Physical device fingerprinting with TCP timestamp options. This is an advisory with content that is somewhat similar to a paper released around March 1st 2005 by a student at UC San Diego. The research was apparently conducted independently, though at the same time.
b4de6de4b311c4ab27f4d3f7102a136863fe0f5cb91de27acef22545932689f1
E-Store Kit-2 PayPal Edition is susceptible to file include and cross site scripting vulnerabilities.
ac872074f1d371f1d96de015fc38c149d3b951e1b6eb8d240882fa2604fa3f38
Various cross-site scripting and (possible) SQL injection vulnerabilities exist in ESMIstudio's PayPal storefront scripts. It may not always be possible to exploit some of these depending on how PHP, Apache, and MySQL have been configured, however.
d03061ea7d5a7ea3eb1416dbdfa817a53389af20ae542ec03be5886d095afffa
phpMyDirectory version 10.1.3-rel is susceptible to a classic cross site scripting bug.
dc609682ea0be436f489714c736c23bb00e7ae0fb17eecc25ac54f603a31c330
Gentoo Linux Security Advisory GLSA 200503-33 - Sebastian Krahmer has reported a potential remote Denial of Service vulnerability in the ISAKMP header parsing code of racoon. Versions less than 0.5-r1 are affected.
344b10d905106d75e0b928fecdc5658b4d02e3088beca6815d0f3a5855b033db
Gentoo Linux Security Advisory GLSA 200503-32 - Mozilla Thunderbird is vulnerable to multiple issues, including the remote execution of arbitrary code through malicious GIF images. Versions less than 1.0.2 are affected.
ea980eb779657bb4c95e501cce5137daaf304417b185d45d2356cdb1aa9907e5
Gentoo Linux Security Advisory GLSA 200503-31 - Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the remote execution of arbitrary code through malicious GIF images or sidebars. Versions less than 1.0.2 are affected.
34722b3781c6ab48eaf0417f7fafcb189d2c2197a5b82e98e2ee8224899dbde2
Gentoo Linux Security Advisory GLSA 200503-30 - The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected.
9d55011510391e93916e5659f46da84667ab40997ad14fd73ea21b14aba0b7b5
Maxthon browser versions 1.2.0 and below suffer from an information disclosure vulnerability via the m2_search_text property.
35d433c9ededc826bb1c5d3edff8514684d0c7d89b2113612b2fc0829ccdcf47
The Netcomm 1300NB DSL modem is susceptible to a remote denial of service attack via being pinged.
488fd208679d8fd36d8e259117fd6e2adfa3eb81683451cc328d318382c2ef3f
Smail versions 3.20.120 and below are susceptible to a remote root heap buffer overflow vulnerability and local signal handling vulnerabilities as well. Patch included.
687ed526cf062478c0cf3875a41bfd3238dd39ac7abefb34d516fac6450a322a
OpenMosixView versions 1.5 and below are susceptible to multiple race conditions that allow for local filesystem compromise. Exploit provided.
b9c1093a21e505261adc128c3e17eed614abec30a08d7efe5bf1b6a323815f5a
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
3facb37e0d7191a0c82b7cedb4235847db2011855f87f8c7ecd16a4dce9b821b
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
c6c0a0b7b86a3da405e57e770936c194aa744b11a029d922ce33e3af08788704
A paper by Immunity describing in technical detail the details of the LLSSRV issue described in MS05-010. This paper also describes how this issue affects Windows 2000 AP SP3 and SP4 without authentication, something which was not described in the MS05-010 bulletin.
9a2d067a18b330af81f10c5e578a7b8b552bacf8da50268824d53fb63f24a752
Secunia Security Advisory - Gangstuck and Psirac have reported some vulnerabilities in openMosixview, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
10fbe82d9178e18754b7a559938752496a8f4e962c81a220c0549b2b4be86dd2
phpBB versions 2.0.13 and below remote user level exploit that makes use of an input validation flaw.
6063d27332d5f3503823051e6854c39f3a25d9019b23bebc49234540903a583f
This is a very simple exploit for a very stupid bug in Nokia/Symbian Series60 bluetooth device-name handling: basically, if your bluetooth device name contains a single newline character, a Nokia Series60 device which sees it will be extremely unhappy and go on strike. The attached "exploit" creates a file with a newline. Which you must then copy to your own device manually. All in only around 60 lines of Perl. However, securityfocus added this "exploit" to their archives, so why shouldn't we add it to ours as well?
546545508f77c1958b9ce1735612498007f1a7aa8fba1ec6093d8ace69c649dc
Secunia Security Advisory - Two vulnerabilities have been reported in Dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) or poison the DNS cache.
d250102c09e7510c3f584263e94c5b24968626c9b0c7c8da90c0c971c2ce8a78
Secunia Security Advisory - benji lemien has reported two vulnerabilities in DigitalHive, which can be exploited by malicious people to conduct cross-site scripting attacks.
b30f5a666a1304282f5c657c4f6fa7933bed69cf4c9674cd6a21054c1d8c9ba0
Secunia Security Advisory - mircia has reported a vulnerability in Koobi, which can be exploited by malicious people to conduct SQL injection attacks.
0aa0e73ac2632675ea07c11b8418cd227eb86aa28e4caaa95d51a238183f155d
Secunia Security Advisory - Alberto Trivero has reported a vulnerability in the Topic calendar module for phpBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
0e142eb6e84bbb92c03c2479536db6c4f043b46994a024c30816c99544b1ef08
This is a simple script automating the equally simple exploitation of a trusted path bug in AIX. The problem lies in the invscout program.
f0c7b9b062abe8e53cf8f740bd579319dbb3ba0354d5f8b596e731d4cf5dce32
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
7314a0c6ebe50d8c71e44fcc520969a60d1d01a3c1a2e0a1d08b2b166eabf8ce
Gentoo Linux Security Advisory GLSA 200503-29 - A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Versions less than 1.4.1 are affected.
96c4242123809d1429ef462689659c010fe012116e599881e6a523f1fbc49c25