os-sim attempts to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. Supported platform is Linux.
0a7a78d600e2d02bb1e3592041536439e10d338732be13e907866116ab6f966bphpMyAdmin version 2.5.7 is susceptible to allowing remote malicious users the ability to inject PHP code. Full exploit provided.
3887a9ab442dd9cfe54535fe2c1cf53956fc6d2b0c4af5c41bb474addb3c2202afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
a2fc51f2e2295a2d4a07f443234cbcc0b7e6ae732f8c481d14a7aeecd57c67e2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed