Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
aee0faee9c3f1bb265ee8e94b4bb93967413f3c56e65f954db16b09451546769SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
75554ca11ee38d727456b17b6afd5379e5c14c05160ca66755a25f248b4b1730This Metasploit module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.
1641e648bb596d49cb885ae8a06d070b985c8aa9c12581f0fbac21adc6d108a6The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.
1b0c49a5daa22309c31f3ebfc498ee87664cbe412bded297b0f3fac32d95a90bpyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
6fbd65b27e6a48331a0b62f6346f00aa90fef1353c8775de4c5f201ce9e4464aUbuntu Security Notice 2534-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
be122038fcb77b4374222b3d57cb1ac4a7a62d1000b48136d7a568cdffe34ceaDebian Linux Security Advisory 3192-1 - Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop).
d6e0d76ec692ed0cd90abd68040a0f655e8ccf3e58b097abbdc252517f262dc7HP Security Bulletin HPSBST03298 1 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 1 of this advisory.
fb0c36adddb47f8c83881e2dc15b540ac9ea0fa121193e14d50a2e07c272bed7Gentoo Linux Security Advisory 201503-9 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.451 are affected.
c94a07d133adc6cdb9372f6e82c6371a814da95bb90c1bf5458a82825ddfa17cRed Hat Security Advisory 2015-0697-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
8f5cda01e74c94446edd64ce381f256c35befd3199be678bc15c31aa83e164b0Debian Linux Security Advisory 3194-1 - Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.
984fd08815ed72c3981453fbe068a7951191d73e4a772b399ba3bb5daa3ac4d3Red Hat Security Advisory 2015-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
25724757ff5aee8a16c253eb7a578ac07bfa56bdb2e5d75fa8c0d5db6a98c13bRed Hat Security Advisory 2015-0694-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
0e711acf0df6e837643b849c9bb486ba31ff24ef22e412c4d7f4581de627ee57Debian Linux Security Advisory 3193-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.
ab3815ba8d0e2672e234e5f127e052c0084060ae869aa409565552e7b04662a5HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.
30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4Gentoo Linux Security Advisory 201503-8 - Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.22 are affected.
ead380517caeb1d470c125f906392d70fc04b69f3f20901f9d95e08e43889470
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed