what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-07-01

OpenSSH 6.9p1
Posted Jul 1, 2015
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is primarily a bugfix release.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe
Apple Security Advisory 2015-06-30-4
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-4 - Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address account takeover, WebSQL database access, and various other issues.

tags | advisory
systems | apple
advisories | CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727
SHA-256 | 65a4e7e1055cabeaafab321c18f2600435a9a6b41433f5acd7cbbed23fa24c05
Apple Security Advisory 2015-06-30-3
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-3 - Mac EFI Security Update 2015-001 is now available and addresses EFI flash memory modification and memory corruption issues.

tags | advisory
systems | apple
advisories | CVE-2015-3692, CVE-2015-3693
SHA-256 | ebbd7372fb135d86e539aef139e47bf9c4652c9bcf24e4c3dc1455987a2a5f0e
Apple Security Advisory 2015-06-30-2
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-1741, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2015-0209, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293, CVE-2015-1157, CVE-2015-1798, CVE-2015-1799, CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673
SHA-256 | 36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907
Apple Security Advisory 2015-06-30-1
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-1 - iOS 8.4 is now available and addresses denial of service, an incorrect issued certificate, arbitrary code execution, and various other flaws.

tags | advisory, denial of service, arbitrary, code execution
systems | apple, ios
advisories | CVE-2013-1741, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1152, CVE-2015-1153, CVE-2015-1155, CVE-2015-1156, CVE-2015-1157, CVE-2015-3658, CVE-2015-3659, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3694, CVE-2015-3703, CVE-2015-3710, CVE-2015-3717, CVE-2015-3719, CVE-2015-3721, CVE-2015-3722, CVE-2015-3723, CVE-2015-3724
SHA-256 | aa64c9a10b61a44ca9cbe32378688da43c9948d31f37b09253079d2bdffc2fbf
Faraday 1.0.11
Posted Jul 1, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added hosts CRUD. Added services CRUD. Fix ubuntu 15.04 installation bug. Small bug in burp plugin "Import new vulnerabilities" checkbox issue. Added an interactive visualization to calculate the value of a Workspace. Fixed several bugs in WEB UI. Added a URL filter functionality to the status report, allowing searches by fields.
tags | tool, rootkit
systems | unix
SHA-256 | caf8607f90c09b613a5acce793a6ee44c801f19df790ef5d3d0d2b6adb7b2ef9
Climatix BACnet/IP Communication Module Cross Site Scripting
Posted Jul 1, 2015
Authored by Juan Francisco

Climatix BACnet/IP communication module versions prior to 10.34 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 458a1febedd253c8584384bbb9d17de8e4a7956a75d90bf89a092e566e6c8ce7
X-Cart 4.5.0 Cross Site Scripting
Posted Jul 1, 2015
Authored by nopesled

X-Cart version 4.5.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a1a11fb25f1d969aa8867050ba66d7dadc1bea3ee084a39151bfafd66a5e778f
TimeDoctor Pro 1.4.72.3 Insecure Transport
Posted Jul 1, 2015
Authored by Fernando Munoz

TimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn't perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain and then execute custom binaries on the machine where the application is running.

tags | advisory, web
advisories | CVE-2015-4674
SHA-256 | cf5cbb9e12db32d37835bd9deea463c5dc52c32a82f8ba56eb0159a2d82fdd01
ManageEngine Password Manager Pro 8.1 SQL Injection
Posted Jul 1, 2015
Authored by Blazej Adamczyk

ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e94365f40db69e762b193722e944c13b07b2ec92c6cd28f2760357708be97129
Red Hat Security Advisory 2015-1199-01
Posted Jul 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1199-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2015-1805, CVE-2015-3331
SHA-256 | e5a1e1dd505bcaf901fcce6a87890b352f055341ddeed92af1b9f0d702685faa
Ubuntu Security Notice USN-2652-1
Posted Jul 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2652-1 - It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269
SHA-256 | 6f46b2383815d29117aacead537ddaa691f2fd9ff4b58a5c58b43e34f08ee76c
Red Hat Security Advisory 2015-1197-01
Posted Jul 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1197-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-1789, CVE-2015-1790, CVE-2015-4000
SHA-256 | d8b6ac26b5c98c2a2e05b182e2c52fafecb9fd3251e5d75bdd096181aa90c193
Packet Storm New Exploits For June, 2015
Posted Jul 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 183 exploits that were added to Packet Storm in June, 2015.

tags | exploit
systems | linux
SHA-256 | c485e814d9dca35aa730e3f9d1befce8762864f7f8245cfc3268dcdbe23f9958
DAVOSET 1.2.5
Posted Jul 1, 2015
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of cache bypass at web sites. New services added into full list of zombies.
tags | tool, denial of service
SHA-256 | 411c04699a22c50951aa75875b1a22b2464b3a35528832023be17aa464c25f82
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close