P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
aea524324828790b24a90be3bb7a0d93Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
e4f9643b6c77ffa9ff00ab0f59dd9097Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.
824e081f7e89eb770aac1138d6cd8241vBadvanced CMPS versions 3.2.2 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
e2be31fe18b36ede34febe2700666d74180 bytes small Linux/x86 add new user/password shellcode.
cd7399535526f6e2b9460ccc859d6f7dThis Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.
20042a4b7aa659fb5891b18094d0cbacNX Web Companion suffers from a spoofing vulnerability that may allow for arbitrary code execution.
217d5cb4dac721dbdb33b56bf020535dThis Metasploit module exploits a buffer overflow in Microsoft Office 2003 and command execution with .a malicious doc file .
db39a8eae4763d436952cb3f35e8e9c5RSSLounge suffers from a cross site scripting vulnerability.
3f7098392517c55f0ef07693c57b205cThis Linux/x86 shellcode searches .php files and injects a PHP backdoor into them.
5888da252a52b2b4c0e54a04877f8d94Acolyte CMS versions 1.5 and 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
7a33966913a9b34eb4a26af0124517cbD-Link DIR-601 suffers from a tftp related directory traversal vulnerability.
e834eb0071d2f83454670f7ea6966f65DClassifieds version 0.1 Final suffers from a cross site request forgery vulnerability.
dbf14b7af94fa3d3f651987807cbf217OSclass version 2.3.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
26ca463e838a42eeb09efe4b55942d1eDebian Linux Security Advisory 2393-1 - Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users.
37b1895dc25699ccbbbff86aa524f9f1Call For Papers for MobiPST 2012 - The Second International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST 2012) will be held in Munchen, Germany, July 30th through August 2nd, 2012.
f62eebe0acd97637ff892ef69a8fb38bUbuntu Security Notice 1347-1 - It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In the default installation, attackers would be isolated by the Evince AppArmor profile. Various other issues were also addressed.
639a3e0f48d3dd0b5c53230a9c123c12HP Security Bulletin HPSBUX02729 SSRT100687 3 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
825bb88f85541f34a70025732befba59HP Security Bulletin HPSBUX02719 SSRT100658 4 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 4 of this advisory.
cd4bb870d1f2bff2678abd272491bdf8Verkehrsbetriebe Berlin suffers from a remote SQL injection vulnerability.
f060c7a9ae2f4f8865df704bd0ea5a1fSymantec PCAnywhere version 12.5.x suffers from a local privilege escalation vulnerability.
2957298220a78082390d73e34cdfe835Symantec PCAnywhere version 12.5.x suffers from a code execution vulnerability.
060facd3910ac12a61ed8cab17ba77f1Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
ee1ff7440a3cf56b7c8253eae3998bcdMultiple Facebook applications suffer from a null byte SQL injection vulnerability.
86cce9541b3b4842da538ac60bb5b2a5HP Security Bulletin HPSBUX02734 SSRT100729 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. Revision 1 of this advisory.
67ac7b079800ca611fda987af17a1185
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed