ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
5b042c182c7f4d1abb4ba5c65f008a56a8d223b186c847385863772e6c37ed45PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
cf35a2dbcc6076011b5ad1bf115619a109832b123bfa84ba7d96cdbb3dba42cfGentoo Linux Security Advisory GLSA 200905-03 - Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Versions less than 0.7.2 are affected.
79db0186e0cc0dc495c6259888fc48f6fb06ba32880bced4aca533b1b5782725Gentoo Linux Security Advisory GLSA 200905-02 - Multiple vulnerabilities in Cscope might allow for the remote execution of arbitrary code. James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths. Multiple stack-based buffer overflows were reported in the putstring function when processing an overly long function name or symbol in a source code file. Versions less than 15.7a are affected.
39a53c2338b13f7e41e4b96a38233fde0baf0ae4df73e52902baff339b347135Saman Portal suffers from a remote SQL injection vulnerability.
5428235e71438689ffb30f246b45287125ad770b9f104b72d052cef0de7661f8BASE, the Basic Analysis and Security Engine, suffers from persistent and reflective cross site scripting vulnerabilities.
d9a751bcb3f529c6b08274bfcd1ab03641b45d437840201bb3bc5afd38b94d4cMandriva Linux Security Advisory 2009-122 - The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. The updated packages have been upgraded to the latest version of squirrelmail to prevent this.
4d625c059ac76fa426b4364168404a4461455a591f139796b5f4e3a268329ad9phpWebFileManager version 1.11 suffers from bypass, cookie grabbing, and shell upload vulnerabilities.
dd155f183b061423052bbf10126792ce0e74ff908a82b2210b2ff665630e0e0fMole Group Restaurant Directory Script version 3.0 remote administrative password changing exploit.
dccfde3a29695d9c93d93aeffc0595b74c71e2e3b8b92ee71903ae0cc1ff217aMole Group Sky Hunter / Bus Ticket Scripts administrative password changing exploit.
83b97ddc7a2ac2965b842f762fed2eda5120fb46ecb4ee6913b02cc56a6ca755Cute Editor suffers from a remote file disclosure vulnerability.
c0416e49862865db63c5af8fb10d9db7ca1a5292531384a0c8efbe01ce52e5e8ZaoCMS suffers from an arbitrary remote file upload vulnerability.
0a551ed3cf102bc00baf7514eb12c6829db4e8883ba13e9b9d5f88861d204ad5ZaoCMS remote password changing exploit that leverages user_updated.php.
a8a740733bcbe95cbcd6dd12891809e0d050c7d6c1bb3b87b4de55a63013ea0dZaoCMS suffers from a remote SQL injection vulnerability.
01e6368d79444139c6ef921da90c64d22062010ab22daca4eb23deee5c7b7da6Debian Security Advisory 1806-1 - Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
590b7b56f51b92b716841c881d2dc6ed98216cc086adc0ad81629be53ea6274bDebian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.
cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29IPFilter (ippool) version 4.1.31 suffers from a buffer overflow vulnerability in lib/load_http.c.
ea595d1447ea1af8e204d150f3cb9576525eeb7252cd579fb459959bd5be6114The Panda parsing engine can be bypassed by a specially crafted RAR archive.
9ac3c241ee06ef07fe371b852889a42be9b6c33339e671ea7b19b30e46b88d46The Panda parsing engine can be bypassed by a specially crafted CAB archive.
fa9e2c473bbcd3968fb0d5ba3f2f9b5dadd39e366e25f2815a3d29269c8faac8LxBlog suffers from cross site scripting and remote SQL injection vulnerabilities.
9a14f7b147ef1b9cb6dee14dc66034e842d99d15f24258b7456ce71fbdbb387fDebian Security Advisory 1802-2 - Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function.
427516df8ef9ab4b92105500b37d7a760f482163d4eb284532448ec29c628c7fTutorial Share versions 3.5.0 and below suffer from an insecure cookie handling vulnerability.
e7b3b262c4c060c68005e85e157508577d8bca6e1c83ea1acde914acf3e7ed4eWinAMP version 5.551 MAKI parsing integer overflow proof of concept exploit.
79a438459b02a79c54299b4afbcae5ffc93dd837c9066d555f9ce0a55365c530WinAMP versions 5.55 and below MAKI script universal integer overflow exploit.
90dc1c2c725ade3aabfe5ef8896bd4fcdc09660c242b7d05d47c760da0053e49WinAMP versions 5.55 and below MAKI script universal SEH overwrite exploit.
f94826f92efd36d62df6e4978119b9b375ea487e89205060f3e7030dcc2b3351
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed