The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.

25 May 2010

The GNU C library did not correctly handle certain mnt entries, strfmon arguments, and ELF program headers.

**Reduce your security exposure**

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

**Releases**

*   Ubuntu 10.04
*   Ubuntu 9.10
*   Ubuntu 9.04
*   Ubuntu 8.04
*   Ubuntu 6.06

**Packages**

*   eglibc - Shared system libraries
*   glibc - Shared system libraries

**Details**

Maksymilian Arciemowicz discovered that the GNU C library did not  
correctly handle integer overflows in the strfmon function. If a user  
or automated system were tricked into processing a specially crafted  
format string, a remote attacker could crash applications, leading to  
a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)

Jeff Layton and Dan Rosenberg discovered that the GNU C library did not  
correctly handle newlines in the mntent family of functions. If a local  
attacker were able to inject newlines into a mount entry through other  
vulnerable mount helpers, they could disrupt the system or possibly gain  
root privileges. (CVE-2010-0296)

Dan Rosenberg discovered that the GNU C library did not correctly validate  
certain ELF program headers. If a user or automated system were tricked  
into verifying a specially crafted ELF program, a remote attacker could  
execute arbitrary code with user privileges. (CVE-2010-0830)

**Reduce your security exposure**

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

CVE-2010-0296: USN-944-1: GNU C Library vulnerabilities | Ubuntu security notices | Ubuntu

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30 mini\_httpd 1.19 thttpd 2.25b0 WEBrick 1.3.1 Orion 2.0.7 AOLserver 4.5.1 Yaws 1.85 Boa 0.94.14rc21 Severity Medium Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) Vendor http://www.nginx.net/ http://varnish.projects.linpro.no/ http://www.cherokee-project.com/ http://www.ruby-lang.org/ http://www.acme.com/software/thttpd/ http://www.acme.com/software/mini\_httpd/ http://www.orionserver.com/ http://www.aolserver.com/ http://yaws.hyber.org/ http://www.boa.org/ Advisory http://www.ush.it/team/ush/hack\_httpd\_escape/adv.txt Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it) Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Date 20100110 I. BACKGROUND nginx is a HTTP and reverse proxy server written by Igor Sysoev. Varnish is a state-of-the-art, high-performance HTTP accelerator. Cherokee is a very fast, flexible and easy to configure Web Server. thttpd is a simple, small, portable, fast, and secure HTTP server. mini\_httpd is a small HTTP server. WEBrick is a Ruby library providing simple HTTP web server services. Orion Application Server is a pure java application-server. AOLserver is America Online's Open-Source web server. Yaws is a HTTP high perfomance 1.1 webserver. Boa is a single-tasking HTTP server. II. DESCRIPTION Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to logs escape sequence injection vulnerabilites. Escape sequences are special characters sequences that are used to instruct the terminal to perform special operations like executing commands \[4, 5\] or dumping the buffer to a file \[6, 7\]. When the webserver is executed in foreground in a pty or when the logfiles are viewed with tools like "cat" or "tail" such control chars reach the terminal and are executed. III. ANALYSIS Summary: A) "nginx" log escape sequence injection (Affected versions: 0.7.64 and probably earlier versions) B) "Varnish" log escape sequence injection (Affected versions: 2.0.6 and probably earlier versions) C) "Cherokee" log escape sequence injection (Affected versions: 0.99.30 and probably earlier versions) D) "thttpd" log escape sequence injection (Affected versions: thttpd/2.25b and probably earlier versions) E) "mini\_httpd" log escape sequence injection (Affected versions: 1.19 and probably earlier versions) F) "WEBrick" log escape sequence injection (Affected versions: 1.3.1 and probably earlier versions) G) "Orion" log escape sequence injection (Affected versions: 2.0.7 and probably earlier versions) H) "AOLserver" log escape sequence injection (Affected versions: 4.5.1 and probably earlier versions) I) "Yaws" log escape sequence injection (Affected versions: 1.85 and probably earlier versions) L) "Boa" log escape sequence injection (Affected versions: 0.94.14rc21 and probably earlier versions) A) "nginx" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload B) "Varnish" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. xterm varnishlog echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload C) "Cherokee" log escape sequence injection The following Proof Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a D) "thttpd" log escape sequence injection The following Proof Of Concept can be used in order to verify the vulnerability. echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload E) "mini\_httpd" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload F) "WEBrick" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload G) "Orion" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload H) "AOLserver" log escape sequence injection The following Proof Of Concept can be used in order to verify the vulnerability. echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload I) "Yaws" log escape sequence injection One of the following two Proofs Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a echo -en "GET /\\x1b\]2;owned?\\x07\\x0a\\x0d\\x0a\\x0d" > payload nc localhost 80 < payload L) "Boa" log escape sequence injection The following Proof Of Concept can be used in order to verify the vulnerability. curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a IV. DETECTION Services like Shodan (shodan.surtri.com) or Google can be used to get an approximate idea on the usage of the products. Some examples: - http://shodan.surtri.com/?q=nginx - http://www.google.com/search?q="powered+by+Cherokee" - curl -kis http://www.antani.gov | grep -E "Server: Orion/2.0.8" V. WORKAROUND Cherokee and WEBrick (Ruby) released related security fixes and releases as detailed below. Cherokee issued a public patch that resolved the issue but caused some issues (http://svn.cherokee-project.com/changeset/3944) and has been later replaced (http://svn.cherokee-project.com/changeset/3977) by a better fix that both resolve the issue and doesn't affect the normal webserver behavior. Use the second patch or a safe release like 0.99.34 or above. If you are using Cherokee 0.99.32 please note that your build uses the first patch. Webrick (Ruby) sent us the following patch and issued a release that fixes the issues. Detailed informations are available at the following url: http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection The patch we reviewed is the following but please refer to the vendor's article for exact informations. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- Index: lib/webrick/httpstatus.rb =================================================================== --- lib/webrick/httpstatus.rb (revision 26065) +++ lib/webrick/httpstatus.rb (working copy) @@ -13,5 +13,15 @@ module WEBrick module HTTPStatus - class Status < StandardError; end + class Status < StandardError + def initialize(message, \*rest) + super(AccessLog.escape(message), \*rest) + end + class << self + attr\_reader :code, :reason\_phrase + end + def code() self::class::code end + def reason\_phrase() self::class::reason\_phrase end + alias to\_i code + end class Info < Status; end class Success < Status; end @@ -69,4 +79,5 @@ module WEBrick StatusMessage.each{|code, message| + message.freeze var\_name = message.gsub(/\[ \\-\]/,'\_').upcase err\_name = message.gsub(/\[ \\-\]/,'') @@ -80,16 +91,10 @@ module WEBrick end - eval %- - RC\_#{var\_name} = #{code} - class #{err\_name} < #{parent} - def self.code() RC\_#{var\_name} end - def self.reason\_phrase() StatusMessage\[code\] end - def code() self::class::code end - def reason\_phrase() self::class::reason\_phrase end - alias to\_i code - end - - - - CodeToError\[code\] = const\_get(err\_name) + const\_set("RC\_#{var\_name}", code) + err\_class = Class.new(parent) + err\_class.instance\_variable\_set(:@code, code) + err\_class.instance\_variable\_set(:@reason\_phrase, message) + const\_set(err\_name, err\_class) + CodeToError\[code\] = err\_class } Index: lib/webrick/httprequest.rb =================================================================== --- lib/webrick/httprequest.rb (revision 26065) +++ lib/webrick/httprequest.rb (working copy) @@ -267,9 +267,5 @@ module WEBrick end end - begin - @header = HTTPUtils::parse\_header(@raw\_header.join) - rescue => ex - raise HTTPStatus::BadRequest, ex.message - end + @header = HTTPUtils::parse\_header(@raw\_header.join) end Index: lib/webrick/httputils.rb =================================================================== --- lib/webrick/httputils.rb (revision 26065) +++ lib/webrick/httputils.rb (working copy) @@ -130,9 +130,9 @@ module WEBrick value = $1 unless field - raise "bad header '#{line.inspect}'." + raise HTTPStatus::BadRequest, "bad header '#{line}'." end header\[field\]\[-1\] << " " << value else - raise "bad header '#{line.inspect}'." + raise HTTPStatus::BadRequest, "bad header '#{line}'." end } Index: lib/webrick/accesslog.rb =================================================================== --- lib/webrick/accesslog.rb (revision 26065) +++ lib/webrick/accesslog.rb (working copy) @@ -54,5 +54,5 @@ module WEBrick raise AccessLogError, "parameter is required for \\"#{spec}\\"" unless param - params\[spec\]\[param\] || "-" + param = params\[spec\]\[param\] ? escape(param) : "-" when ?t params\[spec\].strftime(param || CLF\_TIME\_FORMAT) @@ -60,8 +60,16 @@ module WEBrick "%" else - params\[spec\] + escape(params\[spec\].to\_s) end } end + + def escape(data) + if data.tainted? + data.gsub(/\[\[:cntrl:\]\\\\\]+/) {$&.dump\[1...-1\]}.untaint + else + data + end + end end end --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- VI. VENDOR RESPONSE We contacted the vendors of eleven affected webservers, counting the previous advisory \[1\] for Jetty. Three fixed the issue (Cherokee, WEBrick/Ruby and Jetty), one will not fix the issue (Varnish) and one acknowledged the issue (AOLserver). Nginx NO-RESPONSE Cherokee FIXED thttpd NO-RESPONSE mini-httpd NO-RESPONSE WEBrick FIXED Orion NO-RESPONSE AOLserver ACK Yaws NO-RESPONSE Boa NO-RESPONSE Varnish WONT-FIX The response was overall good and it was nice to work with them, in particular we want to thank Cherokee's staff, Ruby's staff, Raphael Geissert (Debian) and Steven M. Christey (Mitre) for the support. Poul-Henning Kamp (Varnish) replied to our contact email with the following email that we quote as-is. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- The official Varnish response, which I ask that you include in its entirety in your advisory, if you list Varnish as "vulnerable" in it: This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely. This is not a new issue. I first remember the issue with xterm(1)'s inadvisably implemented escape-sequences in a root-context, brought up heatedly, in 1988, possibly late 1987, at Copenhagens University Computer Science dept. (Diku.dk). Since then, nothing much have changed. The wisdom of terminal-response-escapes in general have been questioned at regular intervals, but still none of the major terminal emulation programs have seen fit to discard these sequences, probably in a misguided attempt at compatibility with no longer used 1970'es technology. I admit that listing "found a security hole in all HTTP-related programs that write logfiles" will look more impressive on a resume, but I think it is misguided and a sign of trophy-hunting having overtaken common sense. Instead of blaming any and all programs which writes logfiles, it would be much more productive, from a security point of view, to get the terminal emulation programs to stop doing stupid things, and thus fix this and other security problems once and for all. --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-- We would like to punctuate the following facts: 1) We totally agree that the root of the problem is an unwise design in the terminal emulators. If in 70' controls were sent out of band on a secondary channel we would not have the equivalent of Blue Boxing in the terminal. This is a known issue from years. We didn't invented this attack vector and never claimed so. We don't think that design changes will happen in the short or mid term so it's better to have a proactive approach and sanitize outputs where functionalities are likely to not be affected at all like in this case. Security in complex systems requires some synergy. 2) Varnish is the only program that doesn't need a "cat" program as logs are stored in memory and displayed using the "varnishlog" utility. 2) Apache fixed a similiar bug (CVE-2003-0020), "Low: Error log escape filtering", in 2004 (six years ago). The bug was affecting Apache up to 1.3.29 \[8\] or 2.0.48 \[9\] depending on the branch. Take you conclusion, criticize if you want. In the meantime things are a little safer. VII. CVE INFORMATION CVE-2009-4487 nginx 0.7.64 CVE-2009-4488 Varnish 2.0.6 CVE-2009-4489 Cherokee 0.99.30 CVE-2009-4490 mini\_httpd 1.19 CVE-2009-4491 thttpd 2.25b0 CVE-2009-4492 WEBrick 1.3.1 CVE-2009-4493 Orion 2.0.7 CVE-2009-4494 AOLserver 4.5.1 CVE-2009-4495 Yaws 1.85 CVE-2009-4496 Boa 0.94.14rc21 VIII. DISCLOSURE TIMELINE 20091117 Bug discovered 20091208 First vendor contact 20091209 Cherokee team confirms vulnerability (Alvaro Lopez Ortega) 20091209 Alvaro Lopez Ortega commits Cherokee patch 20091210 Ruby team confirms vulnerability (Shugo Maeda) 20091211 Shugo Maeda sends us webrick patch for evaulation 20091211 AOLserver confirms vulnerability (Jim Davidson) 20091221 Contacted Raphael Geissert (Debian Security) 20091223 Contacted Steven M. Christey (mitre.org) 20091230 Raphael Geissert forwards to Redhat, Debian, Ubuntu and Mitre 20091230 CVEs assigned by Steven M. Christey 20100105 Poul-Henning (Varnish) Kamp said WONT-FIX 20100105 Ruby team is ready for commit (Urabe Shyouhei) 20100106 Second vendor contact 20100110 Advisory release IX. REFERENCES \[1\] Jetty 6.x and 7.x Multiple Vulnerabilities http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt \[2\] Apache does not filter terminal escape sequences from error logs http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020 \[3\] Apache does not filter terminal escape sequences from access logs http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083 \[4\] Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability http://www.milw0rm.com/exploits/7681 \[5\] Terminal Emulator Security Issues http://marc.info/?l=bugtraq&m=104612710031920&w=2 \[6\] Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability http://www.securityfocus.com/bid/6936/discuss \[7\] RXVT Screen Dump Escape Sequence Local File Corruption Vulnerability http://www.securityfocus.com/bid/6938/discuss \[8\] Apache httpd 1.3 vulnerabilities http://httpd.apache.org/security/vulnerabilities\_13.html \[9\] Apache httpd 2.2 vulnerabilities http://httpd.apache.org/security/vulnerabilities\_22.html X. CREDIT Giovanni "evilaliv3" Pellerano, Alessandro "jekil" Tanasi and Francesco "ascii" Ongaro are credited with the discovery of this vulnerability. Giovanni "evilaliv3" Pellerano web site: http://www.ush.it/, http://www.evilaliv3.org/ mail: evilaliv3 AT ush DOT it Alessandro "jekil" Tanasi web site: http://www.tanasi.it/ mail: alessandro AT tanasi DOT it Francesco "ascii" Ongaro web site: http://www.ush.it/ mail: ascii AT ush DOT it X. LEGAL NOTICES Copyright (c) 2009 Francesco "ascii" Ongaro Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without mine express written consent. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email me for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

CVE-2009-4492

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

**Details**

J. David Hester discovered that Samba incorrectly handled users that lack  
home directories when the automated \[homes\] share is enabled. An  
authenticated user could connect to that share name and gain access to the  
whole filesystem. (CVE-2009-2813)

Tim Prouty discovered that the smbd daemon in Samba incorrectly handled  
certain unexpected network replies. A remote attacker could send malicious  
replies to the server and cause smbd to use all available CPU, leading to a  
denial of service. (CVE-2009-2906)

Ronald Volgers discovered that the mount.cifs utility, when installed as a  
setuid program, would not verify user permissions before opening a  
credentials file. A local user could exploit this to use or read the  
contents of unauthorized credential files. (CVE-2009-2948)

Reinhard Nißl discovered that the smbclient utility contained format string  
vulnerabilities in its file name handling. Because of security features in  
Ubuntu, exploitation of this vulnerability is limited. If a user or  
automated system were tricked into processing a specially crafted file  
name, smbclient could be made to crash, possibly leading to a denial of  
service. This only affected Ubuntu 8.10. (CVE-2009-1886)

Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled  
permissions to modify access control lists when dos filemode is enabled. A  
remote attacker could exploit this to modify access control lists. This  
only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)

CVE-2009-2948: USN-839-1: Samba vulnerabilities | Ubuntu security notices | Ubuntu

Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.

*   Empower your remote team to plan projects, coordinate work remotely, and hit their goals with Asana.
    
*   In a few taps, bring together your deskless workforce under one roof. Collaborate, run operations, develop professional skills and monitor employee engagement and compliance from your desktop Launch Pad. Create your fully branded company mobile app in minutes. Choose from adding orientation courses, safety checklists, product catalogs for your service employees, shift management for your on-the-go workforce, or customize features for your own needs. Additionally, receive insights into how your team is engaging with your company assets and take action to improve efficiency. Connecteam allows managers to put processes on autopilot and focus on growth while freeing up employees to be more productive and happy.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 759,610 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 528,637 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 391,305 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 360,977 This Week
    
    **Last Update:** 2022-07-17
    
    See Project
    
*   Start with a tailored template for your projects and tasks, and build the workflow and process you need with the tools at your fingertips. ClickUp is the online solution to let your team get more done! Easily manage your team's tasks from anywhere in the modern world.
    
*   5
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 254,713 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 179,370 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 141,916 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   8
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 167,521 This Week
    
    **Last Update:** 2022-08-15
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,384 This Week
    
    **Last Update:** 2022-08-02
    
    See Project
    
*   Centralize all your work, processes, tools, and files into one Work OS. Connect teams, bridge silos, and maintain one source of truth across your organization.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 94,541 This Week
    
    **Last Update:** 2022-07-28
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 68,809 This Week
    
    **Last Update:** 3 days ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 411,305 This Week
    
    **Last Update:** 2022-07-18
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 75,567 This Week
    
    **Last Update:** 2022-08-12
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 66,167 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **mscorefonts2**
    
    Updated Smart package of Microsoft Core fonts for the Web
    
    Here you'll find rpms to install Microsoft's Core fonts for the Web, the EU update and the ClearType fonts. The fonts are Andale, Arial, Calabri, CAmbria, Candara, Consolas, Constantia, Corbel, Comic, Courier, Georgia, Impact, Times Trebuchet, Verdana and Webdings. The original cab files circa 2000 are on the sourceforge corefonts probject, while this project holds updates circa 2006, and the Cleartype fonts circa 2007. See https://sourceforge.net/projects/corefonts/ and https://sourceforge.net/projects/mscorefonts/ The rpms here do not contain the truetype fonts, instead the cabfiles are downloaded and unpacked at install time. The fonts are then added or made known to the X core fonts and Xft systems. Credit goes to the original author of corefonts, Noa Resare, and the numerous netizens who updated the spec file over the years. See the specs and changelog for more history.
    
    **Downloads:** 111,995 This Week
    
    **Last Update:** 2013-05-30
    
    See Project
    
*   16
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 62,383 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   17
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,036 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   18
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 47,689 This Week
    
    **Last Update:** 2022-08-22
    
    See Project
    
*   19
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 49,994 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   20
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 48,456 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   21
    
    **PSeInt**
    
    A tool for learning programming basis with a simple spanish pseudocode
    
    PSeInt is a pseudo-code interpreter for spanish-speaking programming students. Its main purpose is to be a tool for learning and understanding the basic concepts about programming and applying them with an easy understanding spanish pseudocode.
    
    **Downloads:** 47,556 This Week
    
    **Last Update:** 2022-07-19
    
    See Project
    
*   22
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 1,830 This Week
    
    **Last Update:** 2022-08-09
    
    See Project
    
*   23
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 36,833 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   24
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 43,242 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   25
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,329 This Week
    
    **Last Update:** 2022-06-16
    
    See Project

CVE-2008-6566: Best Open Source Mac Software 2022

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

CVE-2008-2383: #510030 - [CVE-2008-2383] xterm: DECRQSS and comments

Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."

*   Introducing GoTo Resolve: Refreshingly simple, all-in-one IT support, fortified with zero trust security for unparalleled ease and peace of mind.
    
*   Productive is a business management tool used by agencies and professional service providers. Productive’s main objective is to provide customers with an all-in-one platform that gives them a complete and real-time view of their business performance.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 721,098 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 450,575 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 380,219 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 244,296 This Week
    
    **Last Update:** 2022-04-27
    
    See Project
    
*   Process Director from BP Logix is an advanced business process management (BPM) software for building and operating workflow-driven business applications. An award-winning low code platform, Process Director offers the tools businesses need to automate key processes and improve results. It features an intuitive point-and-click graphical user interface, which allows users to better discover, define, model and automate business processes, as well as control, track and improve operations.
    
*   5
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 188,915 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 181,031 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 168,339 This Week
    
    **Last Update:** 2022-05-03
    
    See Project
    
*   8
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 122,719 This Week
    
    **Last Update:** 2022-05-25
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,334 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   WatchWire provides a single source of truth for the trends and opportunities found in your company's energy use.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 99,486 This Week
    
    **Last Update:** 3 hours ago
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 73,130 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 413,535 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 62,532 This Week
    
    **Last Update:** 2022-02-25
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 56,958 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,827 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   16
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 49,768 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   17
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 48,307 This Week
    
    **Last Update:** 4 days ago
    
    See Project
    
*   18
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 2,124 This Week
    
    **Last Update:** 5 days ago
    
    See Project
    
*   19
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 46,567 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   20
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 44,977 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   21
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 39,029 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   22
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,495 This Week
    
    **Last Update:** 2022-06-16
    
    See Project
    
*   23
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 51,965 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   24
    
    **NikGapps**
    
    A Custom Google Apps Package that Suits Everyone Needs!
    
    NikGapps project started with the goal to provide custom gapps packages that suits everyone's needs. A package that a user needs but cannot find and ends up setting up the device installing more apps and removing unwanted apps manually.
    
    **Downloads:** 32,600 This Week
    
    **Last Update:** 6 hours ago
    
    See Project
    
*   25
    
    **GParted**
    
    A partition editor to graphically manage disk partitions
    
    GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.
    
    **Downloads:** 25,454 This Week
    
    **Last Update:** 2 days ago
    
    See Project

CVE-2007-0803: Best Open Source Mac Software 2022

Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp.

*   LogicMonitor is the leading fully automated, cloud-based infrastructure monitoring and observability platform for enterprise IT and managed service providers. Gain IT insights, seamless data collaboration at scale, and visibility into networks, cloud, applications, servers, log data and more within one unified platform.
    
*   Ditch time-consuming emails! Give your internal team and clients the tools they need to quickly and easily report bugs and give feedback with annotated screenshots.
    
*   1
    
    Integrates Eclipse with the SAP NetWeaver Application Server.
    
    **Downloads:** 721,098 This Week
    
    **Last Update:** 2016-07-20
    
    See Project
    
*   2
    
    **movistartv**
    
    Movistar+ Deco Virtual - Software decodificador
    
    Kodi Movistar+ TV es un ADDON para XBMC/ Kodi que permite disponer de un decodificador de los servicios IPTV de Movistar integrado en uno de los mediacenters mas populares. El proyecto no trata solo de replicar los servicios de televisión, sino un concepto diferente de servicios integrados donde la TV tenga un protagonismo central pero no el único y que permita tanto ver la TV como un video de youtube, disponer un catalogo de películas y música .. Autor: Victor M. Juidiaz Portilla (https://www.linkedin.com/in/victor-manuel-juidiaz-portilla-27bb48106) Foro "Oficial": http://www.kodimania.com/index.php?topic=860.0 Las principales funcionalidades de TV son: - Actualización automática de canales. - Guía de programación (EPG). - Grabaciones en la Nube y en local. - Últimos 7 días - Visualización de grabaciones en la nube. - Sincronización de grabaciones a local para evitar su caducidad. - Gestión avanzada de series. - Timeshift. - DLNA
    
    **Downloads:** 450,575 This Week
    
    **Last Update:** 2020-02-08
    
    See Project
    
*   3
    
    This project is the old location for the plugin list for Notepad++ Plugin Manager. Please use https://github.com/bruderstein/npppluginmanager for any issues and current code
    
    **Downloads:** 380,219 This Week
    
    **Last Update:** 2019-07-19
    
    See Project
    
*   4
    
    Free alternative for Office productivity tools: Apache OpenOffice - formerly known as OpenOffice.org - is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF - the international open standard format - and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
    
    **Downloads:** 244,296 This Week
    
    **Last Update:** 2022-04-27
    
    See Project
    
*   Alchemy serves over 1 million workers at 7,500 locations worldwide with training & compliance solutions & services for manufacturing, food processing, distribution & packaging companies of all sizes.
    
*   5
    
    **KeePass**
    
    A lightweight and easy-to-use password manager
    
    KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to remember one single master password or select the key file to unlock the whole database. And the databases are encrypted using the best and most secure encryption algorithms currently known, AES and Twofish. See our features page for details.
    
    **Downloads:** 188,915 This Week
    
    **Last Update:** 2022-07-05
    
    See Project
    
*   6
    
    • Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others. • Built-in multilayer security levels make configuration effort equal to a car radio. • It combines simplicity with effective protection using powerful open source with additional set of rules & filters. • Available as 64bit: - ISO image (Internet connection required during installation) - install from scratch (Internet connection required during installation). • Minimum Requirements (for 5,000 messages/day): 1 GB of RAM 30 GB storage drive 1 Processor x86/AMD64 1 Ethernet x 1 IPv4 address UDP ports: 53 123 4500 6277 24441 TCP ports: 25 80 443 2703
    
    **Downloads:** 181,031 This Week
    
    **Last Update:** 2018-04-08
    
    See Project
    
*   7
    
    **TurboVNC**
    
    High-speed, 3D-friendly, TightVNC-compatible remote desktop software
    
    TurboVNC is a high-performance, enterprise-quality version of VNC based on TightVNC, TigerVNC, and X.org. It contains a variant of Tight encoding that is tuned for maximum performance and compression with 3D applications (VirtualGL), video, and other image-intensive workloads. TurboVNC, in combination with VirtualGL, provides a complete solution for remotely displaying 3D applications with interactive performance. TurboVNC's high-speed encoding methods have been adopted by TigerVNC and libvncserver, and TurboVNC is also compatible with any other TightVNC derivative. TurboVNC forked from TightVNC in 2004 and still covers all of the TightVNC 1.3.x features, but TurboVNC contains numerous feature enhancements and bug fixes relative to TightVNC, and it compresses 3D and video workloads much better than TightVNC while using generally only 5-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also be made to compress 2D workloads as "tightly" as TightVNC.
    
    **Downloads:** 168,339 This Week
    
    **Last Update:** 2022-05-03
    
    See Project
    
*   8
    
    An advanced and multi-platform BitTorrent client with a nice Qt user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.
    
    **Downloads:** 122,719 This Week
    
    **Last Update:** 2022-05-25
    
    See Project
    
*   9
    
    **scrcpy**
    
    Display and control your Android device
    
    scrcpy is an application for displaying and controlling your Android device through USB connection (or over TCP/IP). It is cross-platform (GNU/Linux, macOS and Windows) and does not require any root access. scrcpy displays only the device screen but offers great performance (30~60fps) and quality (1920×1080 or above). It’s got low latency (35~70ms) and a very low startup time (less than a second). It offers plenty of great features and is non-intrusive, with nothing left installed inside the device. scrcpy works with Android devices with at least API 21 (Android 5.0) and adb debugging must be enabled on the device.
    
    **Downloads:** 4,334 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   The dashboard and mobile app allows users to manage their marketing, sales, accounting, reporting, payment and communication needs all in one place. As premium partners of channels such as VRBO, Booking.com, Airbnb, Homeaway and Expedia, with the ability to manage advanced setups, no other platform gives you the type of control and peace of mind that a Hostaway user has. The software is designed with teams in mind - it's easy to train staff and keep them happy while improving business at the same time! Hostaway also provides a booking engine, wordpress website and both marketing and sales tools for managing your valuable direct bookings.
    
*   10
    
    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.6.5 build 21218. A linux(ubuntu 18.04 LTS) and a freeBSD 11.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained.
    
    **Downloads:** 99,486 This Week
    
    **Last Update:** 3 hours ago
    
    See Project
    
*   11
    
    **Sweet Home 3D**
    
    An interior design application to draw house plans & arrange furniture
    
    Sweet Home 3D is an interior design application that helps you to quickly draw the floor plan of your house, arrange furniture on it, and visit the results in 3D.
    
    **Downloads:** 73,130 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   12
    
    **unitedrpms**
    
    Fast and open solution where everyone can help
    
    Join us in Gitter! https://gitter.im/unitedrpms-people/Lobby Enable the URPMS repository in your system - https://github.com/UnitedRPMs/unitedrpms.github.io/blob/master/README.md
    
    **Downloads:** 413,535 This Week
    
    **Last Update:** 1 day ago
    
    See Project
    
*   13
    
    **libjpeg-turbo**
    
    SIMD-accelerated libjpeg-compatible JPEG codec library
    
    libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs. libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.
    
    **Downloads:** 62,532 This Week
    
    **Last Update:** 2022-02-25
    
    See Project
    
*   14
    
    VirtualGL redirects 3D commands from a Unix/Linux OpenGL application onto a server-side GPU and converts the rendered 3D images into a video stream with which remote clients can interact to view and control the 3D application in real time.
    
    **Downloads:** 56,958 This Week
    
    **Last Update:** 2022-05-16
    
    See Project
    
*   15
    
    **PINN**
    
    PINN is an enhancement of NOOBS
    
    PINN is an enhancement of NOOBS for the Raspberry Pi. It allows the installation of MULTIPLE OSes on the same SD/HDD/SSD device with an OS chooser when booting. Built-in Admin tools allow you to backup & restore your OSes and fix OS problems by including basic disk checking, password changing, and a command shell.
    
    **Downloads:** 59,827 This Week
    
    **Last Update:** 2022-04-12
    
    See Project
    
*   16
    
    **Webmin**
    
    A web-based interface for system administration of UNIX
    
    A web-based system administration tool for Unix servers and services. https://github.com/webmin/webmin
    
    **Downloads:** 49,768 This Week
    
    **Last Update:** 6 days ago
    
    See Project
    
*   17
    
    Code::Blocks is a free, open-source, cross-platform C, C++ and Fortran IDE built to meet the most demanding needs of its users. It is designed to be very extensible and fully configurable. Finally, an IDE with all the features you need, having a consistent look, feel and operation across platforms. Built around a plugin framework, Code::Blocks can be extended with plugins. Any kind of functionality can be added by installing/coding a plugin. For instance, compiling and debugging functionality is already provided by plugins! We hope you enjoy using Code::Blocks! The Code::Blocks Team
    
    **Downloads:** 48,307 This Week
    
    **Last Update:** 4 days ago
    
    See Project
    
*   18
    
    **Tor Browser**
    
    Browser for using Tor on Windows, Mac OS X or Linux
    
    Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
    
    **Downloads:** 2,124 This Week
    
    **Last Update:** 5 days ago
    
    See Project
    
*   19
    
    **Info-ZIP project**
    
    Info-ZIP portable compression/archiver utilities (Zip, UnZip, WiZ, etc.)
    
    **Downloads:** 46,567 This Week
    
    **Last Update:** 2021-04-08
    
    See Project
    
*   20
    
    FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.
    
    **Downloads:** 44,977 This Week
    
    **Last Update:** 2022-05-01
    
    See Project
    
*   21
    
    **XAMPP**
    
    An easy to install Apache distribution containing MySQL, PHP, and Perl
    
    XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows, and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
    
    **Downloads:** 39,029 This Week
    
    **Last Update:** 2022-06-15
    
    See Project
    
*   22
    
    **Etcher**
    
    A safe way to flash OS images to SD cards & USB drives
    
    Etcher is a powerful OS image flasher. It protects a user from accidentally overwriting hard-drives by making drive selection obvious; and with validated flashing there is no more writing images to corrupted drives. It is also called balenaEtcher since it is developed by balena. In addition, Etcher can flash directly Raspberry Pi devices that support usbboot. Use for .iso and .img files, as well as zipped folders to create live SD cards and USB flash drives. Written with Electron for cross platform use (windows, macOS, and Linux).
    
    **Downloads:** 1,495 This Week
    
    **Last Update:** 2022-06-16
    
    See Project
    
*   23
    
    **TGM Gaming Macro**
    
    Lets you have a macro mouse n keyboard functionally with ordinary one.
    
    TGM is a gaming macro that lets you have a macro mouse and keyboard functionally with ordinary one. You can create or record multiple macros and assign them to any key combinations to trigger and loop them when you need how you need. TGM is made for gamers but it's capable of so much more. So you can use it for daily tasks as well. For any question, bug report or feature request feel free to visit forum tab. Note: To simulate arrow keys you might need to turn off NumLock. VirusTotal Result: https://www.virustotal.com/gui/file/29cf266079de80dac853d1d7c5d4c83eadb1d6f9cd8733605414d66413fba31d/detection VirusTotal shows too many false positives. but since this an open source project, you can download the source and build yourself. https://github.com/trksyln/TGMacro
    
    **Downloads:** 51,965 This Week
    
    **Last Update:** 2021-06-15
    
    See Project
    
*   24
    
    **NikGapps**
    
    A Custom Google Apps Package that Suits Everyone Needs!
    
    NikGapps project started with the goal to provide custom gapps packages that suits everyone's needs. A package that a user needs but cannot find and ends up setting up the device installing more apps and removing unwanted apps manually.
    
    **Downloads:** 32,600 This Week
    
    **Last Update:** 6 hours ago
    
    See Project
    
*   25
    
    **GParted**
    
    A partition editor to graphically manage disk partitions
    
    GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.
    
    **Downloads:** 25,454 This Week
    
    **Last Update:** 2 days ago
    
    See Project

Tag

#ubuntu