what you don't know can hurt you

Recent Files

Files RSS Feed
Clam AntiVirus Toolkit 0.102.2
Posted Feb 5, 2020
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: A denial of service vulnerability has been addressed. Significantly improved scan speed of PDF files on Windows. Various other updates and improvements.
tags | tool, virus
systems | unix
Ubuntu Security Notice USN-4269-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4269-1 - It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
Ubuntu Security Notice USN-4268-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
nfstream 3.1.2
Posted Feb 5, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fixed test workflows. Updated nDPI.
tags | tool, python
systems | unix
Red Hat Security Advisory 2020-0378-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0378-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Windscribe WindscribeService Named Pipe Privilege Escalation
Posted Feb 5, 2020
Authored by Brendan Coles, Emin Ghuliev | Site metasploit.com

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \\.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on Windscribe versions 1.80 and 1.81 on Windows 7 SP1 (x64).

tags | exploit, arbitrary
systems | windows, 7
Wago PFC200 Remote Code Execution
Posted Feb 5, 2020
Authored by Nico Jansen

This Metasploit module exploits an authenticated remote code execution vulnerability in Wago PFC200.

tags | exploit, remote, code execution
Ubuntu Security Notice USN-4263-2
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4263-2 - USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
Socat 1.7.3.4 Heap Overflow
Posted Feb 5, 2020
Authored by hieubl

Socat version 1.7.3.4 heap-based overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
Red Hat Security Advisory 2020-0431-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
Ubuntu Security Notice USN-4266-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4266-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
Red Hat Security Advisory 2020-0375-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0375-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting
Posted Feb 5, 2020
Authored by Nolan B. Kennedy

Kronos WebTA version 4.0 suffers from cross site scripting and authenticated remote privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, xss
Verodin Director Web Console 3.5.4.0 Password Disclosure
Posted Feb 5, 2020
Authored by Nolan B. Kennedy

Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.

tags | exploit, remote, web, proof of concept, info disclosure
Red Hat Security Advisory 2020-0374-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0374-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
Ubuntu Security Notice USN-4265-2
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4265-2 - USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
AVideo Platform 8.1 User Enumeration
Posted Feb 5, 2020
Authored by Ihsan Sencan

AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.

tags | exploit, info disclosure
Red Hat Security Advisory 2020-0366-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0366-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
Red Hat Security Advisory 2020-0406-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0406-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Issues addressed include unbounded memory growth.

tags | advisory
systems | linux, redhat
AVideo Platform 8.1 Cross Site Request Forgery
Posted Feb 5, 2020
Authored by Ihsan Sencan

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
xglance-bin Local Root Privilege Escalation
Posted Feb 5, 2020
Authored by Tim Brown, Marco Ortisi, Robert Jaroszuk

xglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.

tags | exploit, local, root
systems | linux
ISO-8385 Protocol Fuzzer
Posted Feb 5, 2020
Authored by Fakhir Karim Reda

This python script is a fuzzer for the ISO-8385 financial protocol. It is compatible with sulley and bofuzz and is now part of the official bofuzz release.

tags | tool, protocol, python, fuzzer
Cisco Discovery Protocol (CDP) Remote Device Takeover
Posted Feb 5, 2020
Authored by Barak Hadad, Yuval Sarel, Ben Seri | Site armis.com

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.

tags | advisory, remote, vulnerability, protocol
systems | cisco
HiSilicon DVR/NVR hi3520d Firmware Backdoor Account
Posted Feb 5, 2020
Authored by Snawoot

HiSilicon DVR/NVR with hi3520d firmware suffers from having a remote backdoor account vulnerability.

tags | exploit, remote
Ubuntu Security Notice USN-4265-1
Posted Feb 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4265-1 - It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
View Older Files →

Recent News

News RSS Feed
Ashley Madison Breach Extortion Scam Targets Hundreds
Posted Feb 4, 2020

tags | headline, hacker, privacy, cybercrime, data loss, fraud
AZORult Adopts Novel Triple Encryption Technique
Posted Feb 4, 2020

tags | headline, malware, cryptography
Hacker Pleads Guilty To Stealing Nintendo Secrets
Posted Feb 4, 2020

tags | headline, hacker, data loss, fraud, nintendo
New Ransomware Doesn't Just Encrypt Data. It Also Meddles With Critical Infrastructure
Posted Feb 4, 2020

tags | headline, malware, scada, cryptography
Charges Dropped Against Coalfire Security Team
Posted Feb 3, 2020

tags | headline, hacker, government, usa
The CIA's Infamous, Unsolved Cryptographic Puzzle Gets A Final Clue
Posted Feb 3, 2020

tags | headline, government, usa, spyware, cryptography, cia
TrickBot Switches To A New Win10 UAC Bypass To Evade Detection
Posted Feb 3, 2020

tags | headline, malware, microsoft, trojan, fraud, flaw
Trump Congratulated Kansas For The Super Bowl Win
Posted Feb 3, 2020

tags | headline, government, usa
Kenya Court Halts Biometric ID Over Data Fears
Posted Jan 31, 2020

tags | headline, government, privacy, africa
Jeff Bezos Met FBI Investigators In 2019 Over Alleged Saudi Hack
Posted Jan 31, 2020

tags | headline, hacker, privacy, malware, usa, phone, amazon, data loss, spyware, saudi arabia
View More News →

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close