Overview
ICS-CERT has received reports and investigated infections of the MariposaDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. botnet, which have affected the business networks of multiple control system owners in recent months.
ICS-CERT has no information to indicate that these infections have specifically targeted United States Critical Infrastructure and Key Resources (CIKR), or any specific sector or organization.
Background
In May 2009, Defence Intelligence announced the discovery of a botnet, called “Mariposa.” An investigation followed this discovery and targeted bringing down the criminal network behind what has become one of the largest botnets on record.
After months of investigation by the Guardia Civil in Spain, the FBI, security firm Panda Security, and Defence Intelligence, authorities took down a 12.7 million strong zombie network in December. In February 2010, Spanish authorities arrested three suspects in Spain.John Leyden, http://www.theregister.co.uk/2010/03/04/mariposapolicehuntmorebotherders/, website last accessed March 15, 2010.
Although the primary command and control (C2) infrastructure for the Mariposa botnet is considered to have been rendered inoperative by the Mariposa Working Group,PandaLabs, http://pandalabs.pandasecurity.com/mariposa-botnet/, website last accessed March 15, 2010. malware files that were used by the botnet are still thought to be on computers in production environments and should be identified and removed. Additionally, it is not uncommon for new groups to assume control of old or abandoned botnets by compromising existing command and control or by establishing new command and control infrastructure using slightly modified malware.
Details
In February 2010, a US utility company (USUTIL1) was notified by another US Utility partner company (USUTIL2) that a USUTIL1 employee had visited USUTIL2 with a Mariposa-infected laptop. There had been no indication from USUTIL1’s computer network defense mechanisms (Anti-Virus, Intrusion Detection Systems, Firewalls etc.) that an infection had occurred and USUTIL2’s notification was USUTIL1’s first indication that there was an issue.
USUTIL1’s investigation found that the initial infection vector may have been a USB drive shared at an industry conference. An instructor shared a USB drive among participants at a training event attended by USUTIL1’s employee. It is believed that when the employee returned and connected his laptop to the corporate network, the malware spread to multiple business systems.
To date, none of USUTIL1’s control systems are known to be affected by the botnet malware.
USUTIL1’s internal investigation found the malware file “Schl.exe” in deleted files on one system. USUTIL1’s continued searching and found other systems with this deleted file. These systems were also attempting to make UDP connections with systems outside of their firewall.
ICS-CERT was contacted and at the request of the organization, deployed a fly-away team to assist with identification and analysis of the malware.
Analysis
A dynamic analysis was made on the file schl.exe. The method used for code injection is similar to the method described by Defence IntelligenceDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. however, callbacks appeared to be unique. It should be noted that the following information is solely from ICS-CERT’s investigation into the malware variant found at USUTIL1. This information, along with other open source information should be leveraged in any comprehensive detection and mitigation activities.
The following information can be used to develop detection signatures:
File: SCHL.EXE
Size: 140800
MD5: 645C4DD7508B3DC83807FCF9918FE1C7
SHA1: d452e2df58fad206b2213683356033822ff335c9
Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Antivirus Identification
Microsoft: Trojan:Win32/Meredrop
Mcafee: Backdoor-EEC.gen
Symantec: Trojan Horse
DNS Lookups
hnox[dot]org
socksa[dot]com
ronpc[dot]net
Callbacks
Domain
IP
Protocol/Port




