NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
20dbbcd69c62b1f0298146a9642f811d7d3a30a1d6079a63e11b33a9f93a90aeaircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
2b846933f4f803ae5112ed9d8e41b6aaeb793f50867a4ed9dc58c9043e9cdddcstrongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
afe4e2fb822512da8fc1df052775d2f171045beaee0ec8146444c4ff4ffa0c00XM Easy Personal FTP server version 5.0.1 remote overflow proof of concept exploit.
e871e58abd0876e23cb061e1576a4237670b226ee100db0208fcfe9af59e80f5The CBSMS Mambo module versions 1.0 and below are susceptible to a remote file inclusion vulnerability.
0597a8eb69bf54b2c11f80e65c17512cc2da862ff8fbe28ec307096e0fb68d81Debian Security Advisory 1103-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
0a2c54ad196f2cfa9218116b3bb0c6f5563fc7cba60ca178312a91393ea19b11Gentoo Linux Security Advisory GLSA 200606-26 - A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Versions less than 3.0.2 are affected.
9c1a77a9cc04b7dbab3b6df2d779d889c43fd9253d25127bbb48610c3c38eaa4Gentoo Linux Security Advisory GLSA 200606-25 - Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the ARRAY structure. Versions less than 1.21 are affected.
0794e1216598192b7faa2e37b6d5c7afd1e45d142030ef613239d3cadef0a55bClaroline version 1.7.7 suffers from cross site scripting vulnerabilities.
527e9653b808b6e4a406c0d9068e7977f88f686cc4e2f86849c34574150a37a9Ubuntu Security Notice 304-1 - Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicious GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.
8ce403909a08d5842575ce2c355e64f139717df41eaa70e0dc91eebc2d07d874The MyMail script from codingclick.com suffers from directory traversal and cross site scripting flaws.
24411c42600f120a197684951caecfa6a99f16c5f84cf155383a61d1f1ca8cedPlanetnews suffers from a php shell upload vulnerability.
ef667306450c5b8bd9a3d7cf601f6fbcfb6711e350fbe2e22f6ca46b1872f3abThe Online Registration Facility of Algorithmic Research PrivateWire VPN Software does not do proper bounds checking handling normal GET requests. Sending an overly long page or script name, it causes a buffer overflow and an attacker can control the EIP to run arbitrary code on the victims machine.
ed57108705046fce7f0788c8851c13a21b39073e06a3b2e3cc8860b156e305ddOpenPKG Security Advisory OpenPKG-SA-2006.010 - According to a vendor security release note, a memory allocation attack possibility exists in the GnuPG cryptography tool, versions 1.4.3 and earlier.
ea3e7fc582b6e512e44abc057870fae611e22a2034321248199f5314e97c3c3bDebian Security Advisory 1102-1 - Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
d71066c86798b30c24f5675f615a795a5fbdaaa5cf3fa7a86a19717324d08dcaCpanel is susceptible to code injection attacks that allow for cross site scripting.
f2c87e25fbcec1c60bc3fc2d7b6513698e76e621a925ec14c540693b63458cb2It appears that there may be a safe mode bypass via error_log() in PHP versions 5.1.4 and 4.4.2.
c6f9c7254b26d331e6110e668cae4d3caae2f637d4f4cd180b3663b45d4a142dDeluxeBB versions 1.07 and below Create Admin exploit that utilizes cp.php.
396573fa2da3ec314b74797f7bab74f27b01e03226629f3faf005fb127992782OpenGuestbook version 0.5 is susceptible to cross site scripting and SQL injection flaws.
2b065c9e0bddbe8487358e0a491f3ed4ca8a65459d9c3c6c969db4f9b80362f0BitchX (epic) versions 1.1-final and below do_hook() boundary check error remote denial of service exploit.
630ada8bce05ed0127632504da1341c7d28a164d6c1ff230287cbabf03900ad7In previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.
0a184d8c9cd14cdfc29f7f2d78a66c38915f67721aee3a75be265bfc14048501Mandriva Linux Security Advisory MDKSA-2006-111 - Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.
f8ed87c094831924481b8145d31f992ec2b91591761234bc0da068928d88502dDreamAccount version 3.1 remote command execution exploit.
f84e289412499815851982bb738080ec1122804134e5f00883743e171f7578b0Gentoo Linux Security Advisory GLSA 200606-24 - A boundary checking error was found in wv2, which could lead to an integer overflow. Versions less than 0.2.3 are affected.
64c9f199bfac9b81f814694c184b26d870f4a30569c979370e170a6f4452da03A vulnerability has been identified in the Cisco Secure ACS session management architecture which could be exploited by an attacker to obtain full administrative access to the web interface and thus all managed assets (routers, switches, 802.1x authenticated networks, etc). Cisco Secure ACS 4.x for Windows is affected. Legacy versions may also be affected.
fbf80693021296569355b9ad54cadd3aa96fd503cd199519dd68a9b42c2c781e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed