what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files Date: 2005-09-22

Vuurmuur-0.5.68.tar.gz
Posted Sep 22, 2005
Authored by Victor Julien | Site vuurmuur.sourceforge.net

Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.

Changes: Various updates and fixes.
tags | tool, firewall, bash
systems | linux
SHA-256 | 2547978065347491bfd36aeeb4da7017b11b08670603270309246595b4d67ca6
integrit-3.05.tar.gz
Posted Sep 22, 2005
Site integrit.sourceforge.net

Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

Changes: Documented Chris Johns changes and updated Makefile targets for developers.
tags | tool, intrusion detection
systems | unix
SHA-256 | 12aa8e7506120af5d3dfb3a07869450f492f876d99f18d9f623d17120ac2475d
prelude-manager-0.9.0.tar.gz
Posted Sep 22, 2005
Site prelude.sourceforge.net

Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.

Changes: Improved error reporting, Fixed failover on relaying, Fixed warnings.
tags | tool, remote, local, intrusion detection
systems | unix
SHA-256 | 545d62181c6771db173fe746b0b19bbd69b5a939ad19e50b9464e604ea58c52e
walker-3.8.tar.gz
Posted Sep 22, 2005
Authored by Simon Josefsson | Site josefsson.org

DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zone transfers, but the zone must contain DNSSEC NXT or NSEC records. Optionally, it can also verify DNSSEC signatures on the RRsets within the zone.

Changes: Various tweaks and updates.
tags | tool, scanner, protocol
systems | unix
SHA-256 | 25c66ce7354d03287825452af6bc650a5e565a2bcd2347852c08bd2d5fae9fbd
plash-1.12.tar.gz
Posted Sep 22, 2005
Authored by Mark Seaborn | Site cs.jhu.edu

Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.

Changes: Various tweaks and improvements.
tags | tool, shell, kernel
systems | linux, unix
SHA-256 | c1730657c910aacbef86fa23d3c0b9099cc0c4bc1b90989949ce4450b84d20b4
Fwknop Port Knocking Utility
Posted Sep 22, 2005
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Various additions and bug fixes.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 1a3db5f2e2e6ce86ed40c3650a3ac8263074d2683f7116fb900836068593d41c
netspoc-3.0.tar.gz
Posted Sep 22, 2005
Site netspoc.berlios.de

Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.

Changes: Many new features. IPSec encryption is supported now.
systems | unix
SHA-256 | 0d67531e902496a5cb011e9f0ca57847f06d4f64bf59c08c6325cfc000786ce2
Clam AntiVirus Toolkit 0.87
Posted Sep 22, 2005
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Bug fix release that includes a security fix for a buffer overflow.
tags | virus
systems | unix
SHA-256 | 44243b013df855799ad2810e2a1d88baa18ca8486a86f6b87edc7f1b2729a417
yersinia-0.5.6.tar.gz
Posted Sep 22, 2005
Authored by David Barroso, Alfredo Andres Omella | Site yersinia.sf.net

Yersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping a pen-tester with different tasks.

Changes: Added initial Darwin OS support, Added IPv4 filtering for the network daemon in the configuration file, Fixed lots of bugs.
tags | tool, protocol
systems | cisco, unix
SHA-256 | b62424a84bd94b55f8bae9867c037a68e293c27a4e6c852eee6294a673d550be
Ubuntu Security Notice 184-1
Posted Sep 22, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-184-1 - David Watson discovered that umount -r removed some restrictive mount options like the nosuid flag. If /etc/fstab contains user-mountable removable devices which specify the nosuid flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling umount -r on a removable device.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2005-2876
SHA-256 | be93a78c66efc846eede8be1dc0eb294490e16bd4d9e11002699104671b0e5b1
Gentoo Linux Security Advisory 200509-13
Posted Sep 22, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-13 - Clam AntiVirus is vulnerable to a buffer overflow in libclamav/upx.c when processing malformed UPX-packed executables. It can also be sent into an infinite loop in libclamav/fsg.c when processing specially-crafted FSG-packed executables. Versions less than 0.87 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-2919, CVE-2005-2920
SHA-256 | 5e2c7337c6e41d35f4d83f4502979fa959f429a1ba6b11d3dcbf90cda71c0d39
Gentoo Linux Security Advisory 200509-12
Posted Sep 22, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-12 - mod_ssl contains a security issue when SSLVerifyClient optional is configured in the global virtual host configuration (CVE-2005-2700). Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CVE-2005-2491). Versions less than 2.8.24 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-2491, CVE-2005-2700
SHA-256 | a3b8bf8a9ed588fcf293e0f39c75f16aebcec3ebad2d43c5b100569496f78336
Gentoo Linux Security Advisory 200509-11
Posted Sep 22, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-11 - The Mozilla Suite and Firefox are both vulnerable to a buffer overflow while processing hostnames containing multiple hyphens. Note that browsers that have disabled IDN support are immune to this flaw. Versions less than or equal to 1.0.6-r6 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-2871
SHA-256 | e2ddda670fca270b023918ae6376910370295f5b74fca04c5f46add1e5036841
HYA-2005-008-alstrasoft-epay-pro.txt
Posted Sep 22, 2005
Authored by GeMe-GeMeS | Site h4cky0u.org

