what you don't know can hurt you
Showing 1 - 25 of 40 RSS Feed

Files Date: 2011-05-25

w3af Web Application Attack and Audit Framework 1.0
Posted May 25, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.
tags | remote, web, local, xss, sql injection, python, file inclusion
MD5 | 4ac1fb2cfcbbefb8c0caa813dd822723
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.2
Posted May 25, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 daemon supports negotiation of Extended Sequence Numbers (ESN) in conjunction with the Linux 2.6.39 kernel. The whitelist plugin allows whitelisting of users with X.509 certificate credentials. The eap-sim-pcsc plugin implements a pcsc-lite based SIM card backend.
tags | kernel, encryption
systems | linux, unix
MD5 | 540544397e060b497c7a1d5c9f3f4d10
OATH Toolkit 1.10.0
Posted May 25, 2011
Site nongnu.org

The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: New TOTP validation functions that return search position were added. Usersfile and PAM module can now validate TOTP as well.
tags | tool
systems | unix
MD5 | d6e9f57e877126fc1e096c327e44b6b4
Debian Security Advisory 2240-1
Posted May 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2240-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2010-3875, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1016, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1090, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1476, CVE-2011-1477, CVE-2011-1478, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746
MD5 | e998c309600ece9aea4775ee55963b9e
Remote Timing Attacks Are Still Practical
Posted May 25, 2011
Authored by Nicola Tuveri, Billy Bob Brumley

This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.

tags | exploit, paper, crypto, vulnerability
MD5 | 4558b899d97a106def3ba064ab5eadfe
Secunia Security Advisory 44683
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 82e217c5b2a1fb953ae82454e2482099
Clipbucket 2.4 RC2 645 SQL Injection
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
MD5 | b1b0439bb9441c5ac22b49cc43e394f4
eGroupware 1.8.001.20110421 Local File Inclusion
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
MD5 | 3f5927d07efba7233255ced7e79056cd
eGroupware 1.8.001.20110421 Open Redirect
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.

tags | exploit, arbitrary
MD5 | c30f72c6bf551e389bc7d602e471dd19
Digital Forensics Framework 1.1.0
Posted May 25, 2011
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: The GUI is now available in Chinese and also fully supports Unicode. An AFF dump connector has been added, based on AFFLib by Simson L. Garfinkel. Another new module allows you to extract mailbox contents from PST, OST, and PAB files, while also recovering deleted, orphaned files, and unallocated clusters, based on Joachim Metz's LibPFF. A new cache system was added for File Mapping and File Descriptor, and new time stamps handling was added. FAT orphaned files scan and attributes have been improved. A bug when adding devices and files on Windows several times has been fixed. FAT and NTFS modules have also been fixed.
tags | tool, forensics
systems | unix
MD5 | 77372cb3787af918f49709227aab2d99
Ubuntu Security Notice USN-1134-1
Posted May 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0419, CVE-2011-1928
MD5 | 7640fe85831b9ec631f18a4b21a8ece4
Debian Security Advisory 2239-1
Posted May 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2239-1 - Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected.

tags | advisory, web, cgi, perl, vulnerability, xss
systems | linux, debian
advisories | CVE-2010-4802, CVE-2010-4803, CVE-2011-1841
MD5 | 2be770183c782cba137c89fb2e0d1e7d
PHP Socket connect() Stack Buffer Overflow
Posted May 25, 2011
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

PHP socket connect() stack buffer overflow proof of concept code.

tags | exploit, overflow, php, proof of concept
advisories | CVE-2011-1938
MD5 | fddfcef57c1ae3d3317eb501f29dab53
Secunia Security Advisory 44674
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Vordel Gateway, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 000b4f8fdfbffb3499c4a8c7ceab0c28
Secunia Security Advisory 44678
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
MD5 | c9af5b1c340e429d5d1c1b0a910e925e
Secunia Security Advisory 44695
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libmodplug. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | d1e415a356607f258fbb8e7bd4b2c28b
Secunia Security Advisory 44699
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, suse
MD5 | c1f1a8d3db6f858ea4d4c285d839deaf
Secunia Security Advisory 44679
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for apr. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | 6aa9f604dac37aaa5c9542fdafa5d6d0
Secunia Security Advisory 44644
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, local
systems | linux, debian
MD5 | bef96abcb18866e3306421f16c3caed7
Secunia Security Advisory 44691
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in ClipBucket, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | a412058c65f251790c94d5264629bf69
Secunia Security Advisory 44694
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, fedora
MD5 | b9b7133ac3ebdf30e13a9a879fcd7a29
Secunia Security Advisory 44672
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for exim. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, suse
MD5 | 345dcfe1bb1dbebd69deea4cf464002e
Secunia Security Advisory 44685
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
MD5 | 4291701f2e8e7efd0bfaede502558775
Secunia Security Advisory 44415
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the JE Story submit component for Joomla!, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | eaf23e1b9fbe9ad4baa392721450bb43
Secunia Security Advisory 44686
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability and a security issue have been discovered in MidiCMS Website Builder, which can be exploited by malicious people to conduct cross-site request forgery and bypass certain security restrictions.

tags | advisory, csrf
MD5 | a5e4b9716954ec6b70f11b0d8c6a0ccc
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close