all things security
Showing 1 - 15 of 15 RSS Feed

Files Date: 2012-01-02

Fwknop Port Knocking Utility 2.0
Posted Jan 2, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.
tags | tool, scanner, vulnerability
systems | unix
MD5 | b2ee477140d9e92466c9c6f267442625
Mandriva Linux Security Advisory 2012-002
Posted Jan 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0764
MD5 | f217f0cbdeb4cdf6ff29c4c32bee4100
WordPress 3.3 Cross Site Scripting
Posted Jan 2, 2012
Authored by Aditya Modha, Samir Shah

WordPress version 3.3 suffers from a cross site scripting vulnerability during a 500 response when flagging a comment as a duplicate.

tags | exploit, xss
systems | linux
MD5 | 118982043e3b0cc5c45e8d1ab8965508
Debian Security Advisory 2377-1
Posted Jan 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2377-1 - It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-3481
MD5 | 3f5b64e35588290829a65a2b6f0b4282
Mandos Encrypted File System Unattended Reboot Utility 1.5.1
Posted Jan 2, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This version includes the intro (8mandos) manual page, which was missing since the migration from the README file in version 1.4.0.
tags | remote, root
systems | linux, unix
MD5 | c37ef0623d49f6fac7d0c798eee0e0b6
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 8e19ae8abd2570913871373fe04844fa
Mandriva Linux Security Advisory 2012-001
Posted Jan 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-001 - The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, cgi, perl
systems | linux, mandriva
advisories | CVE-2011-2766
MD5 | 529888813b40fb85374851aed71317f4
FuseTalk Forums 3.2 Cross Site Scripting
Posted Jan 2, 2012
Authored by Sony

FuseTalk Forums version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cdc6ae57df5283ea8e6c01a49e250c04
Digital Whisper Electronic Magazine #28
Posted Jan 2, 2012
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 28. Written in Hebrew.

tags | magazine
MD5 | 84db63737a911b69ae361efdc9404356
Plogger Photo Gallery SQL Injection
Posted Jan 2, 2012
Authored by Cyber White Hats

Plogger Photo Gallery suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c3a0e214a5af2e7e9560d6291d1ac953
PHP 5.3.x Hash Collision Proof Of Concept Code
Posted Jan 2, 2012
Authored by FireFart

PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

tags | exploit, denial of service, php, proof of concept, python
advisories | CVE-2011-4885
MD5 | c23b07efa16d41564f4a7be8c084fc11
Secunia Security Advisory 47381
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in TORQUE, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 0b9cab0edb8f6e544ca8dba0ebae5551
Secunia Security Advisory 47425
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 9c71ab9443f4e94916ff9493551bfcf7
Secunia Security Advisory 47436
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the JE Poll component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 988c16ac726b266b25203cfee06ecdc6
Secunia Security Advisory 47345
Posted Jan 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for cyrus-imapd-2.2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
MD5 | a3b842324c32538f0e9cde08c88fc902
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close