Section: .. / Last 50 Files /
| /// File Name: | john-1.7.3.1.tar.gz | Description:
| John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well. | | Author: | Solar Designer | | Homepage: | http://www.openwall.com/john/ | | Changes: | Corrected the x86 assembly files for building on Mac OS X. Merged in some generic changes from JtR Pro. | | File Size: | 814903 | | Last Modified: | Jul 18 20:43:09 2008 | | MD5 Checksum: | 6a2e174e71b2a220d5f8a34f1d2ce540 |
|
| /// File Name: | prelude-manager-0.9.14.tar.gz | Description:
| Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. | | Homepage: | http://prelude.sourceforge.net | | Changes: | Some GnuTLS 2.2.0 support added, fixed a crash, and some other improvements. | | File Size: | 753987 | | Last Modified: | Jul 18 20:41:28 2008 | | MD5 Checksum: | ca47665fcf299732509459956297320b |
|
| /// File Name: | Software.Distribution.Malware.Infection.Vector.pdf | Description:
| This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments. | | Author: | Felix Grobert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 | | MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: | DSECRG-08-030.txt | Description:
| Claroline eLearning and eWorking Platform version 1.8.9 suffers from cross site scripting, unsigned redirect, and cross site request forgery vulnerabilities. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 3112 | | Last Modified: | Jul 18 17:20:57 2008 | | MD5 Checksum: | a1d98b6503e897b1b91cf0455730d9b4 |
|
| /// File Name: | smbclientparser-exec.txt | Description:
| The SmbClientParser perl module suffers from a vulnerability that allows for remote command execution. | | Author: | Jesus Olmos Gonzalez | | File Size: | 4479 | | Last Modified: | Jul 18 17:16:50 2008 | | MD5 Checksum: | 435e611466edb69599f8c7790d08fce3 |
|
| /// File Name: | defblog-sql.txt | Description:
| Def Blog version 1.0.3 suffers from multiple SQL injection vulnerabilities. | | Author: | CWH Underground | | Homepage: | http://www.citecclub.org/ | | File Size: | 1490 | | Last Modified: | Jul 18 17:05:27 2008 | | MD5 Checksum: | ba98e87788fb1251c1b9a4c5c9e1c82f |
|
| /// File Name: | MDVSA-2008-148.txt | Description:
| Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 60625 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 18 04:33:13 2008 | | MD5 Checksum: | ab9dcc763cd53eb00f2102db6b1ca667 |
|
| /// File Name: | vim-filecreation.txt | Description:
| Vim version 5.0 through the current version suffer from an arbitrary code execution vulnerability via an insecure temporary file creation flaw. | | Author: | Jan Minar | | File Size: | 3242 | | Last Modified: | Jul 18 04:32:36 2008 | | MD5 Checksum: | e0aafe45a3a0e558f53b941ce10d137f |
|
| /// File Name: | communitycms-rfi.txt | Description:
| Community CMS version 0.1 remote file inclusion exploit. | | Author: | N3TR00T3R | | File Size: | 1086 | | Last Modified: | Jul 18 04:30:27 2008 | | MD5 Checksum: | 5df55fa6abc5ce6204ab218070e100d8 |
|
| /// File Name: | artic-sql.txt | Description:
| Artic Issue Tracker version 2.0.0 suffers from a remote SQL injection vulnerability in index.php. | | Author: | QTRinux | | Homepage: | http://www.root-qtr.com/ | | File Size: | 1648 | | Last Modified: | Jul 18 04:28:12 2008 | | MD5 Checksum: | 0a4064e074188391a95718b0872a3b80 |
|
| /// File Name: | precms-sql.txt | Description:
| preCMS version 1 suffers from a remote SQL injection vulnerability in index.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1481 | | Last Modified: | Jul 18 04:26:23 2008 | | MD5 Checksum: | 894dcd4216ceaff99c1e3e1c96dbc5af |
|
| /// File Name: | ZDI-08-044.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. Properly manipulated this can result in arbitrary code execution under the context of the current user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3515 | | Related CVE(s): | CVE-2008-2785 | | Last Modified: | Jul 17 16:12:30 2008 | | MD5 Checksum: | 58c97cd821304abdbc467ae1ad85e405 |
|
| /// File Name: | ZDI-08-043.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3501 | | Last Modified: | Jul 17 16:11:49 2008 | | MD5 Checksum: | cf0518925fb29057bec90deed667e775 |
|
| /// File Name: | ZDI-08-042.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. After the file has been created, a call to Runtime.getRuntime.exec() can be used to execute the file. | | Author: | Peter Csepely | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3411 | | Last Modified: | Jul 17 16:11:03 2008 | | MD5 Checksum: | 40bc93865482ae2445c34853dcd2207d |
|
| /// File Name: | USN-623-1.txt | Description:
| Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 22719 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 17 15:29:57 2008 | | MD5 Checksum: | 134f5257fe6d05be8b868a8de33caf4f |
|
| /// File Name: | SSRT080097-2.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6233 | | Related CVE(s): | CVE-2008-1665 | | Last Modified: | Jul 17 15:28:56 2008 | | MD5 Checksum: | 16bcd9b00ec4628549a66a8a61cc3f8c |
|
| /// File Name: | beaweblogic-exec.txt | Description:
| Bea Weblogic Apache Connector code execution and denial of service exploit. | | Author: | kcope | | File Size: | 3922 | | Last Modified: | Jul 17 15:25:37 2008 | | MD5 Checksum: | b89a6b3557f431c1bc3869e6de7751ab |
|
| /// File Name: | debopenssh-auth.txt | Description:
| It appears that there may be a privilege escalation vulnerability in OpenSSH under Debian due to how SELinux hands out roles. | | Author: | eliteb0y | | File Size: | 1247 | | Last Modified: | Jul 17 15:22:36 2008 | | MD5 Checksum: | 227a31a0b1018513db637838fb8a6b39 |
|
| /// File Name: | alstrasoftarticle-sql.txt | Description:
| AlstraSoft Article Manager Pro version 1.6 blind SQL injection exploit. | | Author: | GolD_M | | Homepage: | http://www.tryag.cc/ | | File Size: | 1573 | | Last Modified: | Jul 17 15:20:38 2008 | | MD5 Checksum: | d9765f592b561b9ec388eeec697ab728 |
|
| /// File Name: | DSECRG-08-029.txt | Description:
| Dokeos E-Learning System version 1.8.5 suffers from a local file inclusion vulnerability. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2928 | | Last Modified: | Jul 17 15:18:56 2008 | | MD5 Checksum: | 3e23f9ac98e5358667ca3e96dc1d5df6 |
|
| /// File Name: | SSRT080058.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. | | Homepage: | http://www.hp.com/ | | File Size: | 6949 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 17 15:16:48 2008 | | MD5 Checksum: | 81ca5324ef291a1e31b9850373d3dca6 |
|
| /// File Name: | alstrasoftvideo-sql.txt | Description:
| AlstraSoft Video Share Enterprise version 4.5.1 suffers from a remote SQL injection vulnerability. | | Author: | Hussin X | | Homepage: | http://www.tryag.cc/ | | File Size: | 1852 | | Last Modified: | Jul 17 15:14:43 2008 | | MD5 Checksum: | a4b1f490f900ac79a6103d69caabf1c8 |
|
| /// File Name: | ppmate-dospoc.txt | Description:
| PPMate PPMedia Class ActiveX control buffer overflow proof of concept exploit. | | Author: | Guido Landi | | File Size: | 200 | | Last Modified: | Jul 17 15:13:36 2008 | | MD5 Checksum: | 4d9ad3253238356563e1b7be4ea643d7 |
|
| /// File Name: | phphoo3526-sql.txt | Description:
| phpHoo3 versions 5.2.6 and below suffer from a SQL injection vulnerability in phpHoo3.php. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 1803 | | Last Modified: | Jul 17 15:12:31 2008 | | MD5 Checksum: | f12f4a4064162aecbff34b0314ae571a |
|
| /// File Name: | draft-ietf-tsvwg-port-randomization-01.txt | Description:
| This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP. | | Author: | Michael Vittrup Larsen, Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 43889 | | Last Modified: | Jul 16 20:13:04 2008 | | MD5 Checksum: | 3169ae2876e24bcbe919b97c4fecdeb4 |
|
| /// File Name: | openpro-rfi.txt | Description:
| openPro version 1.3.1 suffers from a remote file inclusion vulnerability. | | Author: | Ghost Hacker | | Homepage: | http://www.real-hack.net/ | | File Size: | 1675 | | Last Modified: | Jul 16 20:11:49 2008 | | MD5 Checksum: | 96d1323e7b6dbe45bc3aca9452b00112 |
|
| /// File Name: | dsa-1611-1.txt | Description:
| Debian Security Advisory 1611-1 - Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. | | Homepage: | http://www.debian.org/security | | File Size: | 5021 | | Related CVE(s): | CVE-2008-2232 | | Last Modified: | Jul 16 20:04:36 2008 | | MD5 Checksum: | 667d150cda2558de83b99a4350f259eb |
|
| /// File Name: | DSECRG-08-028.txt | Description:
| Velocity Web Server version 1.0 suffers from a directory traversal / arbitrary file download vulnerability. | | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 2606 | | Last Modified: | Jul 16 20:04:20 2008 | | MD5 Checksum: | f7d76bff58337cf6b2b130888c9f4320 |
|
| /// File Name: | securing_a_webserver.txt | Description:
| Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache and Cpanel installed. | | Author: | QKrun1x | | File Size: | 21682 | | Last Modified: | Jul 16 20:03:24 2008 | | MD5 Checksum: | c48568dcf8bbd3abcdfa1033ce6b1f2c |
|
| /// File Name: | n.runs-SA-2008.003.txt | Description:
| Apple QuickTime versions prior to 7.5 suffer from a heap overflow vulnerability when handling PICT images. | | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 9491 | | Last Modified: | Jul 16 15:49:48 2008 | | MD5 Checksum: | 86cef345102da7283cb680756f7c7847 |
|
| /// File Name: | n.runs-SA-2008.002.txt | Description:
| The F-Prot Anti-Virus engine versions below 4.4.4 suffer form an out-of-bounds memory access denial of service vulnerability. | | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 5248 | | Last Modified: | Jul 16 15:48:37 2008 | | MD5 Checksum: | f9e5ad9d51dc0e30c8a0d4478a729c61 |
|
| /// File Name: | dsa-1544-2.txt | Description:
| Debian Security Advisory 1544-2 - Thomas Biege discovered that the upstream fix for the weak random number randomization did still not use difficult-to-predict random numbers. This is corrected in this security update. | | Homepage: | http://www.debian.org/security | | File Size: | 5057 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Jul 16 15:45:43 2008 | | MD5 Checksum: | 82e55904d542f28198d9499d43db9a50 |
|
| /// File Name: | SSRT080097.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 6092 | | Related CVE(s): | CVE-2008-1665 | | Last Modified: | Jul 16 15:43:55 2008 | | MD5 Checksum: | a11f1f733768ff70d0e990e3269f40d2 |
|
| /// File Name: | netrw-exec.txt | Description:
| Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. | | Author: | Jan Minar | | File Size: | 5137 | | Last Modified: | Jul 16 15:43:19 2008 | | MD5 Checksum: | 0a45093ff0e3eb716b14884b0b054a39 |
|
| /// File Name: | vim72b-exec.txt | Description:
| Vim versions greater than and equal to 7.2.a.013 suffer from an arbitrary code execution vulnerability using the shellescape() function. | | Author: | Jan Minar | | File Size: | 3450 | | Last Modified: | Jul 16 15:42:12 2008 | | MD5 Checksum: | 9315516bf2b023bbb2f7e8cdfb678067 |
|
| /// File Name: | alstrasoftaffiliate-sql.txt | Description:
| AlstraSoft Affiliate Network Pro suffers from a remote SQL injection vulnerability. | | Author: | Hussin X | | Homepage: | http://www.tryag.cc/ | | File Size: | 1534 | | Last Modified: | Jul 16 15:39:19 2008 | | MD5 Checksum: | 3d78c40d281413d6d57d051186f49b8c |
|
| /// File Name: | tplsoccersite-sql.txt | Description:
| tplSoccerSite version 1.0 suffers from multiple remote SQL injection vulnerabilities. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2296 | | Last Modified: | Jul 16 15:38:15 2008 | | MD5 Checksum: | 0f73071b45c84fd3fb1f878a415b03f7 |
|
| /// File Name: | joomladtr-sql.txt | Description:
| The Joomla DT Register component suffers from a remote SQL injection vulnerability. | | Author: | His0k4 | | File Size: | 874 | | Last Modified: | Jul 16 15:37:25 2008 | | MD5 Checksum: | 57a66a09fc658028ae35b0c7e0b1c884 |
|
| /// File Name: | phpizabi-exec.txt | Description:
| PHPizabi version 0.858b C1 HFP1 remote code execution exploit. | | Author: | Inphex | | File Size: | 9906 | | Last Modified: | Jul 16 15:36:49 2008 | | MD5 Checksum: | 01286ddae876c582059a67aaf053a04c |
|
| /// File Name: | MDVSA-2008-147.txt | Description:
| Mandriva Linux Security Advisory - Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4319 | | Related CVE(s): | CVE-2008-2371 | | Last Modified: | Jul 16 14:50:23 2008 | | MD5 Checksum: | b8e63c1a7fd5d361e566c9cacb751161 |
|
| /// File Name: | USN-625-1.txt | Description:
| Ubuntu Security Notice 625-1 - A massive slew of Linux kernel related vulnerabilities have been addressed for the linux-source-2.6.15/20/22 packages. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 192927 | | Related CVE(s): | CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 | | Last Modified: | Jul 16 14:50:16 2008 | | MD5 Checksum: | 5e9e19eec557961a1d40d8762fd5cff3 |
|
| /// File Name: | hockeystats-sql.txt | Description:
| HockeySTATS Online version 2.0 suffers from multiple remote SQL injection vulnerabilities. | | Author: | Mr.SQL | | Homepage: | http://www.pal-hacker.com/ | | File Size: | 2284 | | Last Modified: | Jul 16 00:21:07 2008 | | MD5 Checksum: | e27fc92d3fe7e99f55f9cd1800042ff1 |
|
| /// File Name: | galatolo-cookie.txt | Description:
| Galatolo Web manager version 1.3a suffers from an insecure cookie handling vulnerability. | | Author: | hadihadi | | Homepage: | http://www.virangar.org/ | | File Size: | 1538 | | Last Modified: | Jul 16 00:20:03 2008 | | MD5 Checksum: | 0470008f89dbd8a59795bbec171faa4b |
|
| /// File Name: | documentimaging-overflow.txt | Description:
| Document Imaging SDK version 10.95 ActiveX related buffer overflow proof of concept denial of service exploit. | | Author: | r0ut3r | | File Size: | 1071 | | Last Modified: | Jul 16 00:17:35 2008 | | MD5 Checksum: | be9670fad83699888af79499434ba14b |
|
| /// File Name: | MDVSA-2008-146.txt | Description:
| Mandriva Linux Security Advisory - A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6044 | | Related CVE(s): | CVE-2008-2950 | | Last Modified: | Jul 15 21:09:57 2008 | | MD5 Checksum: | 37e194777605bac78445c2e820e31d67 |
|
| /// File Name: | srm-1.2.9.tar.gz | Description:
| secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. | | Author: | Matthew Gauthier | | Homepage: | http://srm.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 111464 | | Last Modified: | Jul 15 20:26:09 2008 | | MD5 Checksum: | 7c65937cb9a7af75d1ab6d0927c6a2cc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
