strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
4ceadb0aa155d910f1986bd9f636d87644d75b68308d787fad07689d7bc0817fMobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
7e2fdb114fdda4db65235e7225e982619612a6afd7c3a6a4a586fb161b731524OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
7e7cd4f3974199b729e6e3a0af08bd4279fde0370a1120c1a3b351ab090c6101Openswan versions 2.6.20 and below and Strongswan versions 4.2.13 and below suffer from a Dead Peer Detection denial of service vulnerability.
f54e2eb6a321fda0ffc703dd3f3a2af930e2a7924acef3fa72d65f80e868505aThe Check Point Firewall-1 PKI Web Service, running by default on TCP port 18264, is vulnerable to a remote overflow in the handling of very long HTTP headers. This was discovered during a pen-test where the client would not allow further analysis and would not provide the full product/version info. Initial testing indicates the 'Authorization' and 'Referer' headers were vulnerable.
ea492653b5ddebab2e708e8a2df04435b7732133b138456f88f95f23c8ba7185Mandriva Linux Security Advisory 2009-082 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. This update provides the fix for that security issue.
08666e7e6b60d6b837a8680a4e05b500d3abb5e40bc34fc37b8233a475928d59Debian Security Advisory 1757-1 - It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings.
1aa037a98e4dd482e99803730defb061f52e97425d3687e21fc8475bf2045303Family Connection version 1.8.1 suffers from a create administrative user vulnerability and multiple remote SQL injection vulnerabilities.
01a4307f57757f12e3f098abed9abaf0ec8655ca93b42e400fdaa7e4618dfebfJobHut versions 1.2 and below suffer from a remote SQL injection vulnerability.
350407369ebdca498e2c12a2c3d959956fa3ed4ca776eb55a8be91c00d55db10Sami HTTP Server 2.x remote denial of service with HEAD request exploit.
3491b722a328db818b14cf139bde10245e73c3741e29b8e0d33bbbc37717be57Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.
889abea95838642c06f272a52a5487dbaad89f603f848630737ddad4c4d9c103Gentoo Linux Security Advisory GLSA 200903-40 - A Denial of Service vulnerability was discovered in Analog. Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Versions less than 6.0-r2 are affected.
fe2d46b320cc6611e1f75812fadd347ac5c1fbc3aa4aee8eeb456f574e74bea7Linux Wine version 1.0.1 local buffer overflow proof of concept code.
686cf5036fb7321dce4cddb7d8f0953a31f042cef03c513ca0aeaab2afbf7757Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.
18fd0091452628f5c03cd9eae9a9c0258c233d7e9a68d3cbbca2ca70514b9c73iWare CMS version 5.0.4 suffers from multiple remote SQL injection vulnerabilities.
3edf5c7a65ae8f283e49c0fdb70c62593437e9cab56ce585b87448e8d64e716aArcadwy Arcade Script suffers from an authentication bypass vulnerability due to insecure cookie handling.
0e849d9748ecd380e5565c962459543b165a2d4c115f319d09661878179acad9Proof of concept exploit for a stack overflow in the W3C editor/browser in Amaya 11.1.
c8cc993bdbfb58dd0acbd2801ee0c7692ef7f2bcc6f6136385d5c3918f42cc12Firefox version 3.0.x XML parser memory corruption denial of service proof of concept exploit.
0395d7c13f2091d44dc8327dd50f32f6ee8020768eb9f808521bb02a4c5eeff6Nokia Siemens FlexiISN GGSN suffers from multiple authentication bypass vulnerabilities.
3f6d661f3e0e6a2850206b9b7b87744bce1ee96dbfaced21a483b0fee3bcd0ecL-Forum version 2.4.0 local file inclusion and command injection via SQL injection exploit.
5700d2ecc7227e2a744509a398a139df728096cdbfa4c24e4a833f7b99debea8X-Forum version 0.6.2 remote command execution exploit that performs authentication bypass via a cookie handling vulnerability. SQL injection vulnerabilities also exist.
d9183587e4ad9215c1a97cac3e4f9677d61baa356ee16ea1106f8ac7be7a2200Debian Security Advisory 1756-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
25ae987122b9503b07f7231a697f4f52d1aa0dd70a0fbd140f45e0412035da2eglFusion versions 1.1.2 and below COM_applyFilter()/order SQL injection exploit.
0d052959a67255c2e45321b7cf1bd2b09df0473ac3c5ee52fd046ce1cf9e3042Ubuntu Security Notice USN-745-1 - It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program.
0163025e9b14eb8932b5e588c489caff43377a23cfbe2530118a9d37258afaa3Gravy Media CMS version 1.07 suffers from file download and SQL injection vulnerabilities.
c8b7135225a7be7fa4f23da834f53af67ec8a7d2061240a4e090a169d79cca7b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed