what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-09-09

Evading All Web-Application Firewalls XSS Filters
Posted Sep 9, 2015
Authored by Mazin Ahmed

This whitepaper documents shortcomings in various popular web application firewalls (WAFS) and how to trigger cross site scripting attacks regardless of the protections in place. Covered are F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, and Barracuda WAF.

tags | paper, web, xss
MD5 | 1cbaf237965d673f4610dd022d5eb934
GNU Privacy Guard 2.0.29
Posted Sep 9, 2015
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes.
tags | tool, encryption
MD5 | c98f0170ae81560f7e11ae1e2e439b41
RSA Identity Management And Governance Cross Site Scripting
Posted Sep 9, 2015
Site emc.com

RSA Identity Management and Governance contains fixes for cross site scripting vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. All versions are RSA IMG are affected by CVE-2015-4539. Versions prior to 6.9.1 P6 and 6.8.1 P18 are affected by CVE-2015-4540.

tags | advisory, vulnerability, xss
advisories | CVE-2015-4539, CVE-2015-4540
MD5 | eba1e86bafc9958f81e6814ef2e97389
Ubuntu Security Notice USN-2738-1
Posted Sep 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2738-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5707
MD5 | 501c41969c246d58cbf1a13fb5c30320
Ubuntu Security Notice USN-2737-1
Posted Sep 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2737-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5707
MD5 | e09dd4fbda33ff0a4f174aedf68122bd
HP Security Bulletin HPSBOV03506 1
Posted Sep 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03506 1 - A potential security vulnerability has been identified with TCP/IP Services for OpenVMS running BIND. The vulnerability could be remotely exploited to cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, tcp
advisories | CVE-2015-5477
MD5 | 6bf67ed244467fdc4c127b5c927a42c9
Debian Security Advisory 3354-1
Posted Sep 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3354-1 - Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service (QEMU process crash) or, potentially execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, denial of service, arbitrary
systems | linux, redhat, debian
advisories | CVE-2015-3247
MD5 | ccda55d86a5d081ecb59192d98b9c0d8
Linux/x86 /bin/cat /etc/passwd Shellcode
Posted Sep 9, 2015
Authored by Ajith KP

75 bytes small Linux/x86 execve("/bin/cat", ["/bin/cat", "/etc/passwd"], NULL) shellcode.

tags | x86, shellcode
systems | linux
MD5 | 7751edc3b6bd12a3ed6d6e64015f7f8b
Zed Attack Proxy 2.4.2 Windows Installer
Posted Sep 9, 2015
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.

Changes: Various updates.
tags | tool, web, vulnerability
systems | windows
MD5 | 2f68632989515fdebf957e0a4831b0e2
Zed Attack Proxy 2.4.2 Mac OS X Release
Posted Sep 9, 2015
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.

Changes: Various updates.
tags | tool, web, vulnerability
systems | apple, osx
MD5 | 5017d53f6bb5810d3c9f7f30ec648836
Bro Network Security Monitor 2.4.1
Posted Sep 9, 2015
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Moved SIP analyzer to flowunit instead of datagram. Fixed potential ARP out-of-bounds memory access. Various other updates and fixes.
tags | tool, intrusion detection
systems | unix
MD5 | 353e79df458e2bbfa00bdbaa0f183908
Zed Attack Proxy 2.4.2 Linux Release
Posted Sep 9, 2015
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Various updates.
tags | tool, web, vulnerability
systems | linux, unix
MD5 | 20cd0b9b61b293d9650816754a793b74
Mobius Forensic Toolkit 0.5.22
Posted Sep 9, 2015
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Updates to emule-agent. Various bug fixes and improvements.
tags | tool, python, forensics
MD5 | 6792dd1227dd15e3793015bc339211bf
Qlikview 11.20 SR4 Blind XXE Injection
Posted Sep 9, 2015
Authored by Alex Haynes

The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also "blind" as the server feeds back no visual response. These vulnerabilities can be exploited to force Server Side Request Forgeries (SSRF)in multiple protocols, as well as reading and extracting arbitrary files on the server directly. Version 11.20 SR4 is vulnerable.

tags | exploit, arbitrary, vulnerability, protocol, xxe
advisories | CVE-2015-3623
MD5 | 4be02998392484e18161b845fb6271c3
Autoexchanger 5.1.0 Cross Site Request Forgery
Posted Sep 9, 2015
Authored by Aryan Bayaninejad

Autoexchanger version 5.1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-6827
MD5 | 6781a956e6da46e52952cc1e53e67998
Windows win32k!NtUserSetInformationThread Type Confusion
Posted Sep 9, 2015
Authored by Google Security Research, matttait

The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a "NULL" type specified (it should instead be using *LpcPortObjectType to protect against this vulnerability). This vulnerability can be triggered from inside CSRSS via the syscall win32k!NtUserSetInformationThread with ThreadInformationClass set to "UserThreadCsrApiPort" and the parameter of the syscall set to a HANDLE that is not an LPC object.

tags | advisory, kernel
systems | linux, windows
MD5 | bad4b15d7c70687d4217246de26b0abe
DirectAdmin 1.483 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 9, 2015
Authored by Ashiyane Digital Security Team, Ehsan Hosseini

DirectAdmin web control panel version 1.483 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
MD5 | ccf24e04ca8d962f5b39d5164317de0f
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close