what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2011-05-25

w3af Web Application Attack and Audit Framework 1.0
Posted May 25, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.
tags | remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 9aaa651e706fe0c4c2cff95879d614cdcb9791e5120cccc527fcb82922d76fc8
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.2
Posted May 25, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The IKEv2 daemon supports negotiation of Extended Sequence Numbers (ESN) in conjunction with the Linux 2.6.39 kernel. The whitelist plugin allows whitelisting of users with X.509 certificate credentials. The eap-sim-pcsc plugin implements a pcsc-lite based SIM card backend.
tags | kernel, encryption
systems | linux, unix
SHA-256 | 88eeebfe9df6d18f320f396c7236f907e7a34c27f8382c7ce6e4239a7ecce31b
OATH Toolkit 1.10.0
Posted May 25, 2011
Site nongnu.org

The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: New TOTP validation functions that return search position were added. Usersfile and PAM module can now validate TOTP as well.
tags | tool
systems | unix
SHA-256 | d9d6180b7b22fe7cf624753c4bf2dc400da1e1aa6ef30d21358e3a3e2a5c9c14
Debian Security Advisory 2240-1
Posted May 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2240-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2010-3875, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1016, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1090, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1476, CVE-2011-1477, CVE-2011-1478, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746
SHA-256 | e80a5985f8ab30d0e1b27069f1a8ac244b9edc0a3bb35aa75124e26c94b75e19
Remote Timing Attacks Are Still Practical
Posted May 25, 2011
Authored by Nicola Tuveri, Billy Bob Brumley

This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.

tags | exploit, paper, crypto, vulnerability
SHA-256 | a639445448cf4d50a71d847a0554fa7ab0640e8c63cc63998bd97f803f5b3b40
Secunia Security Advisory 44683
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | fa22346a655a7c732c704bed8ec712950d8e1e333a0cea4995a2a1081504da85
Clipbucket 2.4 RC2 645 SQL Injection
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
SHA-256 | 6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538
eGroupware 1.8.001.20110421 Local File Inclusion
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 07ccc0d9a68de349319a1eceb37a6094b2810ad1e924bc4870669646a7b55753
eGroupware 1.8.001.20110421 Open Redirect
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.

tags | exploit, arbitrary
SHA-256 | b4a29e3964e1d7bd72995d10043cf6c74cf999a044fb3fe26884221a0473da93
Digital Forensics Framework 1.1.0
Posted May 25, 2011
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: The GUI is now available in Chinese and also fully supports Unicode. An AFF dump connector has been added, based on AFFLib by Simson L. Garfinkel. Another new module allows you to extract mailbox contents from PST, OST, and PAB files, while also recovering deleted, orphaned files, and unallocated clusters, based on Joachim Metz's LibPFF. A new cache system was added for File Mapping and File Descriptor, and new time stamps handling was added. FAT orphaned files scan and attributes have been improved. A bug when adding devices and files on Windows several times has been fixed. FAT and NTFS modules have also been fixed.
tags | tool, forensics
systems | unix
SHA-256 | 0dab2e10f9c2cb2d1363b51284e9616725f85e84aea58719848f41626fa894d1
Ubuntu Security Notice USN-1134-1
Posted May 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0419, CVE-2011-1928
SHA-256 | 33d0bcbf01e80fbf4f6e0b746d2ea03df29467c9bd9d72f3c02f2b79dfede4f4
Debian Security Advisory 2239-1
Posted May 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2239-1 - Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected.

tags | advisory, web, cgi, perl, vulnerability, xss
systems | linux, debian
advisories | CVE-2010-4802, CVE-2010-4803, CVE-2011-1841
SHA-256 | 32a0b722e699971999dfac760e81d5ed750b47e2f3773d75c1d7af752653e626
PHP Socket connect() Stack Buffer Overflow
Posted May 25, 2011
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

PHP socket connect() stack buffer overflow proof of concept code.

tags | exploit, overflow, php, proof of concept
advisories | CVE-2011-1938
SHA-256 | 6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9
Secunia Security Advisory 44674
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Vordel Gateway, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | bbf9b946747ff2c4e74f8a13893f385cf6eb0fb986191a2e6465daa120d21b7b
Secunia Security Advisory 44678
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3c5fde1929cc78f8310fb171a37fcc12487b03321c43fb7e87ce6832e46a725b
Secunia Security Advisory 44695
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libmodplug. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | 677187a5445b106b2b63f434fc97365e36f004623734924802e9cd15e17cfc36
Secunia Security Advisory 44699
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, suse
SHA-256 | be76f702ecd7cf0a6e8467e79b6646856fd8a202cadbfdac466fc8d10e5e2eb4
Secunia Security Advisory 44679
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for apr. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 34f14a6b411912a4db5433626bb325d85924a0628c1f0c64b8e24ec2995ebef6
Secunia Security Advisory 44644
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | fbd93a9507a162808eda982ef8c09f455d8e8c7a4e0408322fd4d2c0383ffffd
Secunia Security Advisory 44691
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in ClipBucket, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 5e92b9fa6e47819229133797b6e5351199f42b88f3899465797de607ded572ed
Secunia Security Advisory 44694
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, fedora
SHA-256 | 4b2ec4a4513c0405aa71d087deaad0ee479fa8fb637f1807ab4ad4c34e52d8c2
Secunia Security Advisory 44672
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for exim. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, suse
SHA-256 | 9c18c6efe8e945a492ca7f103d0b4e1732bbd22559aed235450c00944eb4113d
Secunia Security Advisory 44685
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | d41fa13e62d59f43e27f9d798952191ee7648b6dec19267e444994d687ba93b4
Secunia Security Advisory 44415
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the JE Story submit component for Joomla!, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 4f30bb7d38e361c2464c7b8eaf012ac3efbd4d274cb34b01ea8c3741a4157336
Secunia Security Advisory 44686
Posted May 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability and a security issue have been discovered in MidiCMS Website Builder, which can be exploited by malicious people to conduct cross-site request forgery and bypass certain security restrictions.

tags | advisory, csrf
SHA-256 | b32a0008a2ae0c35c8769d5a153fc7fe2e319d38c1b9a35c294a6c68a68063de
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close