exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2012-01-02

Fwknop Port Knocking Utility 2.0
Posted Jan 2, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | e272a89bb05740d89b6d0eef96460f165e52b285cb635d39794bf0db91a8a7d5
Mandriva Linux Security Advisory 2012-002
Posted Jan 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0764
SHA-256 | 60428b231e6e685f90934eef256d10a1f276a4dc719c3d75122cf6e911385901
WordPress 3.3 Cross Site Scripting
Posted Jan 2, 2012
Authored by Aditya Modha, Samir Shah

WordPress version 3.3 suffers from a cross site scripting vulnerability during a 500 response when flagging a comment as a duplicate.

tags | exploit, xss
systems | linux
SHA-256 | 7e7f614355b2219cf1f6dc3c6b51dbfba33a39b627db55ee1b3e1189cf9ebe2b
Debian Security Advisory 2377-1
Posted Jan 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2377-1 - It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-3481
SHA-256 | 14e886dd64794f4903819907a35afc505014e384c7107e2722545359da6f7a97
Mandos Encrypted File System Unattended Reboot Utility 1.5.1
Posted Jan 2, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This version includes the intro (8mandos) manual page, which was missing since the migration from the README file in version 1.4.0.
tags | remote, root
systems | linux, unix
SHA-256 | 89816a35b8a9f04b4fc04c98f299607cd9a53676aa94bc1a7651f622d3302f2b
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36
Mandriva Linux Security Advisory 2012-001
Posted Jan 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-001 - The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, cgi, perl
systems | linux, mandriva
advisories | CVE-2011-2766
SHA-256 | 8d2423bc16115f636ca68a4804864ce61b2388e41adacf7b62eff39a085a9e89
FuseTalk Forums 3.2 Cross Site Scripting
Posted Jan 2, 2012
Authored by Sony

FuseTalk Forums version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4cb9ddf9f90ee6b1dd5df043085228ede140042b3a356462e5fe32aa37d4a091
Digital Whisper Electronic Magazine #28
Posted Jan 2, 2012
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 28. Written in Hebrew.

tags | magazine
SHA-256 | 87f4fb018f3f0219f652fcc490d7dcb143211a48d5cc097e7bbb7a2033797e58
Plogger Photo Gallery SQL Injection
Posted Jan 2, 2012
Authored by Cyber White Hats

Plogger Photo Gallery suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9e0cd3d5d4a2c0b373c70f0581a33cfcdc5478916e8f3ad6558bf64ac1aafe83
PHP 5.3.x Hash Collision Proof Of Concept Code
Posted Jan 2, 2012
Authored by FireFart

PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

tags | exploit, denial of service, php, proof of concept, python
advisories | CVE-2011-4885
SHA-256 | a40ed8e7683bd70412b64514013eea3551071db4f39c244052a9d36f89460954
Secunia Security Advisory 47381
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in TORQUE, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 0d0620b52fc6be45a55604fe59ddf6ca94d08cc71ef5952080a0913692365cd3
Secunia Security Advisory 47425
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 4fe0e61526839307a97aacd68f00d01922fc4958c621a14de96b9d175948e2d8
Secunia Security Advisory 47436
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the JE Poll component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d678875141a8a2bb3cceb80d3705cc45aa1077e5eed017b8f21e6972e7633910
Secunia Security Advisory 47345
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for cyrus-imapd-2.2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 388440da31d001b51664ab517a2b51fdb4c42a76009aab3085a7dcc65bb2aa1f
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close