Alstrasoft Epay Pro versions 2.0 and below suffer from a directory traversal vulnerability. Exploitation details provided.

tags | exploit
SHA-256 | c750901229e42af7fda79c40bb063a109c9fb0152e9e851df5b6334e636f9510
20050917-vbulletin-3.0.8.txt
Posted Sep 22, 2005
Authored by Thomas Waldegger, deluxe

vBulletin versions 3.0.9 and below suffer from multiple SQL injection, cross site scripting, and arbitrary file upload vulnerabilities. Detailed exploitation provided.

tags | exploit, arbitrary, vulnerability, xss, sql injection, file upload
SHA-256 | c3bcb2d3c9990bc14acdbf2184f8f5317dab7ab4b3ed24c892e060b960fbbca2
cutenxpl.php.txt
Posted Sep 22, 2005
Authored by rgod | Site retrogod.altervista.org

CuteNews version 1.4.0 remote code execution exploit. Earlier versions may also be susceptible. Flaw makes use of a lack of user input sanitization.

tags | exploit, remote, code execution
SHA-256 | e9aae7c302b815f34a35f760a4578958fff6901febce6ebfa4e1b8bc73c3257f
cirt-37-advisory.pdf
Posted Sep 22, 2005
Authored by Dennis Rand | Site cirt.dk

TAC Vista version 3.0 is susceptible to a directory traversal vulnerability. Exploitation details provided.

tags | exploit
SHA-256 | 37ff2096e720eb5aa6bfe97bfabd2f99ed6f563e8ec52370138ea2234ca0b250
phpSession.txt
Posted Sep 22, 2005
Authored by unknow, adam_i | Site uw-team.org

PHP Session versions 3.x and 4.x are susceptible to a user login bypass vulnerability due to sharing session id information in the same location for multiple instances.

tags | exploit, php, bypass
SHA-256 | 2a9e0f07429c4df5c6fcbef536321945931afbe922a19dbbf82e09b5391c2f74
reverseChar.txt
Posted Sep 22, 2005
Authored by Dr-Hack | Site drhack.sytes.net

It appears that the use of a Reverse Character via unicode will allow for some negative side affects in portals like Orkut, Invision Power Board, etc.

tags | advisory
SHA-256 | fbdee435da38ceed5fc93cfff9ca855395c53c32ca7ffaca777d17b83e35aa45
avocents.txt
Posted Sep 22, 2005
Authored by Dr. Dirk Wetter | Site drwetter.org

Avocents CCM console server has a flaw which enables users to bypass access control by using ssh with standard password based authentication. Tested on S/W Version 2.1, CCM4850.

tags | advisory
SHA-256 | d015b3ec967178a10f8a428777c7574d16032315ea1b85d776379013351c5708
Gentoo Linux Security Advisory 200509-10
Posted Sep 22, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-10 - The imap4d server contains a format string bug in the handling of IMAP SEARCH requests. Versions less than 0.6-r2 are affected.

tags | advisory, imap
systems | linux, gentoo
SHA-256 | a8c421a3e9c515c32db8d5286521230dba7afdc0aca36e92215ac0e4fc22ddc3
Gentoo Linux Security Advisory 200509-9
Posted Sep 22, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-09 - Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code sent by peers. Versions less than or equal to 0.1.7 are affected.

tags | advisory, python
systems | linux, gentoo
advisories | CVE-2005-2875
SHA-256 | 51512c8498bc3a3821fa4a44523f9326ef1cd0070c89130667a4ccd2f5fd00ab
dscribe14.txt
Posted Sep 22, 2005
Authored by rgod | Site retrogod.altervista.org

Digital Scribe version 1.4 is susceptible to login bypass, SQL injection, and remote code execution attacks. Exploitation details provided.

tags | exploit, remote, code execution, sql injection
SHA-256 | 6eb41799cc1101ced30129ff7c11dd6f995b290fc4edb183e16ef20ef0889388
PTL_advisory_050825.txt
Posted Sep 22, 2005
Authored by George Hedfors | Site pinion.se

HP LaserJet printers have an extensive administrative user interface that is provided over SNMP. Pinion has discovered that HP LaserJet printers store information regarding recently printed documents. Information such as document name, title, number of pages, document size, user who has printed the document and the machine name where the print job was initiated can all be extracted via SNMP. Exploit provided. HP LaserJet 2430 is verified vulnerable.

tags | exploit
SHA-256 | 05d0039b4bbc9f489d2f36b9ee57d0cc22a0fc181e945e9ae6fc339bb43387e0
05081203_vxtftpsr.txt
Posted Sep 22, 2005
Authored by Seth Fogie | Site airscanner.com

Airscanner Mobile Security Advisory #05081203: vxTftpSrv version 1.7.0 suffers from a buffer overflow vulnerability when supplied with an oversized filename.

tags | advisory, overflow
SHA-256 | 01bad2cb9555f1c18e041e919c1f2a2527288cda767a957b776b912e7ec20e4e
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close