what you don't know can hurt you
Showing 1 - 25 of 30 RSS Feed

Files Date: 2012-12-22

GNUnet P2P Framework 0.9.5
Posted Dec 22, 2012
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This release adds support for non-anonymous data transfers over multiple hops (if both publisher and replicator are using an anonymity level of zero). It fixes various bugs and includes cosmetic improvements in the gnunet-setup and gnunet-fs-gtk user interfaces.
tags | tool, web, udp, tcp, peer2peer
systems | unix
MD5 | 61530968e03f5ff45b62d304680b4641
Entropy Broker RNG 2.1
Posted Dec 22, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: This release adds a Web interface for viewing usage statistics, per-user bandwidth limits, and many small fixes.
tags | encryption
systems | linux
MD5 | db1ea8c8a742391f553616ceee3435d6
Bluefog 0.0.2
Posted Dec 22, 2012
Authored by Tom Nardi | Site digifail.com

Bluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously.

Changes: This release is in the very early stages of development and there are some areas of the software which need attention and improvement. There is currently very little in the way of error checking.
tags | tool, wireless
systems | unix
MD5 | 4ff79348d3e5eb01bc5ee1b438bb5a90
CubeCart 3.0.20 SQL Injection
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart version 3.0.20 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 6f6df37a276b072075c1f4d970442031
CubeCart 3.0.20 Shell Upload
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 3.0.20 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 21630074c8ea0abab8139bc0cd1bb5d4
CubeCart 3.0.20 Cross Site Scripting
Posted Dec 22, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 3.0.20 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 19270a2ee5a5ef693a251a20914c6a5d
Username Anarchy 0.2
Posted Dec 22, 2012
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

Username-Anarchy is for generating usernames when penetration testing. It is useful for user enumeration and username/password brute forcing. Features include format-style style username formats, common first and lastnames from countries around the world, the facebook names lists, and substitution of common names when details aren't known, e.g. when you know a user's initial. Common aliases or self chosen usernames scraped from forums, and a name extractor are also included.

tags | tool
systems | unix
MD5 | c41eea4cd1b0d948512f90d61671e89a
Smoke Loader SQL Injection
Posted Dec 22, 2012
Authored by Ian

The Smoke Loader HTTP-based exploit kit suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 1d0e201ecb583a129d01840e39ca1107
Security Notice For CA IdentityMinder
Posted Dec 22, 2012
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2012-6299, CVE-2012-6298
MD5 | 327aeba374b1c9367327956b04292c33
Microsoft Security Bulletin Re-Release For December, 2012
Posted Dec 22, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for December, 2012.

tags | advisory
MD5 | 673734af73c7775dc5a7f7c000d66234
In Memory Fuzzing In Java
Posted Dec 22, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Nowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.

tags | paper, vulnerability, fuzzer
MD5 | c9161767d4221dbf18b7d50376667c83
Zero Day Initiative Advisory 12-203
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2054
MD5 | 85ff551f656d3bd7b3f1f9561df4f847
Zero Day Initiative Advisory 12-202
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WordPerfect files. When parsing font records the code within vswp5.dll does not validate the datasize value prior to performing arithmetic on it. The result is used to make a heap allocation that can be undersized which can be leveraged to corrupt memory leading to arbitrary code execution under the context of the user running the application.

tags | advisory, remote, arbitrary, code execution
MD5 | 200409c7c2742426e83a2374bab96d4b
Zero Day Initiative Advisory 12-201
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0182
MD5 | 7f16fe78a03e05dbd96d028cb8b89b50
Zero Day Initiative Advisory 12-200
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-200 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles CTreeNode objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. The issue lies in a possible type confusion between a CTreeNode object and an ISpanQualifier instance during the layout of a document being performed. An attacker can leverage this vulnerability to execute code under the context of the current process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-2548
MD5 | eb6da2a19a550a626980bfdd6f55ca85
Zero Day Initiative Advisory 12-198
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-198 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles CMarkup objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-2557
MD5 | a9175d8d99de5defd797ddf713f63566
Zero Day Initiative Advisory 12-197
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2012-1682
MD5 | 132ba214535b200f9973186aaa773eb2
Zero Day Initiative Advisory 12-196
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. A properly encoded BER chunk could cause an integer size value to wrap before buffer allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0417
MD5 | 5fdf72274f2cf8636c74ad0a7b3bcff1
Zero Day Initiative Advisory 12-195
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0928
MD5 | 490def262dd87a99054b1823911c91e3
Zero Day Initiative Advisory 12-194
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-194 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-1878
MD5 | 2bd45e40df3b48c4c722b0b295eef8ca
Zero Day Initiative Advisory 12-193
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-1879
MD5 | 91aebf296c94f4eacc82a27fa178025b
Sony PC Companion 2.1 Admin_RemoveDirectory() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
MD5 | 293584a42c8079634ab7ad1ba3b98c70
Sony PC Companion 2.1 CheckCompatibility() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'OrgHeartBeat' item in the CheckCompatibility function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
MD5 | 39329a15f8f679985cab571fd7950086
Sony PC Companion 2.1 Load() Unicode Buffer Overflow
Posted Dec 22, 2012
Authored by LiquidWorm | Site zeroscience.mk

Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'File' item in the Load function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
MD5 | a0697baaad720a9b27fb246433fdcba0
Windows Hacking For Newbies
Posted Dec 22, 2012
Authored by Agd_Scorp

This is a brief whitepaper discussing hacking Microsoft Windows. Written in Turkish.

tags | paper
systems | windows
MD5 | 9b69b1edc4a9fc087633fbcf198afd55
Page 1 of 2
Back12Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    5 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close