«
Expand/Collapse
65 items tagged "log"
Related tags:
system [+],
sagan [+],
real time system [+],
intrusion prevention [+],
detection intrusion [+],
file [+],
regular expression [+],
privilege escalation vulnerability [+],
local privilege escalation [+],
linux [+],
sentinel [+],
novell [+],
tenshi [+],
response capability [+],
mail recipients [+],
logwatch [+],
fwlogwatch [+],
firewall [+],
elsa lancom [+],
directory traversal vulnerability [+],
cms [+],
cisco pix [+],
cisco ios [+],
apache [+],
ajax [+],
value scoreboard [+],
terminal [+],
system management tasks [+],
snortalog [+],
snort logs [+],
snort [+],
shell scripts [+],
security vulnerabilities [+],
ruby [+],
ropeadope [+],
red hat security [+],
red [+],
perl script [+],
memory corruption [+],
mandriva [+],
ipfilter [+],
file renaming [+],
eraser [+],
c format string [+],
apache http server [+],
windows [+],
vulnerabilities [+],
vpn firewall [+],
var [+],
txt [+],
tar gz [+],
tar [+],
simple [+],
shell commands [+],
sending mail [+],
python [+],
program [+],
php script [+],
monitoring program [+],
mail messages [+],
machine [+],
logrotate [+],
log file analyzer [+],
forensic [+],
event [+],
debian [+],
command [+],
code execution [+],
attempts [+],
attempt [+],
agentsmith [+],
zdi [+],
wireless hotspot [+],
webapps [+],
vulnerability [+],
site [+],
shell [+],
rogue [+],
redirection [+],
proof of concept [+],
pidgin [+],
persistent [+],
output [+],
nbsp [+],
message [+],
logs [+],
log message [+],
jsp [+],
injection [+],
induced [+],
image host [+],
image [+],
hundreds [+],
host [+],
honorable mention [+],
hidden slides [+],
function [+],
format string [+],
forgery [+],
file upload [+],
fichier [+],
debutant [+],
day [+],
cve [+],
cross [+],
code [+],
bugtraq [+],
blink [+],
affichage [+],
access log [+],
Pentesting [+],
Espace [+],
64 bit windows [+]
-
-
19:03
»
Packet Storm Security Recent Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
19:03
»
Packet Storm Security Tools
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
19:03
»
Packet Storm Security Misc. Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
-
18:14
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.
-
18:14
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.
-
18:14
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.
-
-
7:23
»
Packet Storm Security Tools
log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.
-
7:23
»
Packet Storm Security Misc. Files
log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.
-
-
21:42
»
Packet Storm Security Recent Files
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
-
21:42
»
Packet Storm Security Tools
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
-
21:42
»
Packet Storm Security Misc. Files
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
-
-
7:25
»
Packet Storm Security Recent Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
7:25
»
Packet Storm Security Tools
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
7:25
»
Packet Storm Security Misc. Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
-
17:33
»
Packet Storm Security Recent Files
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
-
17:33
»
Packet Storm Security Misc. Files
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
-
-
12:11
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.
-
12:11
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.
-
12:11
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.
-
-
12:24
»
Packet Storm Security Recent Files
agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.
-
12:24
»
Packet Storm Security Misc. Files
agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.
-
-
8:10
»
Packet Storm Security Recent Files
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
-
8:10
»
Packet Storm Security Tools
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
-
8:10
»
Packet Storm Security Misc. Files
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
-
-
7:07
»
Packet Storm Security Recent Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
7:07
»
Packet Storm Security Tools
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
7:07
»
Packet Storm Security Misc. Files
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
-
-
18:23
»
Packet Storm Security Exploits
Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.
-
18:23
»
Packet Storm Security Recent Files
Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.
-
18:23
»
Packet Storm Security Misc. Files
Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.
-
-
22:29
»
Packet Storm Security Tools
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
-
-
14:01
»
Packet Storm Security Tools
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
-
14:01
»
Packet Storm Security Recent Files
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
-
-
19:01
»
Packet Storm Security Tools
Simple Log File Analyzer is a tool that looks for different attack attempts in Apache2 access logs. Written in Python.
-
-
4:52
»
remote-exploit & backtrack
Hello tout le monde
Depuis quelques jours je me renseigne sur le LFI et sur g00gle je ne trouve que des tutoriaux qui sont toujours le même, mais ré-écrits de façons différentes (rewritting intempestif).
J'aimerai comprendre clairement ce qu'est l'exploitation du LFI sur apache2+php... Si j'ai bien compris (je doute) :
Le principe serait :
1- d'injecter du code php dans un fichier de log sur le serveur (ex: /usr/local/apache2/logs/access_log)
2- d'accéder à ce fichier de log comme si c'était un fichier PHP :
2.1 - et donc de voir s'exécuter dans le contexte du serveur le code PHP injecté ? Donc de demander l'affichage de /usr/local/apache2/logs/access_log comme si ce fichier était un fichier PHP ? => Ce qui provoquerait l'exécution du code entre les balises <php> injectées dans ce fichier ?
Est-ce que j'ai raison ? (je doute que oui)
Si non pourriez-vous expliquer ?
Thanx!
-
-
11:29
»
darkc0de
Save scrips scanning output to a log file
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution
