seeing is believing
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-01-13

Fwknop Port Knocking Utility 2.6.0
Posted Jan 13, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release adds HMAC support to the Android client, adds an AppArmor policy for the fwknop daemon, adds support for building on Mac OS X "Mavericks", and adds a new Valgrind test mode via the CPAN Test::Valgrind module. A few bugs were fixed with dealing with GnuPG encryption modes in the fwknopd daemon, and the fwknop project has a Coverity defect score of zero.
tags | tool, scanner, vulnerability
systems | unix
MD5 | 9cce1fe4ef577179ebdf4715fd92946d
HP Security Bulletin HPSBUX02960 SSRT101419
Posted Jan 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02960 SSRT101419 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-5211
MD5 | 51a09dbf598df7aaaaf8b0217d96d386
Secure rm 1.2.12
Posted Jan 13, 2014
Authored by Matthew Gauthier | Site srm.sourceforge.net

Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: This release securely overwrites POSIX extended attributes. On Windows, it handles NTFS hard links and alternate data streams.
tags | tool
systems | unix
MD5 | 254652521e06e7f93f9dfeef385d0485
Debian Security Advisory 2843-1
Posted Jan 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2843-1 - Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. following issues.

tags | advisory, overflow, vulnerability
systems | linux, debian
advisories | CVE-2014-0978, CVE-2014-1236
MD5 | c8e8bf9ec155c7b66caa3c82f49fbfbe
Mandriva Linux Security Advisory 2014-001
Posted Jan 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-001 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service via a VAPIC synchronization operation involving a page-end address. The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service via crafted modifications of the TMICT value. Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a XFS_IOC_ATTRLIST_BY_HANDLE or XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Various other issues have also been addressed.

tags | advisory, denial of service, x86, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2013-6368, CVE-2013-6367, CVE-2013-6382, CVE-2013-4587, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281
MD5 | ce5b870818b833a0ef8f5ea618a6f5d9
Ubuntu Security Notice USN-2081-1
Posted Jan 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2081-1 - Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0591
MD5 | 8c7ca3f2bc1081b692353812ee3cc14f
Ubuntu Security Notice USN-2080-1
Posted Jan 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2080-1 - Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this issue to cause Memcached to crash, resulting in a denial of service. It was discovered that Memcached incorrectly handled SASL authentication. A remote attacker could use this issue to bypass SASL authentication completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4971, CVE-2013-0179, CVE-2013-7239, CVE-2011-4971, CVE-2013-0179, CVE-2013-7239
MD5 | 60bed42c875ad60363331a6fe1fc118c
NETGEAR WNR1000v3 Password Disclosure
Posted Jan 13, 2014
Authored by c1ph04

Netgear WNR1000v3 routers suffer from a flaw in the password recovery flow that allows for disclosure of the plaintext router credentials. The flaw was reported to Netgear in April of 2013 and the vendor has yet to issue a patch. Included is a proof of concept exploit.

tags | exploit, proof of concept, info disclosure
MD5 | 98a82d122386c278a6275ad62de10c6a
Auto Classifieds Script 2.0 Cross Site Request Forgery
Posted Jan 13, 2014
Authored by HackXBack

Auto Classifieds Script version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3a754d5e1f55ab8ec225b463e0dbc52c
Job Listing Script Cross Site Request Forgery / Cross Site Scripting
Posted Jan 13, 2014
Authored by HackXBack

Job Listing Script suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 24b57230aece87183a5f2c72fbf8e7fc
Debian Security Advisory 2842-1
Posted Jan 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2842-1 - Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4152
MD5 | ecde398cbb8e35d652729c01558b45c7
WordPress DT Chocolate Cross Site Scripting
Posted Jan 13, 2014
Authored by TUNISIAN CYBER

WordPress DT Chocolate plugin suffers from a cross site scripting vulnerability in jplayer.swf.

tags | exploit, xss
MD5 | ddaa358a372462c347edf7fa4bfdf818
Appointment Scheduler 2.0 XSS / CSRF / File Disclosure
Posted Jan 13, 2014
Authored by HackXBack

Appointment Scheduler version 2.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf
MD5 | d3ae0cd5395f2e7f134d72beb354c5c5
Car Rental Script Cross Site Request Forgery / Cross Site Scripting
Posted Jan 13, 2014
Authored by HackXBack

Car Rental Script suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 38ab3a92fd67b24ed7374ca812d602ac
Event Booking Calendar 2.0 CSRF / XSS / SQL Injection
Posted Jan 13, 2014
Authored by HackXBack

Event Booking Calendar version 2.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | cf0c68778a3ec864b9c3042e79b1b536
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close