what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-01-21

PLC Device Scanner
Posted Jan 21, 2013
Authored by Dmitry Efanov | Site ptsecurity.com

This is a tool written in Python that will scan for PLC devices over s7comm or modbus protocols.

tags | tool, protocol, python
systems | linux, unix
SHA-256 | 0e1237d54b50e53df44840fb5a1c59f2b1e9d796ffe3149af9d4be819555e677
EMC Avamar Client Privilege Elevation
Posted Jan 21, 2013
Site emc.com

The Avamar affected client process runs as root and after each backup it leaves the cache files as world readable and writable. While the cache files themselves do not contain sensitive information, when the parent directory is world-writable, the cache files could be used by an attacker to elevate the privileges when a system-level backup is performed. The non-root user can create symbolic links to obtain unauthorized access to files on the affected system. Versions affected include EMC Avamar HP-UX Client 4.x, 5.x and 6.x, EMC Avamar Mac OS Client 4.x, 5.x and 6.x, and EMC Avamar Plugin for Oracle 4.x, 5.x and 6.x.

tags | advisory, root
systems | hpux
advisories | CVE-2012-2291
SHA-256 | 6d23b1eaba37b7441a5ae44384b647fe91db54567726e5da4f9dfce5acbcc994
EMC AlphaStor 4.0 Code Execution
Posted Jan 21, 2013
Authored by Aniway | Site emc.com

EMC AlphaStor version 4.0 prior to build 800 suffers from code execution and format string vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2013-0928, CVE-2013-0929
SHA-256 | e553b534252e9057c149a87cfdcee80ce12b2835916a738c969d3283215bdd6b
DNSChef 0.2.1
Posted Jan 21, 2013
Authored by Peter Kacherginsky | Site thesprawl.org

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

Changes: Fixed a compatibility bug with older Python 2.6 interpreters.
tags | local
systems | unix
SHA-256 | b6991534723c3d26ea8eda3600cfcd6cb8e2a107384744e001a49da46c3db92f
Siemens Simatic WinCC 7.x Hardening Guide
Posted Jan 21, 2013
Site ptsecurity.com

This is a SCADA security hardening guide for Siemens Simatic WinCC version 7.x.

tags | paper
SHA-256 | 1f64be3d914e4a288a0197041552ae70d5dca310f320329c7321f28520e5cbf3
Siemens Simatic WinCC Flexible 2008 Security Hardening Guide
Posted Jan 21, 2013
Site ptsecurity.com

Siemens Simatic WinCC Flexible 2008 security hardening guide.

tags | paper
SHA-256 | cd89bd1a113448a177132b9cbddb4efcf520c705c18777b21fc760d3018bb5a4
WinCC Under X-Rays
Posted Jan 21, 2013
Authored by Sergey Gordeychik, Gleb Gritsai, Denis Baranov | Site ptsecurity.com

These are slides from a presentation call WinCC Under X-Rays.

tags | paper
SHA-256 | 48affd9265f6129d8e1b9288f64659adda11ce5640c00598776b5fa4cc425985
Simatic WinCC Information Harvester
Posted Jan 21, 2013
Authored by Gleb Gritsai, Vyacheslav Egoshin, Dmitry Nagibin | Site metasploit.com

This Metasploit module receives sensitive information from the WinCC database.

tags | exploit
SHA-256 | 627da9137aaf5c71b77b876b03bb54d07c3d0135bcd88283a54933c5111a7071
ICS / SCADA / PLC Google / Shodanhq Cheat Sheet
Posted Jan 21, 2013
Authored by Yuri Goltsev, Gleb Gritsai, Alexander Timorin, Roman Ilin | Site ptsecurity.com

This document illustrates multiple ways to identify multiple SCADA systems.

tags | paper
SHA-256 | 4a6fa6642d990c8dd6fd4923a4888e0ece61a8ec460784de6393c1c946926834
S7 Password Offline Bruteforce Tool
Posted Jan 21, 2013
Authored by Alexander Timorin, Dmitry Sklyarov | Site ptsecurity.com

S7 Password offline bruteforcing tool written in Python.

tags | cracker, python
SHA-256 | 878839bd23896003334de59ea25bee609cb1e1ed6bc559a6d7ff2fd0ba72c3a3
NConf 1.3 SQL Injection
Posted Jan 21, 2013
Authored by haidao

NConf version 1.3 suffers from remote blind SQL injection vulnerabilities in multiple parameters.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | b1c08148508f6134c9f0d2851f20846c44f57baf8af88b56e5f775466bb1906b
WordPress Developer Formatter Cross Site Request Forgery
Posted Jan 21, 2013
Authored by Junaid Hussain

WordPress Developer Formatter plugin suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 78e285d9f5fc77132dd3df5c0d64b44914f8e50ebd1bd70540d302691be72048
Secunia Security Advisory 50674
Posted Jan 21, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 4ee1bf71cc035aea698372560f8c852c41491a1161de2510069e30a2846ae343
Secunia Security Advisory 51842
Posted Jan 21, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple weaknesses, two security issues, and multiple vulnerabilities have been reported in Moodle, where one has an unknown impact and the others can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing and cross-site request forgery attacks and disclose potentially sensitive information.

tags | advisory, spoof, vulnerability, csrf
SHA-256 | d7115e8feeb83f996fb130b8f96fc4dcf4c8718098cdcfed5f28cf75665d1621
Joomla GarysCookBook 3.0.x Shell Upload
Posted Jan 21, 2013
Authored by KedAns-Dz

Joomla GarysCookBook version 3.0.x suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 126ffd8e875a7e1ec877fe617947622987f1cd173737ab8cf94795ba740a3f55
PHP Data Stream File Inclusion To Command Execution Tool
Posted Jan 21, 2013
Authored by infodox

This is a small proof of concept tool that leverages the data:// stream to gain remote code execution from a file inclusion vulnerability.

tags | remote, code execution, proof of concept, file inclusion
SHA-256 | c8c8bbfa963434111dffb850c77790720a4f7b2c74f7310ff876ccea44eb66f6
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    14 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By