exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-12-27

FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
SHA-256 | c92e3537ea4a9d4333d9b238da051a9f86ab6782c92ea9627150610dbec5e756
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
SHA-256 | de56ea16374f3970ce64ad7bfe09f78855a3865a7491e05a50722e5299b402de
FreeBSD Security Advisory - named Denial Of Service
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.

tags | advisory, remote
systems | freebsd
advisories | CVE-2011-4313
SHA-256 | 913e895f321d484a5440d6ec9ea44d1a471f516fda6b68d698117be493718a87
GNUnet P2P Framework 0.9.1
Posted Dec 27, 2011
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a bugfix release. Noteworthy improvements include improved keyword extraction from filenames, a better heuristic for file-sharing content migration, and a significant traffic reduction for the network-size estimation protocol. The code now distinguishes between LAN and WAN for bandwidth consumption. Bugfixes include an increased FD_SETSIZE on W32, corrected struct alignment for network messages on W32, and fixes of various crashes (in the datastore, file-sharing, transport, ATS, and hostlist subsystems).
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | f83a4a45e96832c01e4b720f0f694df5e70f207168baa6c0d9edb14f8f00fd46
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 36a982d6aa03aaa511252b1130ed6b0d14a80d24eb675d1ca2e4a1ef05fd6b8e
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | ac457a33c004f3bd3a25772290cda9731e40b46e0e85df2b2dfc7e8e8804b497
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 9f962a1146b166cb12019ea5b182eacc2cc8694e655e19753e3b166705565b31
Red Hat Security Advisory 2011-1852-02
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1852-02 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | 611b0465bb7429b56ae4ca7c0441b264da38bb0f332f78625ca03d057ffe1604
Red Hat Security Advisory 2011-1851-01
Posted Dec 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1851-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | fcc05a1144325e7cb4e0faa7cb26db554864cc40f11c6e788b4e245114f681e2
tForum b0.915 Cross Site Scripting / SQL Injection
Posted Dec 27, 2011
Authored by Hubert Wojciechowski

tForum version b0.915 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ab9dc74bce79ff1eb08653d7dcd4003f8ffe2590b8c952360aa035a7c732ebb9
Mandriva Linux Security Advisory 2011-194
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-194 - A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4599
SHA-256 | 80870225471be4dbbc36d3279c7f2721a9e9b3ac1652fc70a93c9453a26b3f68
Mandriva Linux Security Advisory 2011-193
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-193 - The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4096
SHA-256 | 7cc994dd5dc1c1d61d6b7854d62ddbed4330325a505629aa1262a3dfcded25f0
VIOCAM Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

VIOCAM Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ced89b283ab801d9c746a2d48d4f54ec74029947e444fb85b609f1bb0a35d110
Majalty Group Sites SQL Injection
Posted Dec 27, 2011
Authored by Cyber White Hats

Majalty Group Sites software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 85b90b19175266080f1b3d2aa525790ff029ff9b09a0cd6d4d38b5fad15c6860
NIELD (Network Interface Events Logging Daemon) 0.21
Posted Dec 27, 2011
Authored by Tetsumune KISO | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Changes: This release adds a support of gretap interface, and minor bugfixes.
tags | tool, kernel, system logging
systems | linux, unix
SHA-256 | 475989974d9d0915993570fdc2c42e63acf921adb27049c54b68cda03ec4f225
phpMyAdmin Session Serialized Code Execution
Posted Dec 27, 2011
Authored by M4g

phpMyAdmin versions prior to 3.3.10.2 and 3.4.3.1 Session Serializer arbitrary PHP code execution exploit.

tags | exploit, arbitrary, php, code execution
SHA-256 | 5e7ad567c633e8ad8056175f53ce0b27b0f71ab25dcad559a953f71c06756cc9
Installing I2p On Backtrack
Posted Dec 27, 2011
Authored by r45c4l

This is a detailed paper on how to install I2P on BT5 and configure it with some of the features.

tags | paper
SHA-256 | b32481af975b18b13b23a5d89d868b4f60f315f108708819668c45a2d01b4ee1
Telnetd encrypt_keyid Remote Root
Posted Dec 27, 2011
Authored by NighterMan

Telnetd encrypt_keyid: remote foot function pointer overwrite exploit.

tags | exploit, remote
SHA-256 | a79590f2aac0ce54aceedc5f329505dde52742a4c94513c31be23b59f1cc011b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close