AzDGDatingLite version 2.1.3 suffers from a remote code execution flaw due to a directory traversal.
97556fbb2e367d70682acc839f014c8f2cc2cb37a9f76858a487910b1385d69aNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
fdd695ed646ba03890abf55e57c52fe65df0144d354c80352574a5c83adfe5ccAirfinder is a simple Linux program written to help locate a specific wireless MAC address.
385a8138d7669f4b728acc8837a144a14b443211f3f843935cdd729a252adb1cOpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
73b57ac842a30b40507de2e2cad20efb84fcaf3aae49823dd96f2eaaec54132cValhala Honeypot is a simple and easy-to-use honeypot for Windows. It provides servers like ftp, finger, telnet, smtp, etc.
75d30e8c33a80f66ae44b0f1f6d3fb8d70f9803ef7578c3d3e4827af2673b5abCIRT Advisory - Ipswitch Whatsup small Business 2004 suffers from a source code disclosure flaw.
2a4a3eeff68c3411a3722811eefd0cd686d1571e0dc6357ac69038b0d5b0f5d0CIRT Advisory - Ipswitch Whatsup Gold 8.04 is susceptible to a cross site scripting attack.
25c3c63923c1717774536bee62236cd9d948ab3e6e782fc3aa7fd852809595bdCIRT Advisory - Ipswitch Whatsup Gold 8.04 suffers from a vulnerability where access is allowed to the source code of all files.
dee853136bfeb67555671bd11ba86523606228c30de1e0f44b322b931fc25069diStorm is a binary stream disassembler. It's capable of disassembling 80x86 instructions in 64 bits (AMD64, x86-64) and both in 16 and 32 bits. In addition, it disassembles FPU, MMX, SSE, SSE2, SSE3 and 3DNow! (w/ extensions) and new x86-64 instruction sets. diStorm was written to decode every instruction as accurately as possible. Robust decoding, while taking special care for valid or unused prefixes, is what makes this disassembler powerful, especially for research. Another benefit that might come in handy is that the module was written as multi-threaded, which means you could disassemble several streams or more simultaneously.
bd785497e0466296f83fa4aa1d81e5e1eac3e326bc73e47146593b00a62513ffFileZilla PWDump is a utility that dumps all FileZilla (client) credentials from the Windows Registry and decrypts the passwords. It should work on FileZilla client versions 2.2.15 and below.
378cdb61ac64bab86c3b4b5f3b05feeeeef81ebecf16a82d019521a2621361cdThe TAPiON engine is a polymorphic shellcode system that can create unical decryptor, encrypt original data and decrypt it on the fly as code executes.
46e981124f029e6bff5e827c01a14fbe86a35f042e105eb57e2ab580f4216114CjTagBoard 3.0, CjLinkOut 1.0, and CjWeb2Mail 3.0 all suffer from an excessive amount of cross site scripting flaws. Example exploitation provided.
09bffe46fa6ea9c1306389f3c89327e686f6366679c3d0b248e1c39073d8b21fThe Linux umount command as provided in the util-linux package in versions 2.8 to 2.12q, 2.13-pre1 and 2.13-pre2, allows for bypass of the nosuid and nodev when a user uses the -r option.
9536b7be9fa39bf6d7245bade27ac38d2b961b78e3a9de5e7aa119217548696fDebian Security Advisory DSA 808-1 - The tdiary Development Team has discovered a Cross-Site Request Forgery (CSRF) vulnerability in tdiary, a new generation weblog that can be exploited by remote attackers to alter the users information.
93c9d838f5ce059d6e93fe0f4247fca9cb7ba89ea55716f3358a15eb76cc9ad9PHPNuke 7.8 is susceptible to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
f60b1657c0752301ded19d5dbdf7d4aabd1a7345e2e2808f012768746a7ffa35Gentoo Linux Security Advisory GLSA 200509-08 - The re Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Versions less than 2.3.5-r2 are affected.
cc8050eb66c1eca66f2d198ae6eefa65b0f303f7ebd3c0ae896f494fc5a012cfGentoo Linux Security Advisory GLSA 200509-07 - X.Org is missing an integer overflow check during pixmap memory allocation. Versions less than 6.8.2-r3 are affected.
892e492456e0e544ed9fe829ea0dc72e2ac3b084ace7dba2c4825cd81bcd518fDebian Security Advisory DSA 807-1 - A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions.
64c4fd269f6db8701f4f4fe549738e4f401dac7d4390012b1519e374c2461b6cUbuntu Security Notice USN-181-1 - Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird). By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application. It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been confirmed.
3b223821c2ce5a857a5b2f633896042c055216b8d5f8278366f84df4cab5d47fUbuntu Security Notice USN-182-1 - A local privilege escalation vulnerability has been discovered in the pixmap allocation handling of the X server. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap. This resulted in a buffer overflow which could eventually be exploited to execute arbitrary code with full root privileges.
df061683391f3f8fa82ddbd8ec3b3729ebd73d7587534f98ab8e2debcc7fff0dThere is a security flaw in the pam_per_user PAM module that can allow someone to authenticate as any user on the system, provided that they already have the proper credentials for one account. This security hole is fixed in pam_per_user-0.4.
c08068a5c22426bfdff9950f6f4e9a8f6e3d23754c84ed58d604bd3bbc34e155Snort versions 2.4.0 and below remote proof of concept exploit that creates a malformed TCP/IP packet that will trigger a vulnerability in the PrintTcpOptions() function from log.c.
5cb6f490e8d8bdbbc7c4c7316ff20da370bf31d280b268795c2bb556ca899b9aThe contact.php code from Mail-it Now! version 1.5 is susceptible to a remote code execution flaw. Exploit included.
438c94c5c0d10165cdda769f9bdedf00736a08cc1f02479fc8011940fff08786Spymac Web Os 4.0 is susceptible to cross site scripting attacks due to a lack of variable sanitization.
0680e9e980fd465ffff08943d784651f353f1a506461ba31c3acdc16803c3af6Research and development has led to a 90% reliable working exploit for the IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is turned off and JavaScript is enabled.
58cfafa307dfccf01eda97c1848bac293eebcf18ec5734852be83abf76e17e11
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed