what you don't know can hurt you
Showing 1 - 25 of 30 RSS Feed

Files Date: 2012-12-22

GNUnet P2P Framework 0.9.5
Posted Dec 22, 2012
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This release adds support for non-anonymous data transfers over multiple hops (if both publisher and replicator are using an anonymity level of zero). It fixes various bugs and includes cosmetic improvements in the gnunet-setup and gnunet-fs-gtk user interfaces.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | a3ead6373bc79992401f5d9535628d6ded9ab06cde373fd9fbc56f3e60a69f06
Entropy Broker RNG 2.1
Posted Dec 22, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: This release adds a Web interface for viewing usage statistics, per-user bandwidth limits, and many small fixes.
tags | encryption
systems | linux
SHA-256 | a3f390c0f95d70ab5d90a8cb508fd38446170748012ce225225580bd14f4417e
Bluefog 0.0.2
Posted Dec 22, 2012
Authored by Tom Nardi | Site digifail.com

Bluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously.

Changes: This release is in the very early stages of development and there are some areas of the software which need attention and improvement. There is currently very little in the way of error checking.
tags | tool, wireless
systems | unix
SHA-256 | 314f015aeb557005fea28caeb565b61b37a9c5327343e0331857c2cc9a8904f5
CubeCart 3.0.20 SQL Injection
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart version 3.0.20 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | fc7850e6e21a2032ad53e445d442097fd1c307a1e013f02a32be1ba3086dedf5
CubeCart 3.0.20 Shell Upload
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 3.0.20 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5a4b36cf177e335df069f18ff50a86a8c47e2a1d3366c93ee123d70335c68349
CubeCart 3.0.20 Cross Site Scripting
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 3.0.20 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4e9e580d02f9a087f0f347635b4ca443628ed94ad143811b28fec47d15c58a99
Username Anarchy 0.2
Posted Dec 22, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

Username-Anarchy is for generating usernames when penetration testing. It is useful for user enumeration and username/password brute forcing. Features include format-style style username formats, common first and lastnames from countries around the world, the facebook names lists, and substitution of common names when details aren't known, e.g. when you know a user's initial. Common aliases or self chosen usernames scraped from forums, and a name extractor are also included.

tags | tool
systems | unix
SHA-256 | d3773b90f3bc09016ebd87d970b95e0c0a080095720adaed0329a65ded34b7a8
Smoke Loader SQL Injection
Posted Dec 22, 2012
Authored by Ian

The Smoke Loader HTTP-based exploit kit suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 6168b8bae818826efed5db61c179383059d8815b98419a63863955dba82bf792
Security Notice For CA IdentityMinder
Posted Dec 22, 2012
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2012-6299, CVE-2012-6298
SHA-256 | d49452eb07c7dac5ca08b669f45a87e17032447b86a511ba9d8c52ea0e06bd22
Microsoft Security Bulletin Re-Release For December, 2012
Posted Dec 22, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for December, 2012.

tags | advisory
SHA-256 | ee3022bb406dd30ca0b42496b2f31ab20014ff391788aa9520a1c4d3352aa5c8
In Memory Fuzzing In Java
Posted Dec 22, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Nowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.

tags | paper, vulnerability, fuzzer
SHA-256 | d324a8b16399a62d3aa46f85d06bf87acb81b7d880e66e011e3fd504d541f604
Zero Day Initiative Advisory 12-203
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2054
SHA-256 | 4ac919bae121d6edc00347b47cae4d1aa8f60447c1cb6d2bc673cf9f19bcb690
Zero Day Initiative Advisory 12-202
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WordPerfect files. When parsing font records the code within vswp5.dll does not validate the datasize value prior to performing arithmetic on it. The result is used to make a heap allocation that can be undersized which can be leveraged to corrupt memory leading to arbitrary code execution under the context of the user running the application.

tags | advisory, remote, arbitrary, code execution
SHA-256 | e25b8828258f073e53feb2ed7214be089c7e83bf2ede768f5059e9d62f67d356
Zero Day Initiative Advisory 12-201
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0182
SHA-256 | 948d1a1c70b696b59c4f7f6930d257160fb824f64a669a038c85e9e9a94eba26
Zero Day Initiative Advisory 12-200
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-200 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles CTreeNode objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. The issue lies in a possible type confusion between a CTreeNode object and an ISpanQualifier instance during the layout of a document being performed. An attacker can leverage this vulnerability to execute code under the context of the current process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-2548
SHA-256 | 9313809bc33fb1b4fb3a38bec12fbad0b558ced2ba29bf9080130b1e6f4c1a69
Zero Day Initiative Advisory 12-198
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-198 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles CMarkup objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-2557
SHA-256 | 33a9236b2bbf00faa400719f894ebd849a2e58e54865fdb6c31d0a6035ea1166
Zero Day Initiative Advisory 12-197
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2012-1682
SHA-256 | ab077c5911707f711c03cad8779312d19da18745a195309341ce3f0c4369034a
Zero Day Initiative Advisory 12-196
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. A properly encoded BER chunk could cause an integer size value to wrap before buffer allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0417
SHA-256 | bba3c21ad13c74165c6a0b6ca8048089b232a3b63e5b3c7a0ef0abdc4105aa34
Zero Day Initiative Advisory 12-195
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0928
SHA-256 | c7cccff16755b6dd0a511db5d6754be97c58b343ea337689fdcebe0f24191603
Zero Day Initiative Advisory 12-194
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-194 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-1878
SHA-256 | 5080ffb19be64df4d4334039d0a3ab634c59dca2c29790311825bcd412a63f09
Zero Day Initiative Advisory 12-193
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-1879
SHA-256 | a2f0634cac03e8cc4dd0f69d6b555faafd0373dd4dcab8cca659f3809b20ca01
Sony PC Companion 2.1 Admin_RemoveDirectory() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
SHA-256 | 40ac68c731d79a2fe0247ebf674cfd97861c4839813d2aec0adbd8286d7a26c4
Sony PC Companion 2.1 CheckCompatibility() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'OrgHeartBeat' item in the CheckCompatibility function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
SHA-256 | d3edfac2ecdf4d74991e5ee8aaa6bd4bb66822eacf7e471b1d2ae48150f67cd8
Sony PC Companion 2.1 Load() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'File' item in the Load function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
SHA-256 | 6852777c3ba50005a472c645be4b92305533367f61eeb74043cb82a0116f3cfa
Windows Hacking For Newbies
Posted Dec 22, 2012
Authored by Agd_Scorp

This is a brief whitepaper discussing hacking Microsoft Windows. Written in Turkish.

tags | paper
systems | windows
SHA-256 | de2d365df9c6a4d0bddb1d03a7396dfce2d54305baa7ecea7861272b83d35bc0
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close