what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-02-29

Packet Fence 5.7.0
Posted Feb 29, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various updates.
tags | tool, remote
systems | unix
SHA-256 | c82a337b3f230518ff1c9c6fb5686c1db0d3a89dd99dac741d31afdd13439abc
Mandos Encrypted File System Unattended Reboot Utility 1.7.2
Posted Feb 29, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Stopped using python-gnutls library - it was not updated to GnuTLS 3.3. Various other bugs addressed.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 11e0a3d09e79cf8776042e084c15d8340d11b65d1681c0f9e97acaca48f4de28
Logwatch 7.4.2
Posted Feb 29, 2016
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 006e122a1973bb12b92eb79622ebc93716ec0766a6987e73b4ae5387509e5ade
Wireshark Analyzer 2.0.2
Posted Feb 29, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Fixed full_uri when using a Proxy. Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | e921fb072085a5654d899949bb561d0687f4819f7b63ba35777bb949a9b6b9c1
OpenSSH 7.2p1
Posted Feb 29, 2016
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Skip PrintLastLog in config dump mode. Added a note about using xlc on AIX. Various other bug fixes.
tags | tool, encryption
systems | linux, openbsd
SHA-256 | 973cc37b2f3597e4cf599b09e604e79c0fe5d9b6f595a24e91ed0662860b4ac3
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Posted Feb 29, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote, file upload
systems | windows
advisories | CVE-2016-1525
SHA-256 | 21b61eacb45384fca46646a93d57a232dc9d4a63ea542dc6fb29807e1a4dc643
Qualcomm Adreno GPU MSM Driver Perfcounter Query Heap Overflow
Posted Feb 29, 2016
Authored by Google Security Research, hawkes

The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. The bug results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of a buffer, which can result in an integer overflow and a small sized allocation on 32-bit systems.

tags | exploit, overflow, kernel
systems | linux
SHA-256 | 11c959c3433bd2e4a4a0b93cec8f7ba66f5dab8a114dc0cadb5fc6c6bc5f818f
Fiyo CMS 2.0.6.1 Cross Site Scripting
Posted Feb 29, 2016
Authored by Himanshu Mehta

Fiyo CMS version 2.0.6.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 94a75418a58f9a444db29b3522a8e6934a1b2690ac8c1f92fe79a33def69eaf6
ASAN/SUID Local Root Exploit
Posted Feb 29, 2016
Authored by infodox

This script exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. It uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. You can supply your own target binary to use for exploitation.

tags | exploit, root
SHA-256 | 3f14643d1c039904bc9db24702fe18f67c6de2c6f848f3e50ab2d61c07de8423
Red Hat Security Advisory 2016-0309-01
Posted Feb 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0309-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-0757
SHA-256 | ea535561c42b5bd9d777446c42c01a808de586a69aa8c2f4acfa2d8dbcbca27b
Slackware Security Advisory - libssh Updates
Posted Feb 29, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0739
SHA-256 | 02c7441014bdd9e0f73350f6d47e292e57e03e9a03b3a1d62206ffdf4d7d9a4f
Debian Security Advisory 3495-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3495-1 - Markus Krell discovered that xymon, a network and applications monitoring system, was vulnerable to incorrect data handling, incorrect permissions, and various other security issues.

tags | advisory
systems | linux, debian
advisories | CVE-2016-2054, CVE-2016-2055, CVE-2016-2056, CVE-2016-2057, CVE-2016-2058
SHA-256 | 53a0dba24a61cd8d8b2c08030f630e1b8f8ff722b419c80f9a8acbed492ce294
Debian Security Advisory 3498-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3498-1 - Multiple security vulnerabilities have been found in the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | d05d759600212f327451853cf50f35c896fca22c35d1590b3a6cb5d8b118e93b
Debian Security Advisory 3499-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3499-1 - Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, debian
advisories | CVE-2016-0740, CVE-2016-0775, CVE-2016-2533
SHA-256 | 8b910f6671c0e4d3abcf87002c5d7014c4463092d27ad1d60c61cc97b88fdeed
Debian Security Advisory 3496-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3496-1 - It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability.

tags | advisory, php, xss
systems | linux, debian
advisories | CVE-2015-8807
SHA-256 | fb2e808e2bc1b55e3a678a6bd92bf163b812a242063669eceb2cf4d1b24e361d
Debian Security Advisory 3497-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3497-1 - It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability.

tags | advisory, web, php, xss
systems | linux, debian
advisories | CVE-2016-2228
SHA-256 | 0c1655a872704facecb22f051bb6c9eea16caf3f0e87ad0f84b0f0de433a969d
Debian Security Advisory 3494-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3494-1 - Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.

tags | advisory, web, arbitrary, php, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2015-8377, CVE-2015-8604
SHA-256 | 97808cf3529875d4bcd54cfdad0de8a01c508d89587d889ac02eab545d374b0b
Red Hat Security Advisory 2016-0308-01
Posted Feb 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0308-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-9649, CVE-2014-9650
SHA-256 | 5afd04f5b678cbda103db43bf170342e4a739b7757cecdcccbbf96e357abaa44
Wireshark print_hex_data_buffer / print_packet Use-After-Free
Posted Feb 29, 2016
Authored by Google Security Research, mjurczyk

A crash due to a use-after-free condition can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
SHA-256 | aa70c051da88d6df887378a4bee75c1f9831e1bd674b47c6a648173a1efc04f2
Linux/ARM Connect Back /bin/sh Shellcode
Posted Feb 29, 2016
Authored by Xeon

95 bytes small Linux/ARM connect back to ip:port with /bin/sh shellcode.

tags | shellcode
systems | linux
SHA-256 | 862488148cff154d3e46b87741bb714cd23a1ee3beb98ca891065e92e484b066
WordPress More Fields 2.1 Cross Site Request Forgery
Posted Feb 29, 2016
Authored by Aatif Shahdad

WordPress More Fields plugin versions 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 906328027e2d34e5ffabc680e80bf4a58c0cad693359ae0eccd0ee17d378a5d2
GpicView 0.2.5 Buffer Overflow
Posted Feb 29, 2016
Authored by David Silveiro

GpicView version 0.2.5 buffer overflow crash proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | d02a27f6326edac3336bb36dac367b061870cccfa1778239241bf20194b30a07
Fing 3.3.0 Persistent Mail Encoding
Posted Feb 29, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Fing version 3.3.0 suffers from a persistent mail encoding vulnerability.

tags | exploit
SHA-256 | 7b2b2a6aa9e6305baa1e2225868b94e22b5f9306572b25675ef6534b0e5fb65a
WP Good News Themes Cross Site Scripting
Posted Feb 29, 2016
Authored by Milad Hacking, Vulnerability Laboratory | Site vulnerability-lab.com

WP Good News Themes suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2f6dbc8068ac0fc495a40430881c904a267917e4664027d378ea34d6fa60b893
CISTI'2016 Call For Papers
Posted Feb 29, 2016
Site aisti.eu

The Call For Papers for CISTI'2016 Workshops has been announced. It will be held in Gran Canaria, Canary Islands, Spain between the 15th and 18th of June 2016.

tags | paper, conference
SHA-256 | 7cba86d53aa3d2df673016e9869589db3f8b697f4d2c7f290534c602dbac7c81
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close