all things security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-04-27

oclHashcat For NVidia 1.36
Posted Apr 27, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Added support for NV ForceWare 346.59 driver. Added various new hash modes. Multiple optimizations added.
tags | tool, cracker
MD5 | 1afb1a2bad14c706ce60dc3f8d5dd2bc
oclHashcat For AMD 1.36
Posted Apr 27, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Added support for NV ForceWare 346.59 driver. Added various new hash modes. Multiple optimizations added.
tags | tool, cracker
MD5 | 4b541784b247a275a187d3bd64f791de
FireHOL 2.0.3
Posted Apr 27, 2015
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fix added to avoid errors when using physin/physout. Note that these parameters are only useful when the traffic travels over a single bridge. Fix added to handle tc output on some systems, courtesy of Phineas Gage.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 4aa871bd39ecb53b40e86f0efb4b677a
Ubuntu Security Notice USN-2570-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2570-1 - An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1246, CVE-2015-1249, CVE-2015-1321, CVE-2015-3333
MD5 | 75cb8d72c97169924b78affe4806c5b8
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
Posted Apr 27, 2015
Authored by Martin Heiland

Open-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2015-1588
MD5 | a65ec62667e3fc8fb957722446b0ebd5
Elasticsearch Directory Traversal
Posted Apr 27, 2015
Authored by John Heasman

All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.

tags | advisory, file inclusion
advisories | CVE-2015-3337
MD5 | f939ca329010dfeccb6cc9f41be33801
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 27519b865c9c00195a89fd8e9072caba
Ubuntu Security Notice USN-2580-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2580-1 - It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
MD5 | 966802a41c71c2a4adbc06eb665635fb
Mandriva Linux Security Advisory 2015-211
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3619
MD5 | 6ae9bc6e9467774cba37988b468df638
Mandriva Linux Security Advisory 2015-210
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-1779
MD5 | 6ec0b19e4dc7cfc8ec41a92df9f2fd1c
UniPDF 1.2 Buffer Overflow
Posted Apr 27, 2015
Authored by Avinash Kumar Thapa

UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 9274e44ab931e12b78e8a88e2c4299b3
Mandriva Linux Security Advisory 2015-209
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2783, CVE-2015-3329, CVE-2015-3330
MD5 | 3c32bbbfcbef194b3b56232456759eb1
Mandriva Linux Security Advisory 2015-208
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.

tags | advisory, root
systems | linux, mandriva
MD5 | be8cceaaad55a45e1a9eb0035c3d5b30
Mandriva Linux Security Advisory 2015-207
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-207 - Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the contents of a CPAN module, Module::Signature ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute automatically during make test When generating checksums from the signed manifest, Module::Signature used two argument open() calls to read the files. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. Several modules were loaded at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in \@INC.

tags | advisory, arbitrary, shell, perl
systems | linux, mandriva
MD5 | e9f6c1050a729cd31ef0b973b2c5d60b
Mandriva Linux Security Advisory 2015-206
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3008
MD5 | 4242bcf051e13ef1be0e22f860f9bb19
Mandriva Linux Security Advisory 2015-205
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-205 - disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-2928, CVE-2015-2929
MD5 | ff4af1c9821b11644ca34d8389f85a71
Ubuntu Security Notice USN-2579-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2579-1 - It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behavior by adding a prefix to environment variables. Sites using program maps will need to adapt to the new variable names, or revert to the previous names by using a new configuration option called FORCE_STANDARD_PROGRAM_MAP_ENV. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-8169
MD5 | c598ce940fbc19bb333e01fdee29194f
Mandriva Linux Security Advisory 2015-204
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-204 - librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff sig --hash=md4 option or through specifying the signature magic in the API, but this should not be used when either the old or new file contain untrusted data. Also, any applications that use the librsync library will need to be recompiled against the updated library. The rdiff-backup packages have been rebuilt for this reason.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8242
MD5 | b64e616ec625d3d8ebaabc7c5148e892
Debian Security Advisory 3238-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3238-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3336
MD5 | d79629f715cb88c09e70d3e3a3191dd5
Debian Security Advisory 3237-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339
MD5 | 3353c955b704e481b75f84524768c42c
Ubuntu Security Notice USN-2578-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2578-1 - Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9093, CVE-2015-1774
MD5 | 42ae603c230ca334a1ebf634dba65668
MiniUPnPd 1.0 Stack Overflow
Posted Apr 27, 2015
Authored by Onur Alanbel

MiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.

tags | exploit, remote, overflow, shell, code execution
advisories | CVE-2013-0230
MD5 | 09e159e8ed358e48a1ade244adad715e
OTRS 3.x Cross Site Scripting
Posted Apr 27, 2015
Authored by Adam Ziaja

OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1695
MD5 | a9df1e7295e3755e2687b8adc789ba0f
VideoSpirit Pro 1.91 Buffer Overflow
Posted Apr 27, 2015
Authored by evil_comrade

VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.

tags | exploit, overflow
MD5 | ecb97d950c0f0ff8d426a10645623e0e
Legend Perl IRC Bot Remote Code Execution
Posted Apr 27, 2015
Authored by Jay Turla

Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.

tags | exploit, remote, perl, code execution, proof of concept
MD5 | 3b15b371ee3f1b458ce633d12ca2c3cb
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close