what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-09-27

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925
Posted Sep 27, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Various updates and one major bug fix.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 0079daf7c23ad1176479f58134a1d69a
Dhclient Bash Environment Variable Injection
Posted Sep 27, 2014
Authored by egypt, Stephane Chazelas | Site metasploit.com

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.

tags | exploit, shell, code execution, bash
advisories | CVE-2014-6271
MD5 | 3906040148097bfee9fc17f307249281
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
Posted Sep 27, 2014
Authored by William Costa

Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7157, CVE-2014-7158
MD5 | 1411d0fd750fb4d961f6c80e3b6360c5
Ubuntu Security Notice USN-2364-1
Posted Sep 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2364-1 - Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Various other issues were also addressed.

tags | advisory, arbitrary, shell, bash
systems | linux, ubuntu
advisories | CVE-2014-7186, CVE-2014-7187
MD5 | 7ac72b8ebc9a810fc8f7a3a645e0b1d7
Red Hat Security Advisory 2014-1312-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1312-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 9c7cfe8e72e80b7d451c37e29b0764b7
Red Hat Security Advisory 2014-1311-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1311-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 5c71c997f606bd11c18578eff30a2778
Openfiler 2.99.1 Denial Of Service
Posted Sep 27, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-7190
MD5 | 2ca55a7c25f4af0bd92ffea3030db72a
Comersus Sophisticated Cart Database Disclosure
Posted Sep 27, 2014
Authored by indoushka

Comersus Sophisticated Cart suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d4f9f225f04d8fbc08e8b801376105a3
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Posted Sep 27, 2014
Authored by indoushka

Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
MD5 | c5d7d61c26578bae90881c31217dc5ce
NDBLOG 0.1 Cross Site Scripting / SQL Injection
Posted Sep 27, 2014
Authored by indoushka

NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 05e1ee90242e8c548600ac8f3215a928
Get Simple CMS 3.3.3 Information Disclosure / XSS
Posted Sep 27, 2014
Authored by indoushka

Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 509aeb2d452d8f33da1a21162957cf70
PayPal Community Web Portal Cross Site Scripting
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal Community Web Portal suffered from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 4209c77b64a99c1ff97d920b11327c79
PayPal Mail Encoding Script Insertion
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Malicious script code could be inserted into PayPal's mail encoding functionality.

tags | exploit
MD5 | 5c87fd10192ac95fa81c73c2be5a7c2d
POSNIC 1.02 Directory Listing / File Upload
Posted Sep 27, 2014
Authored by indoushka

POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.

tags | exploit, vulnerability, file upload
MD5 | 932c6bf5f7a2706fc8f3be99a60904c8
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close