Networksecurity.fi Security Advisory (21-12-2005) - dtSearch versions prior than 7.20 Build 7136 uses an old version of the unzip library leaving it vulnerable to a buffer overflow.
51fe330f144ef9e411e758192529c4211a81e18becbbabd007c96b44b0cad5a7Fiked is a fake IKE daemon that supports just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi-MitM attack. Basically, knowing the pre-shared key, also known as shared secret or group password, the VPN gateway can be impersonated in IKE phase 1, in order to learn XAUTH user credentials in phase 2. The configuration supported by fiked is IKE aggressive mode using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES128, AES192, AES256, MD5, SHA1, and DH groups 1, 2, and 5. Main mode is not supported.
a3c0f94df312321737665ba55342cacbf979b1e14b3fe978db667ccda9b0a1c4This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
1fe69c16d833bb5e3570d7b140f764bf60de159217c5fe4fbc149cbc6a90d529PBNJ is a network tool that can be used to give an overview of a machine or multiple machines and includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.
7dfa75fbdc954a4750794868a286fdaeb24b761326de9ab0329d2dafc49a9f1aNixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.
5630db73a1592e8dd250705409ffc8cb713f63fb8a67bcfa8262c254d47f5053Germanys second largest financial institute's ebanking portal (Volksbank Raiffeisenbank) suffers from several XSS vulnerabilities.
290d5918ad1f1085432ec191baf145feb7f4fe566eb730da9139519b1239600eiDefense Security Advisory 12.22.05 - Local exploitation of a memory exhaustion vulnerability in Linux Kernel versions 2.4 and 2.6 can allow attackers to cause a denial of service condition.
c5245485d568127229433cc694c9bc779d36c92af8ea1a3be2f97d9d1d1f74a5Libdejector provides a simple, easy-to-use set of libraries that help Web developers give their database queries a great degree of resistance to SQL injection attacks. It currently provides Python bindings to protect PostgreSQL 8.0.3 through 8.0.5.
3f1e3eaf57ca5c133399983802ed629ea788e5db87fb6499b7f6c5ee661e71b6McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) suffer from a privilege escalation vulnerability in the naPrdMgr.exe program. POC provided.
e2f1b1bdec4568e658224d179453848008ee5a72d9af96c39cff6fa848b0b16falph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
a4b5a9e302ee881ca0d4be628393d73ca286d1dbcea298c16d6e02f9999052acPscan checks C source code for problematic uses of printf style functions such as "sprintf(buffer, variable)", which have been the source of many security holes. It does not check for buffer overflows or other misuse of function parameters.
570bdf87132b23120339e247809dc2cf37c2735d504f4e1072528c04d940bb5fAIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network which has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an AIM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with AIM login names (handles). A basic Web frontend is included.
f4c02e39706b17f94d5b03b3f34c4e94aed2e960d52f47bee669050273ff6831Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.
8da706b8f21b81bf4cecc61fa0445f92ec7f250b2b4ddf619184f4a6ed6af72ehttprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.
0269ed87702b8247197f1b02cc80cd8c4664eb533c6726c854917c0b1aec0d4bhttprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Mac OS-X release.
236a57095d6bff81876c8a62710f6b82c3bed33378d46652976ee9b60b5abe46httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Linux release.
41eee3f135949f3b588e89ab0912e2e4e2d328d213f1b6103808ad205e6f7a41httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.
168127b70bc87f1a6e9256ed4aa3a076a7a23c7155e3fe8d5b11a25dc880fcceThe Sixth National Computer and Information Security Conference ACIS 2006 (NCIS 2006) invites all researchers and practitioners to submit research papers in security topics.
efe65068a2349fc067722f77d14d981df8bb5f8f4710a60e59e89628705c15f7Cisco PIX / CS ACS suffers from a downloadable RADIUS ACLs vulnerability.
6f16059639e83d55bc12bb4a13b51373fd439c7b0266db849011c26e6b3c9d58Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as "previously fetched", it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.
10352b536e05066e2e158d6fd8f19e2e726cce5f9c80d65ac839b59b616a77f1Ubuntu Security Notice USN-232-1 - Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.save_path' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server.
905265186e06d6da8f8e8c07d612c4dec22b3136a977f6e423073f1fdcbcd904Ubuntu Security Notice USN-231-1 - Updated kernel packages fix numerous problems.
13510316310319019041a6413dcba60c7bb70f240b7f4298b4c2269ff911ae83Mandriva Linux Security Advisory - A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).
1782882c8205876d1db951ca810d0fc801afaa59174c5a22677905bc9045eeeaMandriva Linux Security Advisory - A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.
48e0742c5304c09a95746711f644a25532d52435c5ba701d7963b649065be6bbMandriva Linux Security Advisory - Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers.
0e13a2bcaa6869705766460f020d1dc826fd673dcb42fae5cf36f52d2916fcdd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed