what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-06-01

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150531
Posted Jun 1, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Various updates.
tags | tool, kernel, peer2peer
systems | linux
MD5 | cc35e5d849f9c091c50f4ee74eb10717
Maligno 2.2
Posted Jun 1, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Get caught mode improvements, new adversary replication profile, bug fixes, and minor adjustments.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | cbdf3624596aac362a60e9ca82a136ea
D-Link Devices HNAP SOAPAction-Header Command Execution
Posted Jun 1, 2015
Authored by Craig Heffner, Samuel Huntley | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

tags | exploit
MD5 | 3441fbd8c1fcc5a225cc156757ccb483
Red Hat Security Advisory 2015-1041-01
Posted Jun 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1041-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0263, CVE-2015-0264
MD5 | 482611c91ee9f70b13285047b53a06fc
Ubuntu Security Notice USN-2624-1
Posted Jun 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2624-1 - As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.

tags | advisory
systems | linux, ubuntu
MD5 | 11c03c661165369cb1591a8c1b2b9313
Ubuntu Security Notice USN-2623-1
Posted Jun 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2623-1 - It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain UDP packets. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, udp
systems | linux, ubuntu
advisories | CVE-2015-4047
MD5 | 04486f36e8cb27f53a0b0aba5e9204bb
Debian Security Advisory 3276-1
Posted Jun 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3276-1 - Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by providing an invalid hash in the URL (or removing it), bypassing URL signing and security rules.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-4050
MD5 | d753c425fb7ec9c9fafe60d201d34957
Debian Security Advisory 3269-2
Posted Jun 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3269-2 - The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression.

tags | advisory
systems | linux, debian
MD5 | 038922915dd4b0c0a80545c77ac6d977
Debian Security Advisory 3275-1
Posted Jun 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3275-1 - Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker can use this flaw to execute arbitrary code as root via a specially crafted URL.

tags | advisory, remote, web, arbitrary, root
systems | linux, debian
advisories | CVE-2015-0850
MD5 | fe5969c90210063c597cca974df73c1a
Gentoo Linux Security Advisory 201505-03
Posted Jun 1, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201505-3 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.2.13 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-4986, CVE-2014-4987, CVE-2014-6300, CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961
MD5 | e305d1cb96325ec09778061fab24061d
Gentoo Linux Security Advisory 201505-02
Posted Jun 1, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201505-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
MD5 | 94521269600bc4c622936c138a0fc5c0
SafeConfig 2015 Call For Papers
Posted Jun 1, 2015

SafeConfig 2015 has announced its Call For Papers. It will take place October 12, 2015 at the Denver Marriott City Center, Denver, Colorado, USA.

tags | paper, conference
MD5 | de087e29f330880da084a9f28d615b9f
IBM Security AppScan 9.0.2 Remote Code Execution
Posted Jun 1, 2015
Authored by Naser Farhadi

IBM Security AppScan versions 9.0.2 and below suffer from an OLE automation array remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 7c64f5a37542016bd51556569e0044d3
WordPress UserPro 2.33 Cross Site Scripting
Posted Jun 1, 2015
Authored by Faisal Ahmed

WordPress UserPro plugin version 2.33 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8e22d22fd0006b781af054d39bb6152a
Yooz.ir Open Redirect
Posted Jun 1, 2015
Authored by Milad Hacking

Yooz.ir suffers from an open redirection vulnerability.

tags | exploit
MD5 | 4dd1459a9270d2df845e9f35c931c286
Page 1 of 1

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By