Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
4554002d32644cd94228e9a5d7c1b0dbe998b92b445afaaffb4b8e89df0a1e51Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
317112d0375dbc9e23be2e255ee187af8d0fa5fb29299abfe8b8d130b8d1d88dDrupal OG Features third party module version 6.x suffers from an access bypass vulnerability.
0e46e3aa1239d74e1e346db1ed3c16a5436a8b0d549a254953a7cbcd791f0346Debian Linux Security Advisory 2810-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
28b019f524a64743ec460f68ab70ab7ac979705a857dececbe230f6b35ef3745Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.
8cf75779505f2c2d90a0e3c0b819ef71e8ce28e7a5c7874d20b80f024dd05ae3Red Hat Security Advisory 2013-1786-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.
b4239fdd2a4e71d1e6e62e00895c7cfbae6457fb0cc3b5342e9886c01cac6a50Red Hat Security Advisory 2013-1785-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.
ea3902bc07a3ee86db91f430c81eab792bb3089be615154451b8e02cc89d0b4eRed Hat Security Advisory 2013-1784-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.
3d79d871d2630b48e2fc1c3b93e55f5a17daeb2857f7bdc2bfb3a25dcecc22dcThe Try Before You Buy feature in Amazon's Application Store allows an external party to test software prior to download. Poor sandboxing and failed security controls allowed a malicious attacker the ability to perform portscanning of AWS backend services, spawn rogue services in the AWS cloud, and much more.
d565b306507e35d03c17757cc4c999aeb15676ec12278c2bf3d330d3c0b7bde0Steinberg MyMp3PRO version 5.0 SEH buffer overflow exploit that creates a malicious .m3u file.
39cc361df2f7063c2a12126f69d1fce7c8ec59f9b90439dd624ddd4fc9dc2b37Steinberg MyMp3PRO version 5.0 buffer overflow exploit that has DEP bypass with ROP that creates a malicious .m3u file.
6ed484da87761424edd593c4eda2edde913572148dc573edc72c6208909dd7d8Steinberg MyMp3PRO version 5.0 buffer overflow exploit that creates a malicious .m3u file.
5e542aa5f8d2e6093b778202d1177da67ab540039859bcd4a9b9ca808e97ccc2Imagam iFiles version 1.16.0 suffers from file inclusion, command injection, and remote shell upload vulnerabilities.
ed2c4d8a6ab28dcf41160d1347652e9faaa885ec6c322da030d20dda9486f46cHTMLPurifier version 4.5.0 suffers from a hash length extension attack that allows for signature forgery.
4bd1df9be9ff5c6ca4be402f6cdef80c798e6ed1767e39b883afeccdc7ce7777Joomla Hotornot2 component suffers from a remote code execution vulnerability via a shell upload.
57c6ef0042333393f7da14f257ea50e899e05e9b18c943bee6131f7ad579b185VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
8f9cff72a0ccf5698417351f83db26499274ced107b280c2dbb84eec5ebddcb1McAfee Email Gateway version 7.6 suffers from remote command execution and remote SQL injection vulnerabilities.
7172a81dff8369131711642e7e104a07c0f78271d32b91deced3c5b456750eb2Hex Workshop version 6.7 suffers from a DLL hijacking vulnerability in mfc100trk.dll.
a7a06b23d049b283e43ac0d132546939d1d79909e8a873ee076c44624473b01dOpenCart version 1.5.6 suffers from cross site scripting, path disclosure, and remote file upload vulnerabilities.
371e1add9d841cd724ecebaaf12aa30d8f618c80bf66d43adecbdfa1460b8157pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB).
cead6750ebf4e048bedf3785c081a076646d9ac0c3cbb69969ede77feb3833c6MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability.
fbd9482c8025c99f1db3846350ceee2b43d7498a1499d6e009ebd5dfd16c551dDigital Whisper Electronic Magazine issue 47. Written in Hebrew.
6c05dbfa043193bf308c38da837ded56ea5b98da8239be75495c8763472823caMicrosoft Windows NDPROXY local SYSTEM privilege escalation exploit.
dd6bdb68bcaccda8d1acd0e40e21c622c59fee9f99c088434f4131899b2cdfed
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed