what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-02-29

Packet Fence 5.7.0
Posted Feb 29, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various updates.
tags | tool, remote
systems | unix
MD5 | ecc2c2a5191f6e82f542ba24506fc303
Mandos Encrypted File System Unattended Reboot Utility 1.7.2
Posted Feb 29, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Stopped using python-gnutls library - it was not updated to GnuTLS 3.3. Various other bugs addressed.
tags | tool, remote, root
systems | linux, unix
MD5 | 5d2e4b1c9dd1875fd1af2c2912e79b0d
Logwatch 7.4.2
Posted Feb 29, 2016
Site logwatch.org

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 6eef537d20a7ec3bd3c99109853e2a05
Wireshark Analyzer 2.0.2
Posted Feb 29, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Fixed full_uri when using a Proxy. Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 204d053e0796c7da09292e0b54bc8503
OpenSSH 7.2p1
Posted Feb 29, 2016
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Skip PrintLastLog in config dump mode. Added a note about using xlc on AIX. Various other bug fixes.
tags | tool, encryption
systems | linux, openbsd
MD5 | b984775f0cfff1f7ff18b8797fce8a28
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Posted Feb 29, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote, file upload
systems | windows
advisories | CVE-2016-1525
MD5 | 3d6c659220bc9733c182c19629aadafe
Qualcomm Adreno GPU MSM Driver Perfcounter Query Heap Overflow
Posted Feb 29, 2016
Authored by Google Security Research, hawkes

The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. The bug results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of a buffer, which can result in an integer overflow and a small sized allocation on 32-bit systems.

tags | exploit, overflow, kernel
systems | linux
MD5 | c63ace51362852575e5b13f1d0785958
Fiyo CMS 2.0.6.1 Cross Site Scripting
Posted Feb 29, 2016
Authored by Himanshu Mehta

Fiyo CMS version 2.0.6.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c489935f0984fbf1e71c00ce51960ea8
ASAN/SUID Local Root Exploit
Posted Feb 29, 2016
Authored by infodox

This script exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. It uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. You can supply your own target binary to use for exploitation.

tags | exploit, root
MD5 | 8d6129b5b1441eb1943a7b2dcc5bb19a
Red Hat Security Advisory 2016-0309-01
Posted Feb 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0309-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-0757
MD5 | 92ebce8ead7d5f230fd42ea8f1f8a6e1
Slackware Security Advisory - libssh Updates
Posted Feb 29, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0739
MD5 | 73a897fc740f2fbd6f52b03c74da6cba
Debian Security Advisory 3495-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3495-1 - Markus Krell discovered that xymon, a network and applications monitoring system, was vulnerable to incorrect data handling, incorrect permissions, and various other security issues.

tags | advisory
systems | linux, debian
advisories | CVE-2016-2054, CVE-2016-2055, CVE-2016-2056, CVE-2016-2057, CVE-2016-2058
MD5 | 8e836ad4dec2ca27825a4fb8bc8e248f
Debian Security Advisory 3498-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3498-1 - Multiple security vulnerabilities have been found in the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
MD5 | 69cb351c719cdfb905cab25efdbb5802
Debian Security Advisory 3499-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3499-1 - Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, debian
advisories | CVE-2016-0740, CVE-2016-0775, CVE-2016-2533
MD5 | 62153e3ca7a79d7351dac73cd3be2814
Debian Security Advisory 3496-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3496-1 - It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability.

tags | advisory, php, xss
systems | linux, debian
advisories | CVE-2015-8807
MD5 | 51b70bf4448c0909402e5710183eb026
Debian Security Advisory 3497-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3497-1 - It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability.

tags | advisory, web, php, xss
systems | linux, debian
advisories | CVE-2016-2228
MD5 | 6d0b58a8f1f981d531ac43b4de059f03
Debian Security Advisory 3494-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3494-1 - Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.

tags | advisory, web, arbitrary, php, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2015-8377, CVE-2015-8604
MD5 | 942caef3451e252db49882c58230b063
Red Hat Security Advisory 2016-0308-01
Posted Feb 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0308-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-9649, CVE-2014-9650
MD5 | 80f1f4ed66fef8cf40454a05ee64282a
Wireshark print_hex_data_buffer / print_packet Use-After-Free
Posted Feb 29, 2016
Authored by Google Security Research, mjurczyk

A crash due to a use-after-free condition can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | 8b4f15e57ad1aeeef273ef50234b570a
Linux/ARM Connect Back /bin/sh Shellcode
Posted Feb 29, 2016
Authored by Xeon

95 bytes small Linux/ARM connect back to ip:port with /bin/sh shellcode.

tags | shellcode
systems | linux
MD5 | ba18a4f80ecd3db8bab354e08fc07cc8
WordPress More Fields 2.1 Cross Site Request Forgery
Posted Feb 29, 2016
Authored by Aatif Shahdad

WordPress More Fields plugin versions 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 683cdaf21f8eef8d717fabe50b552c7e
GpicView 0.2.5 Buffer Overflow
Posted Feb 29, 2016
Authored by David Silveiro

GpicView version 0.2.5 buffer overflow crash proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 5904a127e7670c9e654d95baa5d95ed3
Fing 3.3.0 Persistent Mail Encoding
Posted Feb 29, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Fing version 3.3.0 suffers from a persistent mail encoding vulnerability.

tags | exploit
MD5 | e7ce24ddac9a94f1e1c2d67d0d884b3a
WP Good News Themes Cross Site Scripting
Posted Feb 29, 2016
Authored by Milad Hacking | Site vulnerability-lab.com

WP Good News Themes suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | 24627b02dd2cc2f7e8cec3d463ce6e62
CISTI'2016 Call For Papers
Posted Feb 29, 2016
Site aisti.eu

The Call For Papers for CISTI'2016 Workshops has been announced. It will be held in Gran Canaria, Canary Islands, Spain between the 15th and 18th of June 2016.

tags | paper, conference
MD5 | f6223346e89db78253a4fe42f909b143
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close