| |
| |
|
|
|
| |
|
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
| 09/02/2010 02:57 PM |
| Mozilla Firefox nsTreeSelection Dangling Pointer Code Execution Vulnerability |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
|
| |
| 09/02/2010 02:57 PM |
| TANDBERG Video Communication Server Arbitrary File Retrieval Vulnerability |
A directory traversal and file retrieval vulnerability was discovered in TANDBERG's Video Communication Server.
|
| |
| 08/31/2010 08:03 PM |
| Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution Vulnerability |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox.
|
| |
| 08/31/2010 08:03 PM |
| VMWare VMnc Codec HexTile Encoding Buffer Overflow Vulnerability |
A vulnerability was discovered in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system.
|
| |
| 08/13/2010 07:55 PM |
| VMware Products Movie Decoder Heap Overflow Vulnerability |
A Heap Overflow vulnerability was discovered in VMware products.
|
| |
| 04/12/2009 10:01 AM |
| Netifera - Modular Open Source Platform for Security Tools |
|
| |
| 03/09/2009 04:59 AM |
| WarVOX - Tools for Exploring, Classifying, and Auditing Telephone Systems |
|
| |
| 02/23/2009 12:28 PM |
| Webshag - Web Server Audit Tool |
|
| |
| 01/20/2009 09:01 AM |
| Browser Fuzzer |
|
| |
| 12/31/2008 07:04 AM |
| FSpy - Linux Filesystem Activity Monitoring |
|
| |
| 08/10/2010 07:31 PM |
| Krb5 kadmind Denial Of Service vulnerability |
The Kerberos administration daemon (kadmind) can crash by referencing freed memory.
|
| |
| 07/29/2010 11:17 PM |
| HP Insight Control for Linux Multiple Vulnerabilities |
Execution of Arbitrary Code, Denial of Service and Unauthorized Access vulnerabilities were identified on HP Insight Control for Linux.
|
| |
| 07/13/2010 09:35 PM |
| Skype Client for Mac Chat Unicode Denial of Service vulnerability |
A Denial of Service vulnerability was discovered in Skype for Mac.
|
| |
| 07/04/2010 09:18 PM |
| Multiple Sourcefire Products Static Web SSL Keys Vulnerability |
This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products.
|
| |
| 07/02/2010 03:27 AM |
| Samba 3.3.12 Memory Corruption Vulnerability |
Remote exploitation of a buffer overflow vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with root privileges.
|
| |
| 08/12/2010 08:56 PM |
| Ipswitch Imail Server Queuemgr Format String Code Execution Vulnerability |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail.
|
| |
| 08/12/2010 08:55 PM |
| Ipswitch Imail Server List Mailer Reply-To Address Code Execution Vulnerability |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer.
|
| |
| 08/10/2010 07:26 PM |
| HP OpenView Network Node Manager Execution of Arbitrary Code Vulnerability |
A vulnerability was identified on HP OpenView Network Node Manager which could lead to the execution of arbitrary code.
|
| |
| 08/10/2010 07:21 PM |
| HP OpenView NNM webappmon.exe execvp_nc Code Execution Vulnerability |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager.
|
| |
| 08/04/2010 05:02 PM |
| HP Virtual Connect Enterprise Manager for Windows XSS vulnerability |
A Cross site scripting vulnerability was identified on HP Virtual Connect Enterprise Manager.
|
| |
| 01/02/2010 01:40 PM |
| Trango Broadband Wireless Rogue SU Authentication Bug |
Currently there is a flaw in the authentication mechanism of these radios which, if an attacker knows some details, can allow interception of ethernet packets broadcast from the Access Point to the Subscriber Unit and potentially allows injection into the communication from the Subscriber Unit to the Access Point.
|
| |
| 01/01/2010 06:52 PM |
| Exposing HMS HICP Protocol and Intellicom NetBiterConfig.exe Remote Buffer Overflow |
SCADA weaknesses created by HICP Protocol and NetBiter WebSCADA.
|
| |
| 12/17/2009 06:16 PM |
| Family Connections Multiple Remote Vulnerabilities |
Many fields are not properly sanitised and some checks can be bypassed.
|
| |
| 12/17/2009 06:07 PM |
| VideoCache vccleaner Root Vulnerability |
VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites. Version 1.9.2 allows a user with the privileges of the Squid proxy server to append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility.
|
| |
| 12/17/2009 05:57 PM |
| QuickHeal Antivirus 2010 Local Privilege Escalation |
All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.
|
| |
| 05/10/2009 02:35 PM |
| Why Silent Updates Boost Security |
Thomas Duebendorfer Google Switzerland GmbH and Stefan Frei Communication Systems Group, ETH Zurich, Switzerland looked into the performance of Web browser update mechanisms. The analysis of anonymized Google Web server logs allowed us to compare and rank the update strategies deployed by Google Chrome, Mozilla Firefox, Apple Safari, and Opera.
|
| |
| 05/10/2009 02:29 PM |
| PDF Silent HTTP Form Repurposing Attacks |
This paper sheds light on a modified approach to triggering web attacks through JavaScript protocol handler in the context of opening a PDF in a browser.
|
| |
| 12/03/2008 11:24 AM |
| Frame Pointer Overwrite Demonstration (Linux) |
This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instead technical exploitation examples. That being said, enjoy. Knowledge is power.
|
| |
| 12/02/2008 11:22 AM |
| Format String Exploitation Demonstration (Linux) |
This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instead technical exploitation examples. That being said, enjoy. Knowledge is power.
|
| |
| 11/12/2008 12:54 PM |
| Hacking SOHO Routers |
The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they fall short. We will use existing network tools to examine common vulnerabilities in a range of popular devices and demonstrate weaknesses in the security of those devices; additionally, we will examine common trends in security measures that have been duplicated across vendors, and examine how those trends help and hinder the security of their devices. In particular, we will examine the following home routers, which are some of the latest offerings from their respective vendors at the time of this writing: * Linksys WRT160N
|
| |
|
|
 |
|
Nsauditor
Network Security Auditor Nsauditor
Network Security Auditor is a network
security scanner that allows
to
audit and monitor network computers for
possible vulnerabilities,
checks your network for all potential methods that a
hacker might use to attack it. Nsauditor is a complete
networking utilities package that includes a wide range
of tools for network auditing, scanning, monitoring
and more. You can discover network services and check
them for vulnerabilities, list all TCP and UDP endpoints
with their associated process, discover NetBios names,
audit MS SQL servers, scan for common Adware traces
and more. The program also includes real-time network
packet filtering and analyzing, web proxy scanning,
password auditing, IP address lookup
and more than 45 network
tools for scanning, sniffing, enumerating and gaining
access to machines, DNS and
WHOIS lookups, e-mail validation, HTTP traffic generator
and intrusion detection based on security events log.
Reports can be generated in HTML and XML format. Overall,
this is a very complete package for a surprisingly low
price.
Download
Here |
| |
|
 |
SpotAuditor
- Internet Explorer, Outlook and MSN messenger password
recovery
SpotAuditorreveals
passwords saved in Internet Explorer, recovers ICQ,
Trillian, Miranda IM, VNC, Far ftp client, SecureFX
ftp client, FileZilla, WebDrive Ftp, FTP Voyager, AutoFTP,
32bit FTP, FTP Navigator, Dial-up, RAS, VPN, Outlook,
MSN messenger, Windows Live Messenger 8 and Windows
Messenger passwords, IE Auto Complete Fields and recovers
passwords stored behind the asterisks in password text-boxes.
It is a program for viewing and cleaning the secret
data stored by Internet Explorer. SpotAuditor allows
deletion of unwanted entries from the system protected
storage and explores Outlook Accounts, Visited URLs,
Installed Programs and Start Run Programs on a local
machine or remote computers. SpotAuditor allows to clear
Internet Explorer history, delete cookies and temporary
internet files. You can recover and restore any lost
or forgotten password ever entered in Internet Explorer.SpotAuditor
instantly cracks and decrypts passwords stored on your
computer!
Download Here |
| |
|
 |
|
 |
NetShareWatcher
- Monitors Network Shares and Identify Shares which
are
Violating Data Access Policy
It allows network administrators
to monitor
network shares and identify
shares which are violating data
access policy in their organization.
NetShareWatcher is very handy. You
can configure it once and forget about network sharing
problems. You need just select restricted groups or
users and every time when NetShareWatcher
will find network share with access list containing
that restricted groups and will perform an configured
action. It allows you to easily monitor
network shared folders and
permissions. NetShareWatcher alerts anytime an user
sets a share ACL to "Everyone" or some other
global group that violates your data access policy as
well as disable this shared folders automatically if
you have selected appropriate feature in the settings.
NetShareWatcher has user friendly interface and is easy
to use. Being configured once, it will regularly notify
you on network sharing detection with restricted permissions
assigned.
Download
Here |
| |
|
 |
BlueAuditor - detecting and monitoring Bluetooth devices in a wireless network
BlueAuditor
is a wireless
personal area network auditor
and easy-to-use program for detecting
and monitoring Bluetooth devices in
a wireless network. It can discover and track any Bluetooth
device within a distance between 1 and 100 meters and
display key information about each device being detected
as well as the services device provided. With the growing
popularity of the Bluetooth
technology,BlueAuditor
will enable network administrators to effectively
audit their wireless networks against security vulnerabilities
associated with the use of Bluetooth devices. BlueAuditor
enables the user to save the data of the detected Bluetooth
devices in an .xml file and supports the most Microsoft
Bluetooth drivers available on the market. All the mentioned
features are provided with a user friendly graphical
interface
Download
Here |
| |
|
 |
RemShutdown - allows Shutdown or Restart Network Computers Remotely
RemShutdown
allows shutdown
or restart network computers remotely. You
can specify a delay during which a message you specify
can be displayed and applications running on the remote
computer at the time of shutdown can be allowed to close.
In addition, RemShutdown offers the user the option
to cancel the shutdown. The tool is designed with a
user-friendly interface and is easy to use.
Download Here |
| |
Product Key
Explorer |
 |
Product
Key Explorer displays product key for Windows, MS Office,
SQL Server and more than 500 popular software products
installed on your local or remote network computers.
In order to install or reinstall Microsoft Office, Windows,
or other commercial software, you must have access to
a product serial key (CD Key) for that product. Product
Key Explorer retrieves serial keys from network computers
and allows to protect your company from having pirated
software on your network. With this software you will
be able to track the number of software licenses installed
in your business, find and recover a lost or forgotten
product keys, save and keep an up-to-date backup of
all your software license keys in a central location.
Excellent tool for network administrators, or businesses
undergoing a software license compliancy. You can save
product keys as Tab Delimited Txt File (.txt), Excel
Workbook (.xls), CSV Comma Delimited (.csv), Access
Database (.mdb), Web Page (.html) or XML Data (.xml)
file, Print or Copy to Clipboard.
Download Here |
| |
|
 |
NetworkSleuth - Network
File Search Utility
NetworkSleuth
is a fast file search tool, that allows search for files
located on local or network computers and supports searches
for documents, image, MP3, music and video files, allows
to search for files in Local Area Network(LAN) based
on various criteria.
Download Here |
|
| |
|
|
| |
|
|
