FlySpray version 0.9.7 remote command execution exploit.
08e4e0364fcebe84eab16cb684c4d150629df368ed8fb9360d9aa06927987008EGS Enterprise Groupware System versions 1.0 rc4 and below remote command execution exploit.
4a055c7a495058d0eaed542b5f4a20e534396b2e877bcfb7634554447035c506gastbuch versions 1.3.2 and below are susceptible to cross site scripting.
10800f5d68d19645c993ed7441ba1f86c4a93f2b7c2442a311397c86bf4e10c7strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
713fbd4bebecf9e4293251aa8b1b2f0bd308f698633b0fc727b7570135434385MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
27d118acf4fd049ca0d1ad9201e56fc97ff70ece0e6626b657fa7b07d298523aThe Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom marked packets, while the sniffer listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall. An IDS (Intrusion Detection System) testing feature is also available and snort rule definition file can parsed instead of the standard configuration syntax, ftest can also use common IDS evasion techniques. Stateful inspection firewall and IDS can be tested with the 'connection spoofing' option. Requires: Net::RawIP, Net::PcapUtils, NetPacket.
7bb10d10913187e33af8be3d17c0d4ad5d0b8aa5af18242332787150eabd2f6fNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
3a374b1939c355e35c51de731f93e70ff503a015e96e1d681a2ee7626a5ba836FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
2cb0ee2fdb27a6d7128ae57edfc35a77a24387b3e3dee08fa4c5a7bae51a16c7Debian Security Advisory DSA 969-1 - Max Vozeller discovered a vulnerability in scponly, a utility to restrict user commands to scp and sftp, that could lead to the execution of arbitray commands as root. The system is only vulnerable if the program scponlyc is installed setuid root and if regular users have shell access to the machine.
14bc10e489815f2fe87b1bc5ec37825828a4a2fd6a19f190b9ca57ae3bc30796By renaming or moving the password file, Folder Guard version 4.11 fails to protect anything.
5f91da235a1515ee44c6905ee832a2285cca0c62c6aea7eecbfb862395f7b6bfeveryone.net suffers from a cross site scripting vulnerability.
faa21458375340fb658623afc01ab5f9d714d590ae8de211b90a17527e637322Clever Copy version 3 is susceptible to cross site scripting attacks.
bb659a8d787b7e02bd56556f78253d2a98ac3acb4f3c0e4e65cde661fbfbf38aphpstatus version 1.0 is susceptible to authentication bypass via SQL injection and an issue with cookie verification.
ac582903f48ff5fb734560491dcfc953a46e989140dabf9069e4768ba27887afphphd version 1.0 is susceptible to authentication bypass, SQL injection, and cross site scripting attacks.
dd4245be5d5106d9c2af9125bdb87d0380607c39a5d75335623e00673c77c321HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
863631b19d4350e2576e87a9dcafc93aebe27108f80f766c1421d834d78bbf41Whitepaper entitled Windows Access Control Demystified. It discusses some security issues inherent in Microsoft Windows that can allow for local privilege escalation.
5c643fff89661eb32c0192e07cb5fb805f0bbe3a74916157fb39d3dfd499c98cPrivilege escalation exploit for Windows networks using weak service restrictions.
34bff3fb3d15bec768c08cd8b636431feca0c25ff6e698753eed31aa91257bbeSmall bindshell (908 bytes for binary) for Windows compacted to 804 bytes with a little Headers modification. Both binary and Source code (VC++) included.
c24879c1a910a3cda9f80e94fd66cb18d753862ab5efbb173718dbd4591c8a19DB_eSession 1.0.2 is susceptible to SQL injection attacks. Details provided.
0c4bfa65000f352328789779fbba47a37f9db793706e672cbe7275c9751558feAdaptive http-sql bruteforce tool version 2 for MySQL injection bruteforcing.
bfe9a74db18539147ae91a85333818250a82efc1d34813964f7d248368bca86bProof of concept tool to be used for blind SQL injection attacks.
ebf4d302ae4b06b46a2148a9f11a7328bd227131540f73c5437a387f1fe5d612A corrupt Microsoft Word (.doc) file opened on a BlackBerry wireless device could potentially provide a means to execute arbitrary code on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.
98c9cf5c1b3e5bd95e3db0cf3604022a3003ae1bfb0b7290b2392522e9c1edaeIt is possible to bypass Fortinet URL blocker by making special HTTP requests. Proof of concept perl script provided.
5dd916680286e804f6dbba8e52af19008d76c533f0844268f71cb39b1c0a9cc9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed