Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
2207203916300a941ef91bb9840ffeb11378e996d7ea1b05693921744df6b351Drupal Language Switcher Dropdown third party module version 7.x suffers from an open redirection vulnerability.
c7d3f98b446232bfc02e2c666e1c4989457b17a78ce566716595552b111aa50bCapstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
5d871b1e52047d1b2882bbcc6f049205ba6acc8d55d746937d22af5d0b33fa9eDrupal Leaflet third party module version 7.x suffers from an access bypass vulnerability.
516143b82b867e2a2beb54d2ed26c0593f01739e3200a04b790d410e5317dbf5MW6 Technologies has various active-x controls that suffer from buffer overflow vulnerabilities. Proof of concept code is included.
b3db5798c19a3d2d9c36503ff3c6adae47330561e39499f1617feed1f951c20cDrupal Doubleclick for Publishers third party module version 7.x suffers from a cross site scripting vulnerability.
f902da27306de87a80c9c84bdc766fd5c1449fa544574705accd4a39934242f7Drupal Secure Cookie Data third party module version 7.x suffers from information disclosure and hard-coded secret vulnerabilities.
4c08ac10a10f5bae37413be1bd380971d4832c6ed47f59d5ea911658a9dca655Cisco Security Advisory - Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.
c88a409a5e50a1a1f31d782849ddffaa663f743e73a72b4ed1e22d4942c82573Cisco Security Advisory - Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded.
15cf5853289c693600f1414617a36ae2271a57f0d6da1dbefa05decd97577fc5Cisco Security Advisory - Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel) causing all calls to be terminated and preventing users from making new calls.
7bf78f90829a756e48cf1496b1257ee9c7cbdd2b8919722e8e1bbb110f44ab36Mandriva Linux Security Advisory 2014-020 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
f497ed58fe819404fa09b48ffaeab9b2769c44673fdfd53039e827b4189cb3c9Red Hat Security Advisory 2014-0089-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.
c50959b9d41dd39d2fd6d966353e83b422fa7a6cf1c6c8fd1c7e4f807fe7ade4Red Hat Security Advisory 2014-0091-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.
7a6024a5034a169ceae9763c64a8c54d3106efa99634fc821770cf61e9d34f55Red Hat Security Advisory 2014-0090-01 - The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could use the CreateStack or UpdateStack methods to create or update a stack, resulting in a violation of the API policy. Note that only setups using Orchestration's cloudformation-compatible API were affected. A flaw was found in the way Orchestration's REST API implementation handled modified request paths. An authenticated remote user could use this flaw to bypass the tenant-scoping restriction by modifying the request path, resulting in privilege escalation. Note that only setups using Orchestration's cloudformation-compatible API were affected.
4eef99862e59c551295d7917e5c785068040a4c30d7833175e952cee56708be2Mandriva Linux Security Advisory 2014-019 - When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue.
95452e7d3693c1c3c86c03e26fa8950b3f943e92aac0d719122e1810e61471dcMandriva Linux Security Advisory 2014-018 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
479e81439c0d26b024653339e67bcc26a11f63393821e9cf087d17a41abac8faMandriva Linux Security Advisory 2014-017 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. This update also fixes two other minor issues: IPADDRESS size in python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.
eb476709985a25b1ea4c65839954fca812a6aae0097cf8170adb45d45e7329acMandriva Linux Security Advisory 2014-016 - A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
60b532f68791dc2bf52f112aef543df19722dfa602956cbcf011687f01d6a4e4Mandriva Linux Security Advisory 2014-015 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.
c44b363f15f84b64f144f627526dde5cb5a1d7a345a73f145f5638ee62d1d767A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.
65c2ed19eba0758f8c760b12d4765618e61203e44d05a5145cb0d2a79e35d225Multiple modern browsers have failed to mitigate a cross site scripting scenario leveraging the srcdoc attribute of an IFRAME tag.
ecb1de8034a9a2065500be16c12903e53f7becc90f5fc45baf13132b1914b434
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed