exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-04-27

oclHashcat For NVidia 1.36
Posted Apr 27, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Added support for NV ForceWare 346.59 driver. Added various new hash modes. Multiple optimizations added.
tags | tool, cracker
SHA-256 | 015c795c23babf53e707120e7faacad8dfac3ff80302f88e3c2502b120f798ad
oclHashcat For AMD 1.36
Posted Apr 27, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Added support for NV ForceWare 346.59 driver. Added various new hash modes. Multiple optimizations added.
tags | tool, cracker
SHA-256 | d8eb9ccb4e80c03f33d752874dfed34fbcfc3d82d2d0a9e8d95a3ee7c53634ed
FireHOL 2.0.3
Posted Apr 27, 2015
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fix added to avoid errors when using physin/physout. Note that these parameters are only useful when the traffic travels over a single bridge. Fix added to handle tc output on some systems, courtesy of Phineas Gage.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | ee8bb992d14bf90b8fd98e647ad41191cedbfca8f7f6943c9cd9d92ffb087eb5
Ubuntu Security Notice USN-2570-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2570-1 - An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1246, CVE-2015-1249, CVE-2015-1321, CVE-2015-3333
SHA-256 | a1b89c9fb9b5a3f400af9982c99e77c800de8f17d203e170237f354bff80606a
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
Posted Apr 27, 2015
Authored by Martin Heiland

Open-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2015-1588
SHA-256 | 0631e8cc651e7c9442b7d94ef0687aa105118b9d15a7f3df9861fe4949e88104
Elasticsearch Directory Traversal
Posted Apr 27, 2015
Authored by John Heasman

All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.

tags | advisory, file inclusion
advisories | CVE-2015-3337
SHA-256 | e14bc9f35bf13a67b98981ea4b74e9432b3624b8a7bccf2d1aad94a07d646fee
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48
Ubuntu Security Notice USN-2580-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2580-1 - It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 88f12e032c72a7978de45fa5ee30e9df27a082edd84f1f50f7f2e7542f99e1ff
Mandriva Linux Security Advisory 2015-211
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3619
SHA-256 | c3e463b13df505d85b05845372bc13d6c0bed8ff47059b7731230c0714853b21
Mandriva Linux Security Advisory 2015-210
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-1779
SHA-256 | 1415b78b12044db0e659dff979e0ab2d6fe56f133897650f516ab14c247201c3
UniPDF 1.2 Buffer Overflow
Posted Apr 27, 2015
Authored by Avinash Kumar Thapa

UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
SHA-256 | 934be4720b0e5b95ac2e7b102bbe4bd5203c2d9abc16b79d5c687604745e30ce
Mandriva Linux Security Advisory 2015-209
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2783, CVE-2015-3329, CVE-2015-3330
SHA-256 | 7240fd4534def87429d91c637b7729d5691e7f8862de87105b7fb9fae468642e
Mandriva Linux Security Advisory 2015-208
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318
Mandriva Linux Security Advisory 2015-207
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-207 - Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the contents of a CPAN module, Module::Signature ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute automatically during make test When generating checksums from the signed manifest, Module::Signature used two argument open() calls to read the files. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. Several modules were loaded at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in \@INC.

tags | advisory, arbitrary, shell, perl
systems | linux, mandriva
SHA-256 | f15c8d16a91a259723b265ed700d69f88cdaffa4d9b22c45fa33716cc633d9d2
Mandriva Linux Security Advisory 2015-206
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3008
SHA-256 | 0f49b40c5245b1a901652fda923ccb5d25207d1dc5ad349b0a1484d554d3794c
Mandriva Linux Security Advisory 2015-205
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-205 - disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-2928, CVE-2015-2929
SHA-256 | 3f8c2c6c3c6ba4ee0c6fa2a297a9758203ce3ca5828f73a99d3217e6d31b4a3a
Ubuntu Security Notice USN-2579-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2579-1 - It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behavior by adding a prefix to environment variables. Sites using program maps will need to adapt to the new variable names, or revert to the previous names by using a new configuration option called FORCE_STANDARD_PROGRAM_MAP_ENV. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-8169
SHA-256 | 7380ef8c0ba9c845147cd4a70a015db6877390005781b9fe2fd2f9917fcacea3
Mandriva Linux Security Advisory 2015-204
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-204 - librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff sig --hash=md4 option or through specifying the signature magic in the API, but this should not be used when either the old or new file contain untrusted data. Also, any applications that use the librsync library will need to be recompiled against the updated library. The rdiff-backup packages have been rebuilt for this reason.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8242
SHA-256 | f38e16d3da5b3852e8cc748629c4c028e924bad76e990f1120415ab0a14a350e
Debian Security Advisory 3238-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3238-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3336
SHA-256 | 914899feb17ca95c0602b6f2f4f452518d9f4ae92cfda0698f1e2f62822782c3
Debian Security Advisory 3237-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339
SHA-256 | aa8f1362fe2b1e520df3774e9b5a3562a1ce08175dfc089a7a41b13a71abdb2e
Ubuntu Security Notice USN-2578-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2578-1 - Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9093, CVE-2015-1774
SHA-256 | 71ac5f10710fff2f31331f2c65bc2031d90e66ec9887af391ff933321248c56e
MiniUPnPd 1.0 Stack Overflow
Posted Apr 27, 2015
Authored by Onur Alanbel

MiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.

tags | exploit, remote, overflow, shell, code execution
advisories | CVE-2013-0230
SHA-256 | 498f2c5bf24844ab26545a5525a97f66a570ba969b3a46e477e4b93e5982d9b2
OTRS 3.x Cross Site Scripting
Posted Apr 27, 2015
Authored by Adam Ziaja

OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1695
SHA-256 | 2e3f4aa9bd8270be5647e928e03c289520cddaae59e541df172d313c213650b7
VideoSpirit Pro 1.91 Buffer Overflow
Posted Apr 27, 2015
Authored by evil_comrade

VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.

tags | exploit, overflow
SHA-256 | 4a610b7c8fb559b4026157db23297421051705f258bfe8264267c8d6838a889f
Legend Perl IRC Bot Remote Code Execution
Posted Apr 27, 2015
Authored by Jay Turla

Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.

tags | exploit, remote, perl, code execution, proof of concept
SHA-256 | 7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close