exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-04-14

Fwknop Port Knocking Utility 2.6.1
Posted Apr 14, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When SPA packets are built with GnuPG, the fwknopd daemon now requires a valid GnuPG signature by default, and a new variable GPG_DISABLE_SIG was added for backwards compatibility (but using this is not a recommended configuration). A bug was fixed in fwknopd for a memory in SPA packet decryption when GnuPG is used. A new code coverage mode was added to the test suite to interface with the 'lcov' tool. Several other minor bugs were fixed.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | fefe71bc82b13c396c9783e78663a1a6faf83cea01138da7c626e451249b8ce2
Ubuntu Security Notice USN-2167-1
Posted Apr 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2167-1 - Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, web, protocol
systems | linux, ubuntu
advisories | CVE-2014-0138, CVE-2014-0139
SHA-256 | d2b70d65e2f00a87b476048dbbdf46b1ba245dc916bb699db1c4197934f87024
Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823e
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 884c2290b52cd9e01634db919d477a8981b15a764efe9bb37401b8a31a1d82ba
Ubuntu Security Notice USN-2166-1
Posted Apr 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2166-1 - Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-6151, CVE-2014-2284, CVE-2014-2285, CVE-2014-2310
SHA-256 | 2d862fdbbedba3e69543d118bff35f5b2daedc4accbeba0c55ef27fe30821eee
PDF Album 1.7 Local File Inclusion
Posted Apr 14, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PDF Album version 1.7 for iOS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
systems | apple, ios
SHA-256 | 66cdcedbd04920c8a4ed864f320c034c8c3f3060a833ede19baee91c2c19bfad
HP Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 9.40 of HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux are affected.

tags | exploit
systems | linux
advisories | CVE-2013-6216
SHA-256 | 4616ed05d73796339b56863cd74126065f2db7cca61db513f69ee6a4dd874c0f
BMC Patrol For AIX Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.

tags | exploit
systems | aix
advisories | CVE-2014-2591
SHA-256 | d7bb7e62af377661d9e0fc40ac344b19949122236037b9511fb75a879d085add
MS14-012 Internet Explorer CMarkup Use-After-Free
Posted Apr 14, 2014
Authored by Jean-Jamil Khalife

Microsoft Internet Explorer CMarkup use-after-free exploit that demonstrates the issue documented in MS14-012.

tags | exploit
advisories | CVE-2014-0322
SHA-256 | c372cfa21ed6ed039af78c69c1242e4a591d2b3c923280149f5e686dbcd28be0
Joomla BeaconDecode Cross Site Scripting
Posted Apr 14, 2014
Authored by Renzi

The Joomla BeaconDecode component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 246d3ac6ff9bedeeee5714e263d3feeb085e0567311d93dced373fa7355869bc
PHP Event Calendar SQL Injection
Posted Apr 14, 2014
Authored by Daniel Godoy

PHP Event Calendar suffers from a remote SQL injection vulnerability in day_view.php.

tags | exploit, remote, php, sql injection
SHA-256 | f2e5f97ec1c421bce7a7e7d28f1d98f1baf6873f75e6a7451aeb4db0d150ce4e
CMS Int24 SQL Injection
Posted Apr 14, 2014
Authored by Renzi

CMS Int24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d12be2741add1e1a5e5b7ab2f2cb8532476008dddec78fc15faa87b5ee7f608b
WordPress LineNity Local File Inclusion
Posted Apr 14, 2014
Authored by Felipe Andrian Peixoto

WordPress LineNity theme suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 36f6fffb4654c309248b74d286caf14ff027a0fafa757ba8eff1770f03237d7b
PE Injection Explained
Posted Apr 14, 2014
Authored by Emeric Nasi

Whitepaper called PE Injection Explained. Injecting code into other process memory is generally limited to shellcodes, either to hide the shellcode from Antivirus or to inject a DLL. The method described here is more powerful and enables you to inject and run a complete PE module inside another process' memory, including the possibility to call any system or runtime API with plain C++. It relies only on documented features and C++, no assembly knowledge required.

tags | paper, shellcode
SHA-256 | 3f9c36022b09f6b3441e15b7fa94326ee950d204371a442571a58498d27b505c
Joomla EWriting Cross Site Scripting
Posted Apr 14, 2014
Authored by Renzi

The Joomla EWriting component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b0cbc36bb25288d02b019c76fd7c07d44954053ac3c4c5ec7a9116d986bf13fe
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close