Exploit the possiblities
Showing 1 - 25 of 429 RSS Feed

Files Date: 2014-04-01 to 2014-04-30

Fwknop Port Knocking Utility 2.6.2
Posted Apr 29, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: A double free bug in the libfko SPA parser discovered with a new Python SPA payload fuzzer was fixed.
tags | tool, scanner, vulnerability
systems | unix
MD5 | c0c3f32d425576c9f78dea29e3c89dec
Netsniff-NG High Performance Sniffer 0.5.8
Posted Apr 29, 2014
Authored by Tobias Klauser, Daniel Borkmann | Site code.google.com

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: Work has been done in almost all corners of the toolkit, with newly added tools, many new features, performance improvements, bugfixes and cleanups all over the place. The manpages for all tools have been rewritten and the build system was reimplemented from scratch.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
MD5 | 5711c99c44a3b573c9f75599f164ecc2
BarracudaDrive 6.7.1 Cross Site Scripting
Posted Apr 29, 2014
Authored by Shakeel Bhat | Site secpod.com

BarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7f146b9bf6394a2953186ee40905845e
Struts 1 ClassLoader Manipulation
Posted Apr 29, 2014
Authored by Rene Gielen | Site struts.apache.org

Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.

tags | advisory
advisories | CVE-2014-0114
MD5 | 51bfefc7623fa8972b16f2416ca2ad29
HP Security Bulletin HPSBMU03020 2
Posted Apr 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
MD5 | c121f7b62fd2913cabe25cc2ecdcae5e
WAF Bypass Methods
Posted Apr 29, 2014
Authored by Deniz Cevik

This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.

tags | paper, web, bypass
MD5 | 5db5d21ca8c94c8eaa853979e51138b4
Introduction To Android Malware Analysis
Posted Apr 29, 2014
Authored by Ugur Cihan KOC

This whitepaper provides an overview of the tools used in order to analyze malware on Android.

tags | paper
MD5 | 95bb20abfa4a8c8d3164ea326cbcd9f2
Lavarel-Security XSS Filter Bypass
Posted Apr 29, 2014
Authored by Rafay Baloch

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.

tags | exploit, xss, bypass
MD5 | 82d3e66a425cd7e997c924715a185f58
Ubuntu Security Notice USN-2185-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
MD5 | 7bebc044b3d716ef3d5746ff8fb59bd0
Ubuntu Security Notice USN-2184-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2184-1 - Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.

tags | advisory, local
systems | linux, ubuntu
MD5 | 02967c10b021ac963a0d5b953d4628d9
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows, xp, 7
advisories | CVE-2013-5331
MD5 | 711da7fb2ca640490f5dd63b766555f1
NULL NUKE CMS 2.2 CSRF / XSS / SQL Injection / Shell Upload
Posted Apr 29, 2014
Authored by LiquidWorm | Site zeroscience.mk

NULL NUKE CMS version 2.2 suffers from cross site request forgery, cross site scripting, arbitrary file deletion, remote command execution, arbitrary file access, directory traversal, open redirection, and remote shell upload vulnerabilities.

tags | exploit, remote, arbitrary, shell, vulnerability, xss, csrf
MD5 | 01b991c11bd907e92e9e0fe124e11523
SAP BusinessObjects InfoView Cross Site Scripting
Posted Apr 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
MD5 | e7cfd970ff9045845b2fdab329187329
SAP BASIS Missing Authorization Check
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.

tags | advisory
MD5 | 08aba0292ad0cd72b3c7184e63334d04
SAP NW Portal WD Information Disclosure
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.

tags | advisory, java
MD5 | 1685a904c8138ef95ff27aa8e27e4eee
SAP Profile Maintenance Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.

tags | advisory
MD5 | 860e252e5719dddb9aef9bf61ee472fe
SAP Background Processing RFC Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.

tags | advisory, remote
MD5 | 97299c20a11ae86f6f1d45c826fd0513
Red Hat Security Advisory 2014-0442-01
Posted Apr 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
MD5 | 8a92db657a8bcc87dfa39c2aeee560e2
HP Security Bulletin HPSBUX02963 SSRT101297 2
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2013-6200
MD5 | a62e02e75f94bf8703a8dbb200d24be1
SAP Software Lifecycle Manager Information Disclosure
Posted Apr 28, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.

tags | advisory, info disclosure
MD5 | d4e40349eeb166e5f859efe555dd0504
TRENDnet TEW-634GRU 1.00.23 Disclosure / DoS / Privilege Escalation
Posted Apr 28, 2014
Authored by SirGod

TRENDnet TEW-634GRU version 1.00.23 suffers from local file disclosure, router crash, and privilege escalation vulnerabilities.

tags | exploit, local, vulnerability
MD5 | ff4d4660c556bd5fbfcba64feaeef5b2
NTP DDoS Amplification
Posted Apr 28, 2014
Authored by Danilo PC

NTP ntpd monlist query reflection denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2013-5211
MD5 | ce7b989c80bd3e604a329625563a56e2
McAfee ePolicy Owner (ePowner) 0.1
Posted Apr 28, 2014
Authored by Jerome Nokin

McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.

tags | exploit, arbitrary
systems | unix
advisories | CVE-2013-0140, CVE-2013-0141
MD5 | 555f12d5b8f53bed8b2f48fe792e333b
SEP Manager 12.1.2015.2015 Overflow Proof Of Concept
Posted Apr 28, 2014
Authored by Jerome Nokin

Symantec Endpoint Protection Manager version 12.1.2015.2015 SEH overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
systems | unix
advisories | CVE-2013-1612
MD5 | 71d31144dd6847abf9a9a81a58790df6
HP Security Bulletin HPSBMU03022
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 4d3ef57ac566c5a7846a91baacf637cf
Page 1 of 18
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close