hnox[dot]org
92.241.165.162
UDP 21039


socksa[dot]com
92.241.164.82
UDP 21039


ronpc[dot]net
92.241.164.82
UDP 21039



Note: All network traffic in/out is UDP
The initial outbound packet is 49 bytes (7 bytes encrypted payload) to hnox[dot]org or socksa[dot]com, using UDP port 21039, for the purpose of establishing the C2 channel. The C2 server responds from 21039 to the same local port, with a UDP packet of varying length and encrypted payload. C2 command syntax appears to be consistent with the Mariposa botnet.
Malware Files
schl.exe – dropper
jack.exe – dropped file
config.inf – dropped file
desktop.ini – dropped file (0-byte file located at source of originally executed file)
Botnets, including Mariposa, are highly dynamic. C2 operators frequently update their code to evade detection or implement new features. Other files may also be associated with Mariposa, so the list above is not a complete list of files used by Mariposa. For example, Defence IntelligenceeDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. has also identified blackjackson.exe, which provided Mariposa with distributed denial-of-service (DDoS) capability by using the BlackEnergy DDoS bot.
Windows Registry Modifications
Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
Value: "Taskman" = "<file_path>\schl.exe"
Note: Where "file path" = location of schl.exe when executed
Domain Names Observed as C2 Servers
The following domain names have been observed as command and control servers:
bf2back.sinip.es
bfisback.no-ip.org
bfisback.sinip.es
binaryfeed.in
booster.estr.es
butterfly.BigMoney.biz
butterfly.sinip.es
defintelsucks.com
defintelsucks.net
defintelsucks.sinip.es
extraperlo.biz
gusanodeseda.mobi
gusanodeseda.net
gusanodeseda.sinip.es
lalundelau.sinip.es
legion.sinip.es
legionarios.servecounterstrike.com
mierda.notengodominio.com
qwertasdfg.sinip.es
sexme.in
shv4.no-ip.biz
shv4b.getmyip.com
tamiflux.net
tamiflux.org
thejacksonfive.biz
thejacksonfive.mobi
thejacksonfive.us
thesexydude.com
youare.sexidude.com
yougotissuez.com
ICS-CERT Identified Malware Files
ICS-CERT identified the following three malware files during analysis:
schl.exe
jack.exe
config.inf
Outbound Command & Control Attempts
ICS-CERT observed attempted UDP C2 connections with the following IP addresses:
24.173.86.145
67.210.170.32
92.241.165.162
62.128.52.191
74.208.162.142
200.74.244.84
66.197.176.41
76.73.56.12
204.16.173.30
67.210.170.131
87.106.179.75
Mariposa M alware UDP Ports
Mariposa malware has been observed using the following UDP ports:
3431
3435
5907
3433
3437
21039
3434
5906
Affected Operating Systems
Although botnet malware can affect any operating system, most current botnets including Mariposa target Windows systems.Zeng, Hu, & Shin, “Detection of Botnets Using Combined Host- and Network-Level Information,” 16th ACM Conference on Computer and Communications Security, November 2009:2.
Impact
Although the primary Mariposa C2 is believed to be inactive, the malware is still spreading. The possibility exists that another actor will attempt to “commandeer” the existing C2 or create a new C2 infrastructure. Without C2 direction, the malware won’t perform malicious actions; however, the malware still presents a risk and any remaining Mariposa malware should be identified, removed, and systems should be properly re-imaged or restored if re-imaging is not feasible.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.
Recommendations
Because IP addresses, UDP ports, and domains used by the C2 structure of Mariposa changed continually, it created a difficult challenge for security administrators to mitigate the capabilities of this botnet. The best mitigation strategy is to track down compromised systems using all information available about the malware. Organizations should establish firewall rules to block communication from malware to known command and control sites and monitor their network for this activity to identify compromised machines. Additionally, UDP connections are used for Mariposa communication, so observance of your network activity is the best place to start. If one system is frequently sending outbound UDP packets, regardless of port, mark it as suspicious and investigate the source of the traffic on the system.
It is important to identify all of the infected machines and to disable them simultaneously to prevent re-infection of your assets. Advanced threats such as botnets can be extremely difficult to eradicate. If a compromised system is missed, the threat can re-infect “clean” systems. Clean systems should be isolated while the remainder of the network is cleaned, or the clean systems risk being re-infected. In large networks, this can be a challenging exercise.
As mentioned, IP addresses, ports, and domains used by Mariposa’s C2 system have continually changed. These changes created new malware variants (mariposa had over 1,500 variants) resulting in a persistent and dynamic botnet. It is important to use all available information when eradicating and defending against a botnet infection to ensure that all variants are detected and properly removed.
Here are some general guidelines for dealing with Mariposa malware:
Any infected systems should be immediately isolated from the network.
Any systems sharing network drives with the infected systems, including file servers hosting said network drives, should also be isolated from the network.Reimage infected hosts prior to returning to normal operation.
Consider maintaining an infected system for more detailed analysis (i.e., digital media analysis, malware collection).
Review antivirus software specific removal guidelines for the malware if re-imaging is not possible.
Users should refrain from or be administratively prohibited from browsing the Internet using Windows accounts with Administrator-level privileges. This reduces the potential damage an infection can inflict upon a system.
Organizations should warn users about the risks of using USB drives on business systems. For more information, review ICS-CERT CSAR -10-090-01- USBs Used as Attack Vectorg and US-CERT Cyber Security Tip ST08-001, “Using Caution with USB Drives.”US-CERT Cyber Security Tip, http://www.us-cert.gov/cas/tips/ST08-001html, website last accessed March 15, 2010.
Keep systems up to date with the latest patches and antivirus signatures.
Establish an internet proxy service and monitor it for suspicious activity.
Monitor IDS/IPS solutions for connections to the malicious domains and IP addresses listed in ICS-CERT advisories and US-CERT CIINs.
Do NOT trust unsolicited e-mail.
Do NOT click links and attachments in unsolicited e-mail messages.
Employ the use of a spam filter.
To educate users about social engineering and phishing attacks, review US-CERT Cyber Security Tip ST04-014, “Avoiding Social Engineering and Phishing Attacks.”
To learn more about botnets, review US-CERT Cyber Security Tip ST06-001, “Understanding Hidden Threats: Rootkits and Botnets."

Mariposa Botnet

Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.

*   Empower your remote team to plan projects, coordinate work remotely, and hit their goals with Asana.
    
*   In a few taps, bring together your deskless workforce under one roof. Collaborate, run operations, develop professional skills and monitor employee engagement and compliance from your desktop Launch Pad. Create your fully branded company mobile app in minutes. Choose from adding orientation courses, safety checklists, product catalogs for your service employees, shift management for your on-the-go workforce, or customize features for your own needs. Additionally, receive insights into how your team is engaging with your company assets and take action to improve efficiency. Connecteam allows managers to put processes on autopilot and focus on growth while freeing up employees to be more productive and happy.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 759,610 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 528,637 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 391,305 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 360,977 This Week
    
    **Last Update:** 2022-07-17
    
    See Project
    
*   Start with a tailored template for your projects and tasks, and build the workflow and process you need with the tools at your fingertips. ClickUp is the online solution to let your team get more done! Easily manage your team's tasks from anywhere in the modern world.
    
*   5
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 254,713 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 179,370 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 141,916 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   8
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 167,521 This Week
    
    **Last Update:** 2022-08-15
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,384 This Week
    
    **Last Update:** 2022-08-02
    
    See Project
    
*   Centralize all your work, processes, tools, and files into one Work OS. Connect teams, bridge silos, and maintain one source of truth across your organization.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 94,541 This Week
    
    **Last Update:** 2022-07-28
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 68,809 This Week
    
    **Last Update:** 3 days ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 411,305 This Week
    
    **Last Update:** 2022-07-18
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 75,567 This Week
    
    **Last Update:** 2022-08-12
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 66,167 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **mscorefonts2**
    
    Updated Smart package of Microsoft Core fonts for the Web
    
    Here you'll find rpms to install Microsoft's Core fonts for the Web, the EU update and the ClearType fonts. The fonts are Andale, Arial, Calabri, CAmbria, Candara, Consolas, Constantia, Corbel, Comic, Courier, Georgia, Impact, Times Trebuchet, Verdana and Webdings. The original cab files circa 2000 are on the sourceforge corefonts probject, while this project holds updates circa 2006, and the Cleartype fonts circa 2007. See https://sourceforge.net/projects/corefonts/ and https://sourceforge.net/projects/mscorefonts/ The rpms here do not contain the truetype fonts, instead the cabfiles are downloaded and unpacked at install time. The fonts are then added or made known to the X core fonts and Xft systems. Credit goes to the original author of corefonts, Noa Resare, and the numerous netizens who updated the spec file over the years. See the specs and changelog for more history.
    
    **Downloads:** 111,995 This Week
    
    **Last Update:** 2013-05-30
    
    See Project
    
*   16
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 62,383 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   17
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,036 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   18
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 47,689 This Week
    
    **Last Update:** 2022-08-22
    
    See Project
    
*   19
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 49,994 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   20
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 48,456 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   21
    
    **PSeInt**
    
    A tool for learning programming basis with a simple spanish pseudocode
    
    PSeInt is a pseudo-code interpreter for spanish-speaking programming students. Its main purpose is to be a tool for learning and understanding the basic concepts about programming and applying them with an easy understanding spanish pseudocode.
    
    **Downloads:** 47,556 This Week
    
    **Last Update:** 2022-07-19
    
    See Project
    
*   22
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 1,830 This Week
    
    **Last Update:** 2022-08-09
    
    See Project
    
*   23
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 36,833 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   24
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 43,242 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   25
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,329 This Week
    
    **Last Update:** 2022-06-16
    
    See Project

CVE-2008-6566: Best Open Source Mac Software 2022

Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."

*   Introducing GoTo Resolve: Refreshingly simple, all-in-one IT support, fortified with zero trust security for unparalleled ease and peace of mind.
    
*   Productive is a business management tool used by agencies and professional service providers. Productive’s main objective is to provide customers with an all-in-one platform that gives them a complete and real-time view of their business performance.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 721,098 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 450,575 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 380,219 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 244,296 This Week
    
    **Last Update:** 2022-04-27
    
    See Project
    
*   Process Director from BP Logix is an advanced business process management (BPM) software for building and operating workflow-driven business applications. An award-winning low code platform, Process Director offers the tools businesses need to automate key processes and improve results. It features an intuitive point-and-click graphical user interface, which allows users to better discover, define, model and automate business processes, as well as control, track and improve operations.
    
*   5
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 188,915 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 181,031 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 168,339 This Week
    
    **Last Update:** 2022-05-03
    
    See Project
    
*   8
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 122,719 This Week
    
    **Last Update:** 2022-05-25
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,334 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   WatchWire provides a single source of truth for the trends and opportunities found in your company's energy use.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 99,486 This Week
    
    **Last Update:** 3 hours ago
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 73,130 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 413,535 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 62,532 This Week
    
    **Last Update:** 2022-02-25
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 56,958 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,827 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   16
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 49,768 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   17
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 48,307 This Week
    
    **Last Update:** 4 days ago
    
    See Project
    
*   18
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 2,124 This Week
    
    **Last Update:** 5 days ago
    
    See Project
    
*   19
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 46,567 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   20
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 44,977 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   21
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 39,029 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   22
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,495 This Week
    
    **Last Update:** 2022-06-16
    
    See Project
    
*   23
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 51,965 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   24
    
    **NikGapps**
    
    A Custom Google Apps Package that Suits Everyone Needs!
    
    NikGapps project started with the goal to provide custom gapps packages that suits everyone's needs. A package that a user needs but cannot find and ends up setting up the device installing more apps and removing unwanted apps manually.
    
    **Downloads:** 32,600 This Week
    
    **Last Update:** 6 hours ago
    
    See Project
    
*   25
    
    **GParted**
    
    A partition editor to graphically manage disk partitions
    
    GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.
    
    **Downloads:** 25,454 This Week
    
    **Last Update:** 2 days ago
    
    See Project

CVE-2007-0803: Best Open Source Mac Software 2022

Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp.

*   LogicMonitor is the leading fully automated, cloud-based infrastructure monitoring and observability platform for enterprise IT and managed service providers. Gain IT insights, seamless data collaboration at scale, and visibility into networks, cloud, applications, servers, log data and more within one unified platform.
    
*   Ditch time-consuming emails! Give your internal team and clients the tools they need to quickly and easily report bugs and give feedback with annotated screenshots.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 721,098 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 450,575 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 380,219 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 244,296 This Week
    
    **Last Update:** 2022-04-27
    
    See Project
    
*   Alchemy serves over 1 million workers at 7,500 locations worldwide with training & compliance solutions & services for manufacturing, food processing, distribution & packaging companies of all sizes.
    
*   5
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 188,915 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 181,031 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 168,339 This Week
    
    **Last Update:** 2022-05-03
    
    See Project
    
*   8
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 122,719 This Week
    
    **Last Update:** 2022-05-25
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,334 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   The dashboard and mobile app allows users to manage their marketing, sales, accounting, reporting, payment and communication needs all in one place. As premium partners of channels such as VRBO, Booking.com, Airbnb, Homeaway and Expedia, with the ability to manage advanced setups, no other platform gives you the type of control and peace of mind that a Hostaway user has. The software is designed with teams in mind - it's easy to train staff and keep them happy while improving business at the same time! Hostaway also provides a booking engine, wordpress website and both marketing and sales tools for managing your valuable direct bookings.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 99,486 This Week
    
    **Last Update:** 3 hours ago
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 73,130 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 413,535 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 62,532 This Week
    
    **Last Update:** 2022-02-25
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 56,958 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,827 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   16
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 49,768 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   17
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 48,307 This Week
    
    **Last Update:** 4 days ago
    
    See Project
    
*   18
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 2,124 This Week
    
    **Last Update:** 5 days ago
    
    See Project
    
*   19
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 46,567 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   20
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 44,977 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   21
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 39,029 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   22
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,495 This Week
    
    **Last Update:** 2022-06-16
    
    See Project
    
*   23
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 51,965 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   24
    
    **NikGapps**
    
    A Custom Google Apps Package that Suits Everyone Needs!
    
    NikGapps project started with the goal to provide custom gapps packages that suits everyone's needs. A package that a user needs but cannot find and ends up setting up the device installing more apps and removing unwanted apps manually.
    
    **Downloads:** 32,600 This Week
    
    **Last Update:** 6 hours ago
    
    See Project
    
*   25
    
    **GParted**
    
    A partition editor to graphically manage disk partitions
    
    GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.
    
    **Downloads:** 25,454 This Week
    
    **Last Update:** 2 days ago
    
    See Project

CVE-2006-0963: Best Open Source Mac Software 2022

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

HPE MyAccount

**HPE MyAccount**

HPE MyAccount

HPE MyAccount

My Bookmarks

My Bookmarks

Manage Account

Manage Account

Sign Out

**My Cart**

****Your cart is currently empty****

Head to the HPE store to browse, configure and order.

Shop now

**Something went wrong**

Try viewing your cart in the HPE Store or check back later.  

View cart

View cart Checkout

HPE Ecosystem

*   HPE GreenLake
*   
*   Cloud Consoles
    
*   Cloud Services
*   Data Services
*   Compute Ops Management
*   Aruba Central
*   
*   HPE GreenLake Administration
    
*   Manage Account
*   Manage Devices
*   
*   HPE Resources
    
*   Support Center
*   Financial Services
*   Developer
*   Communities

HPE GreenLake

EDGE TO CLOUD

**HPE GreenLake**

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

HPE GreenLake

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

Learn more about HPE GreenLake platform

TEST DRIVE

**Experience HPE GreenLake cloud services**

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Experience HPE GreenLake cloud services

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Get started

CLOUD SERVICES

*   AI, ML, and analytics
*   Business applications
*   Compute
*   Containers
*   Data protection
*   Database
*   Edge
*   HPC
*   Hybrid and multicloud

*   Hyperconverged
*   Migration
*   Networking
*   Private cloud
*   SAP
*   Security, risk, and compliance
*   Storage
*   VDI
*   Virtualization

INDUSTRY

*   Financial Services
*   Healthcare
*   Manufacturing
*   Public Sector
*   Telco

PARTNERS

*   Marketplace
*   HPE GreenLake for partners

Products

See all products and solutions

EDGE TO CLOUD

**Edge to cloud platform solutions**

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

Edge to cloud platform solutions

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

*   Platform
*   Edge
*   Data
*   Cloud
*   Security

SOLUTIONS BY CATEGORY

*   Data Storage
*   High Performance Computing (HPC)
*   Compute
*   Networking
*   Software
*   Services

See all products and solutions

More...

LATEST NEWS & MEDIA

**Discover More Network**

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Discover More Network

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Learn more

COMPANY

**About HPE**

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

About HPE

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

Learn more

EVENT

**Discover 2022**

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Discover 2022

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Learn more

RESOURCES

*   HPE Customer Centers
*   Communities
*   Customer Stories
*   All Blogs & Forums
*   How to buy

CVE-2005-2224: 404 Error

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 
**List:       bugtraq
Subject:    Solaris LPD Exploit (fwd)
From:       Dave Ahmad <da () securityfocus ! com>
Date:       2001-08-31 22:08:09
\[Download RAW message or body\]**

Hey,

The exploit that was attached to this message cannot be distributed..
so below is the original message sent to BUGTRAQ without the exploit.

From the exploit:

/\*
 \* remorse
 \* Solaris 8 in.lpd remote root exploit
 \* by ron1n <shellcode@hotmail.com>
 \* July 2001
 \*
 \* Written for 7DFB/TESO members and friends. Private, do not distribute
 \* negligently, etc. etc. An unpublished vulnerability is exploited. I think
 \* this is what they call 0day warez.
 \*
 \* This is not the ISS hole -- that one doesn't seem to be exploitable on the
 \* SPARC architecture. I spent a week studying all of the lp binary and library
 \* code trying to find a nice overflow that would be exploitable on SPARC. This
 \* is the best I could come up with though. I'm disappointed because it's very
 \* similar to the old SNI/NAI BSD lpd vuln and the l0pht/@stake Linux lpd vuln.
 \*
 \* There are no printer conditions that have to be met. If the system happens
 \* to be running in.lpd, consider it owned. It can be a noisy attack; other
 \* than possible syslog locations, evidence will exist under /var/spool/lp/tmp,
 \* /var/spool/lp/requests, and the mail spool directory (/tmp).
 \*
 \* The exploit targets four programs: in.lpd, lpsched adaptor, /bin/mail, and
 \* sendmail. Obviously there are going to be differences among Solaris releases
 \* and individual configurations. For instance, the Solaris 7 version of in.lpd
 \* doesn't have IPv6 support like the Solaris 8 version does, so if your IP
 \* address doesn't reverse-resolve, in.lpd will create a different directory
 \* on each release. I've handled this now in case I do a rewrite, but Solaris 7
 \* has other issues that need to be investigated. Solaris 2.6 looks even worse.
 \* If someone hooks me up with source code, I'll try to add 7 and 2.6 support.
 \*
 \* If you're not getting results, try playing around with some command line
 \* switches or some files in the exploit tarball, particularly 'script'. The
 \* system's responses, or lack thereof, can tell you everything you need for
 \* a successful exploitation.
 \*
 \* Now you too can sleep well at night knowing that there are still ways to
 \* compromise a Solaris box remotely without relying on Sun's rpc nightmare.
 \*
 \* "Something about you is very wrong..."
 \*/

Dave Ahmad
Security Focus
www.securityfocus.com

---------- Forwarded message ----------
From: "Ricky Vludmore" <ricky2k@anonymous.to>
To: bugtraq@securityfocus.com
Subject: Solaris LPD Exploit

\[This is allegedly for an unknown vulnerability.\]

I have attached the exploit that was used against me
and then sent to me as a result of my Incidents posts.
The swarm of me-too emails leads me to believe this
is being actively exploited with the public being
none the wiser. The tar content times and the
author's timestamp place it at around two months
old.

I can only guess at the intentions for trying to keep
this below the surface. The overall depressive tone of the
exploit is as unnerving as the author's up-beat attitude
toward system intrusion, but I will admit that the author
seems to hint at deeper motives. Either way, the more
productive and mature thing to do would have been to
inform the public so that end users aren't left in the
cold with these matters.

Two people asked if the system that was compromised is x86
or sparc. It's a sparc.

In reference to:

http://archives.neohapsis.com/archives/incidents/2001-08/0417.html
http://archives.neohapsis.com/archives/incidents/2001-08/0425.html

And a final post sent earlier:

>  About four hours ago I received a post from an
>  individual who claimed to have acquired exploit
>  source for this \_\_unknown\_\_ vulnerability on the
>  "ircnet chat network" about a week ago. He/she
>  then sent me a copy upon request, saying that
>  he/she witnessed it being used by a shady
>  individual in an exchange involving this and
>  another \_\_unknown\_\_ hole in a Solaris routing
>  daemon (luckily I don't run one of those!).
>
>  I now have a copy of the exploit. Haven't tried it
>  against a patched system for that (other) printer
>  bug. I somehow managed to get it working against
>  my (currently) unpatched system.
>
>  I couldn't read a line of C if my life depended on
>  it but the comments say it's an unpublished
>  hole and that it's not the ISS one (apparently
>  they were the guys who found this other printer
>  bug). I tried searching for it in a search engine.
>  No results.
>
>  I feel it's important that the public catch wind
>  of this exploit..
>
>  securityfocus contacts? bugtraq? sun?


------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click "Contact Us."

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 

  

Configure | About | News | Add a list | Sponsored by KoreLogic

CVE-2001-1583: 'Solaris LPD Exploit (fwd)' - MARC

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 
**List:       bugtraq
Subject:    Re: Linux NLSPATH buffer overflow
From:       Alan Cox <alan () LXORGUK ! UKUU ! ORG ! UK>
Date:       1997-02-14 20:51:02
\[Download RAW message or body\]**

> I'm sorry if the information I'm going to tell about was already known, but
> I hope it wasn't...

Its known, its fixed in current setups

> It might be possible to exploit this hole remotely, if using a patched telnet
> client which would allow exporting large environment variable values. The
> overflow would happen at /bin/login startup then (somewhat like the famous
> LD\_PRELOAD exploit, but an overflow). I'm not sure of that though, there might
> be some restrictions on environment variables in telnetd.

Netkit 0.08/9 telnetd do not pass any environment variables,

> As for the fix, well, this is a hard one -- would require re-compiling libc,
> and statically linked binaries. To protect yourself against remote attacks,
> you could for example change the variable name to something different, with
> a hex editor (like /usr/bin/bpe), in /lib/libc.so.5, and ensure the exploit
> stopped working. Of course, this is only a temporary fix.

libc5.4 is immune, RedHat has been shipping the fixed libc5.3.12 for a long
time, and all the vendors I had security contacts for where told ages ago.
If they haven't fixed it then Im disappointed with them, they dont have
an excuse. That libc5.3.12 unpatched also has other fun bugs with buffer
overruns in libc some in the BSD stuff akin to the BSD bugs in rcmd() etc.

Alan

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 

  

Configure | About | News | Add a list | Sponsored by KoreLogic

Tag

#sap