S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - A remotely exploitable buffer overflow has been found in the Lotus Domino SMTP Server on all versions up to and including v5.05 which allows a remote attacker to execute code with the privileges that the SMTP server is running as. Perl exploit code included. Fix available here.
e31bff4434d6413796577845681d26eb776527907f1c66eaef50e9daf1f86b9cXScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock.
ba2078017e6d6f38d974728dc241de75ccd242b114dcfc6d1781f53c12f8cf50Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over 531 remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available here.
61c6d45e1c8b933d29c7dbae5715c8763d2fce69c63e640b7d8e23371672a85aRamen worm local detection tool. Still in beta.
2007b10e2daa210941ac3eb39c5d0a26bb0cd5d8a08d8e284cf209ff5a7b36ebDebian Security Advisory DSA-015-1 - Versions of sash prior to 3.4-4 did not clone /etc/shadow properly which lead into readable files for anybody.
4a91fe87514f32378d3d56bc970cc2f666c5b4964833bfb0ee1cb8b95a928053SplitVT v1.6.4 and below local format string exploit which overflows the -rcfile command line flag. Tested on Slackware 7.1, Debian 2.2.
f299f70b6ffdcec9e13edbdd986f8b689e08c195f243c6b64ba16a42b7184eeaDebian Security Advisory DSA-013-1 - A buffer overflow has been discovered in the Mysql server v3.22.32 which allows remote attackers to gain mysqld privileges.
dc755d42d48bf8868b36524579148fe22f5615172608a9f7252f421744e41965Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize out of band authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
ac56034dcc9fde448c326fa9ff3019d557014ea6c0163a7f9572b678f906e650Debian Security Advisory DSA-012-1 - A remotely exploitable buffer overflow has been found in micq v0.4.6.
43116528780cb2ff1a68c96a70f84329c920d104a7163cb089feae26186a63acfwipe overwrites your file a specified number of times (default: 5) and then deletes it. It is extremely secure; it will not be confused by filenames containing special characters, and is suitable for use against law enforcement.
e02b0dbbc54c63f8e142b659e4823a24664ccfd8fea6c5d8bd283ccf4772fa96BFBTester is a utility for doing quick, proactive security checks of binary programs by performing checks of single and multiple argument command line overflows and environment variable overflows. It will also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting initial mistakes that can red flag dangerous software. Tested on FreeBSD and Solaris.
a9e0e36682febbe97483e245092ec15a5879aca8f0d04dd113f8fa2f5e11b7ebKnetfilter is a KDE gui application designed to manage the netfilter functionalities that will come with the new kernel 2.4.x. In Principal, all standard firewall system administration activities can be done just using knetfilter. But there is not just a GUI to iptables command line, it is possible also some monitoring via a tcpdump interface.
4591326a8e3ad2ff9c16ecb0f450e7edc1e1dd6d0e854028ed8f7c22624a5e66IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
27a58e92c828066524cbaeff620fffd7cc17bccd6749cae3fb980730999ba752hypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here.
04047cfe613f5003f883a85b25857edb33b11c44b5d61921d4945554a5fb281bShield is an aggressive, modular firewall script for iptables which features easy configuration through a BSD-style configuration file, optional NAT support, TCP-wrapper-like functionality for service access, port forwarding, routable protection, DMZ support, and more.
d1d66087d42bbe78e58dfc2706c55877360b205e67d34778767cb20095d963adMass CGI scanner. From Guile Cool.
f857e4619461a9b4523063d16ea8ad2465e813b9d0f75e62114c8d59f866e8c3S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".
0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127Red Hat Security Advisory RHSA-2000:136-10 - PHP 3.0.17 can be caused to crash by clients uploading "multipart/form-data" information with form requests. Security holes in versions 4.0.0 through 4.0.4 of the PHP Apache module have been found.
49bd516233cab75acb589e5fe6145f0b36672f93b47ed654481f0bb48d780d9bRed Hat Security Advisory RHSA-2001:004-04 - A remote format string vulnerability in Icecast v1.3.8beta2 allows remote code execution. Icecast 1.3.7 is not vulnerable.
3f93642683d664439de5c1193de406878913711c80313f610e5f8ab639b1eb95Unitools.tgz contains two perl scripts - unicodeloader.pl uploads files to a vulnerable IIS site, and unicodexecute3.pl includes searches for more executable directories and is more robust and stable.
ef1371caea9d6be5421cdfd47295c380d367086653e0281f537a4f4b1db5503eThong.pl is a perl script which exploits several vulnerabilities found in Cisco products. Includes the Cisco Catalyst ssh Protocol Mismatch dos, Cisco 675 Web Administration dos, Cisco Catalyst 3500 XL command execution, and the Cisco IOS Software HTTP Request dos.
594060a5dec2fcf16403a904d4ad89eb7a7015552c986112125f18ead0a5a9e8Crank is a project to provide a GUI toolkit to facilitate (and where possible, automate) the breaking of classical (pen-and-paper) cryptosystems. Initial focus is on the cryptanalysis of monoalphabetic substitution ciphers.
11d8590fd645d22db4952bf7a9556d8c93728eaa26e128a01db40b7fcd679fafVTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet, and other tunnel types. VTun is easily and highly configurable; it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, Ethernet tunnel, IP address saving, etc.
295d299fc81b7f6aad33dfa1814f44e007067b6af27cfd3a8c8e8ca8f3e7c086
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed