pentestmonkey released his unix-privesc-check script.
A simple and yet very helpful shell script that tries to identify
misconfigurations on Unix systems which might lead to privilege escalation.
January 20 2007
ice has released a new version of sqlninja. The current version is 0.2.2 and provides fixes and improvements such as different evasion methods.
Cisco Unified Call Manager SQL Injection
February 21 2008
The Cisco Unified Call Manager (versions prior to 6.1(1a) and 5.1(3a)) is prone to multiple SQL Injections.
This requires the attacker to have access to an account within the application. He might then be able to retrieve other users passwords and other sensitive information.
read more
phrasen|drescher First Release
January 24 2008
The first release of phrasen|drescher, a tool that cracks RSA and DSA key passphrases as they would be used by SSH, can be found in the projects section.
It performs wordlist and rule based attacks against one or multiple keys at a time and is known to run under FreeBSD, NetBSD, OpenBSD, MacOS X and Linux.
read more
GreenSQL Advisory
October 12 2007
GreenSQL is an open source database firewall which acts as proxy server and is used to protect databases from SQL injection attacks. There's a format string vulnerability in the applications logging facility. Exploiting this vulnerabilty might allow attackers to exectue arbitrary code within the context of the GreenSQL proxy server.
read more
Papoo CMS Advisory - Second Try
June 24 2007
The Papoo Content Management System, once again, has security flaws. That's an SQL Injection
(read more) and a quite interesting Access Restriction Bypass (read more) that may allow attackers to retrieve all usernames and password hashes.
Having Fun With PostgreSQL
June 16 2007
PostgreSQL has serious security issues with its configuration. Those could allow an attacker to escalade privileges, execute shell commands or upload (binary) files. These vulnerabilities mainly originate from a
mistakes in the configuration of which some are the default configuration in the PostgreSQL installation. From an administrator point of view risks can easily be mitigated. Please read the paper to find more information
about the vulnerabilities.
read more
Elxis CMS Advisory
June 14 2007
New advisory: The Elxis Content Management System is prone to a SQL injection in the banner module. A patch has been published.
read more
Papoo CMS Advisory
June 12 2007
The Papoo Content Management System is vulnerable to multiple Cross Site Scriptings that may allow an attacker to gain administrator privileges. Please refer to the advisory. A patch has been released by the vendor.
read more
