Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
b1b512d1117ee606e58cff793de17bccbd47b0d59d3b269f8c4c3f04a6d117f7tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
1f87fb652ce996d41e7a06c601bc6ea29b13fee922945b23770c29490f1d8aceRed Hat Security Advisory 2015-0674-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
252d3a3f04735fff4c9e91df76c07d6a4f2fff78ef8e210b02cb32326371d925Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.
2167c7e20b2242c7ce65869777a2ee4ff54c41d53ab3d3bacd78665f8b3aa975GeniXCMS version 0.0.1 suffers from a cross site request forgery vulnerability.
274ad29da4cea4499e6b0d0fd944f881b7c54c98857ec0441ad67f8d37f512b1GeniXCMS version 0.0.1 suffers from a persistent cross site scripting vulnerability.
dfb828099e3526b65a26186abfe2ebda118862ba3aedb0923af2701324c43eb2GeniXCMS version 0.0.1 suffers from a remote SQL injection vulnerability.
c2e1a3a8f9a6e066f72bd3dd728e7366cce9678d505ad005514358b2eddd2cdbRSA Certificate Manager versions prior to 6.9 Build 558 and RSA Registration Manager versions prior to 6.9 Build 558 suffer from cross site scripting and denial of service vulnerabilities.
b747d0ad2d5769c903036e95aae093e5e18483d9866dae57c158e7ac519e6401EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.
6b3ffdb9909af633f358b0989f2fbd7d173162224f69793af11938be23147164A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.
a7cb57797a2240ddf7249a1c2eaae396a47c7ed63e6fdc3c40f4ef850798d906Community Gallery version 2.0 prior to 12/10/2014 suffers from a cross site scripting vulnerability.
cb92d5dd35f62a2d13d3f41c6a2a67b81bd6b07c2ece8f9415dd1ad60f8ede2bThis bulletin summary lists fourteen released Microsoft security bulletins for March, 2015.
dcf06c1cb0465af847763c46a1b45b904ec12b76286ce0394b1e147ead2373a0Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.
3cc951b2e2fd3d06bb97f2457a80dc5c5cd1ee96a540304ec8ab84ce7843cb09Debian Linux Security Advisory 3182-1 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.
56e9da97a560309b0ac9c520969ba7154b3f72b3e1c8f6089c1f38150e589102Debian Linux Security Advisory 3177-1 - Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset. Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory.
403a81294c535f9012b1e9fde992ea3ea2ad41d018768fc4e6cd09c6dfe40996Debian Linux Security Advisory 3181-1 - Multiple security issues have been found in the Xen virtualisation solution.
6f1014bd6845fe2222b531e02c84f89d18e5a114da7328fdfe525316fa1dcd93HP Security Bulletin HPSBUX03281 SSRT101968 1 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
cc6321fd565ed4ed970a94c5320901fd1e70598b3a3c32fc72679b7da5cc53afRed Hat Security Advisory 2015-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions.
54ce3fff2cfdb06fe60b9b071696bd0b93e9175b023fa5c0d8d260d7f5a96ed7Ubuntu Security Notice 2524-1 - Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.
98d28cd89746d7a82c306336627c6f32d21ae842618b3ea5ce65f696fecbe5ddUbuntu Security Notice 2522-3 - USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression.
6819460584d09163605ab124e5445cc2bd77359c598577feb67f5076d761423aVastal I-tech phpVID version 1.2.3 suffers from a cross site scripting vulnerability.
2f745f0f2053a1c50166e0ff9afe06971ef8e748db53f3dd09146b41f9b50d4aVastal I-tech phpVID version 1.2.3 suffers from a remote SQL injection vulnerability.
95b50fdd191a4779c66a1f2589ae42d9e124e1da2e5d6e73cafa1ff0cbadb50fWordPress Daily Edition theme version 1.6.2 suffers from a path disclosure vulnerability.
5dbabeed6d1bf20e344bf57d1bd96e95389a6b5cb0fbf03eedf1b33b4bcf5581WordPress Daily Edition theme version 1.6.2 suffers from a cross site scripting vulnerability.
7055b3b6a9b880d9f321b46d1351fc6fcc7dc004250a82e39d2149ca6e81ef9bSuperWebMailer version 5.50.0.01160 suffers from a cross site scripting vulnerability.
11a65aef4c3e0644db801f91caa34067f8f852e9810b45ced9e3cb69e66b0feb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed