Inflex is an email scanner which scans both incoming and outgoing email without altering your /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg., EXE, COM, BMP, MPEG) and file names (eg., stages.exe). It can also be used to scan for text snippets within emails and supports Exim for delivery.
85fa2f9c2b8369230288e9f7cf073805efccc86377c09b313db5e571fed4d4d3ArpWorks v1.0 is a utility for Windows which sends customized Arp Announce packets over the network. All ARP parameters, including the Ethernet Source MAC address can be changed. Also features an IP to MAC resolver, subnet MAC discovery, host isolation, packets redirection, and IP conflict packets.
df3e09312979c44353c8a13e2ceb4b4589fe5eaa06e606564b2b7fe90d1f991eFoundstone Security Advisory - AnalogX Proxy v4.04 contains multiple buffer overflows. Includes several proof of concept denial of service examples.
ecf9025d8fb2c5b91e285bf9f4839c34b7b4005d1ba80cb67d41d7edd59381deLinux Security Week July 24 - In this issue: Deploying Portsentry, How Buffer Overflow attacks work, Maximizing Apache Server Security, Secure Directory Services for E-Business, IPSec update, RedHat PAM updates available, NFS-utils rpc.statd remote vulnerability, Mandrake usermode vulnerability, LISTSERV web archive remote overflow, Stalker CommuniGate Pro read any file vulnerability, and SuSE Nkitb (ftp) vulnerability.
1c45fd9d5af9418bd4bddfa5bf221ac7287916786a10a0e4fb8921ca55a31796Despoof is a utility that tries to determine if a received packet is in fact spoofed by checking the TTL. This command-line utility is intended for near real-time responding (such as being triggered from an IDS). The README explains it all. This utility is based on an idea by Donald McLachlan [don@mainframe.dgrc.crc.ca] (thanks Don!). Despoof runs on most Unix systems (tested on Linux, *BSDs), and requires libnet 1.0 and libpcap 0.4.
c730656dba9ef4d9ad86dcb864c528f945e8c29c056ccfe8f82664ec9d4a1e39VLAD the Scanner - A freeware, open-source scanner that checks for common security problems. VLAD checks for the items referenced in the SANS Top Ten list of common security problems, found at https://www.sans.org/topten.htm. While freeware scanners are not neccessarily unique, VLAD is rather unique because of the amount of vulnerable CGI programs it checks for, and its comprehensive account/password checks (seven different protocols).
49ddff7020a60b1c526937b09cc43271544f09c21165da5716352440d7338b63Netscape 4.73 and below remote proof of concept exploit for linux/x86. Includes a test image which crashes Netscape, a JFIF file compiler which exploits the COM marker processing vulnerability, and an unofficial patch for Mozilla M15 and Win32 Netscape.
0f05859c7ef597bbacc6e8eca02d88950d83123ded5db560eac573fc6dc8107fNetscape browsers v4.73 and below can be tricked into executing arbitrary assembly code by a malicious web site. In the case of Netscape Mail or News, the attack may be performed via a mail message or a news article, as well. A bug in the way Netscape browsers use the Independent JPEG Group's decoder library can cause the JPEG stream to be read onto the heap. Exploiting this vulnerability into executing arbitrary code is non-trivial, but possible on some platforms.
6c13825689c162377d5aef906252e6f595a0015f46abc25bdb05bed5645897b5SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. It is updated regularly and scans for just about all remotely detectable vulnerabilities. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
22dffd2cea4bbd35a1c23deabc9e5c7b7ae85a1c0737e137c52e514c539a1353Allaire Security Bulletin (ASB00-16) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
c09e5fa63dd1b5c76a1b94a54a56022ab41e099dbb5740045e1926ea083d38b7Allaire Security Bulletin (ASB00-17) - Microsoft has released an updated patch that eliminates a security vulnerability in Microsoft(r) SQL Server 7.0. The vulnerability could allow a malicious user to compromise passwords. The updated patch also addresses a related problem with the Enterprise Manager Server registration dialog. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.
45bdfbf288ce1e1b06c8bbe8ccaaebc5b0132ebd6d4186bd64a18981ea7c1281L0pht Security Advisory - Rainbow Technologies' iKey 1000 contains vulnerabilities which allow an attacker to login as administrator and access all private information stored on the device with no detection by the legitimate user. The attack requires physical access to the device and a EEPROM programmer. Includes a proof of concept tool, iSpy, which retrieves and displays configuration data for the inserted iKey and displays ll public and private data.
b09f4d1b30cd7023b8dba22307ee8935b43313f10168392ba0b354ee1febc1d5L0pht Security Advisory - Passwords can be easily decrypted by exploiting NetZero's encryption algorithm. Includes proof of concept code to decode the password stored in jnetz.prop.
18ccbc25607e0b2335bd76b829e896cac1e0716922f3dfbdd160e52c8cc11c82Instructions for Sendmail and Postfix to stop messages with long Date: headers.
0a78732b5488a64a94bdb50e95db3aa08911ecb7b7737f1988d5d3fc12311f30Red Hat Security Advisory - The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in. Version 0.1.9.1 of the nfs-utils package corrects the problem.
653a35dcfe3d06dfd62cbe3afd4bedf3c6d4ac497815a8a2e19ee973990845d4Best Practices for Secure Web Development is intended as a guideline for developing secure web based applications. Includes basic web security practices, cross-site scripting, PKI, code review, and more.
7c1777b2da1020b5231acda0e2c833637f7afda2f1a49469e972503425b1bc6c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
