oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
015c795c23babf53e707120e7faacad8dfac3ff80302f88e3c2502b120f798adoclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
d8eb9ccb4e80c03f33d752874dfed34fbcfc3d82d2d0a9e8d95a3ee7c53634edFireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
ee8bb992d14bf90b8fd98e647ad41191cedbfca8f7f6943c9cd9d92ffb087eb5Ubuntu Security Notice 2570-1 - An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
a1b89c9fb9b5a3f400af9982c99e77c800de8f17d203e170237f354bff80606aOpen-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.
0631e8cc651e7c9442b7d94ef0687aa105118b9d15a7f3df9861fe4949e88104All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.
e14bc9f35bf13a67b98981ea4b74e9432b3624b8a7bccf2d1aad94a07d646feeWordPress version 4.2 suffers from a persistent cross site scripting vulnerability.
ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48Ubuntu Security Notice 2580-1 - It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.
88f12e032c72a7978de45fa5ee30e9df27a082edd84f1f50f7f2e7542f99e1ffMandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.
c3e463b13df505d85b05845372bc13d6c0bed8ff47059b7731230c0714853b21Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
1415b78b12044db0e659dff979e0ab2d6fe56f133897650f516ab14c247201c3UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.
934be4720b0e5b95ac2e7b102bbe4bd5203c2d9abc16b79d5c687604745e30ceMandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
7240fd4534def87429d91c637b7729d5691e7f8862de87105b7fb9fae468642eMandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.
9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318Mandriva Linux Security Advisory 2015-207 - Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the contents of a CPAN module, Module::Signature ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute automatically during make test When generating checksums from the signed manifest, Module::Signature used two argument open() calls to read the files. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. Several modules were loaded at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in \@INC.
f15c8d16a91a259723b265ed700d69f88cdaffa4d9b22c45fa33716cc633d9d2Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.
0f49b40c5245b1a901652fda923ccb5d25207d1dc5ad349b0a1484d554d3794cMandriva Linux Security Advisory 2015-205 - disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.
3f8c2c6c3c6ba4ee0c6fa2a297a9758203ce3ca5828f73a99d3217e6d31b4a3aUbuntu Security Notice 2579-1 - It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behavior by adding a prefix to environment variables. Sites using program maps will need to adapt to the new variable names, or revert to the previous names by using a new configuration option called FORCE_STANDARD_PROGRAM_MAP_ENV. Various other issues were also addressed.
7380ef8c0ba9c845147cd4a70a015db6877390005781b9fe2fd2f9917fcacea3Mandriva Linux Security Advisory 2015-204 - librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff sig --hash=md4 option or through specifying the signature magic in the API, but this should not be used when either the old or new file contain untrusted data. Also, any applications that use the librsync library will need to be recompiled against the updated library. The rdiff-backup packages have been rebuilt for this reason.
f38e16d3da5b3852e8cc748629c4c028e924bad76e990f1120415ab0a14a350eDebian Linux Security Advisory 3238-1 - Several vulnerabilities were discovered in the chromium web browser.
914899feb17ca95c0602b6f2f4f452518d9f4ae92cfda0698f1e2f62822782c3Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
aa8f1362fe2b1e520df3774e9b5a3562a1ce08175dfc089a7a41b13a71abdb2eUbuntu Security Notice 2578-1 - Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.
71ac5f10710fff2f31331f2c65bc2031d90e66ec9887af391ff933321248c56eMiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.
498f2c5bf24844ab26545a5525a97f66a570ba969b3a46e477e4b93e5982d9b2OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.
2e3f4aa9bd8270be5647e928e03c289520cddaae59e541df172d313c213650b7VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.
4a610b7c8fb559b4026157db23297421051705f258bfe8264267c8d6838a889fSimple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.
7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed