what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2016-03-23

Nmap Port Scanner 7.11
Posted Mar 23, 2016
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Added some support and fixed some crashes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | dfc95db3a8ee4c56650dbaa5a1a1e989b2963de8faea2531c21e6fd6e0bccc2a
I2P 0.9.25
Posted Mar 23, 2016
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates and bug fixes.
tags | tool
systems | unix
SHA-256 | daaac2b5a5a6b5bbd4b805f76e14f6a7c201dfd7c1cf43c98e182d2e657d1236
CA Single Sign-On Web Agents Information Disclosure / Denial Of Service
Posted Mar 23, 2016
Authored by Kevin Kotas, Michael Brooks | Site www3.ca.com

CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Michael Brooks of BishopFox alerted CA to vulnerabilities that can allow a remote attacker to cause a denial of service or possibly gain sensitive information. CA has fixes that address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2015-6853, CVE-2015-6854
SHA-256 | e4d264a08af7ea40239a2e704d5c538492c6b233c83ff5f9941ca85ac6a5f151
Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password
Posted Mar 23, 2016
Authored by Gianni Carabelli

Plain text hardcoded passwords have been discovered in /bin/busybox and /bin/dropbear for Zyxel MAX3XX series Wimax CPEs.

tags | exploit
SHA-256 | 1bc5c071cbf8b319d60aa2b1977e287555fe15a20c2bad788a3e9e49ae3bc5e6
Apache Qpid Proton 0.12.0 SSL Failure
Posted Mar 23, 2016
Authored by M. Farrellee

Messaging applications using the Proton Python API to provision an SSL/TLS encrypted TCP connection may actually instantiate a non-encrypted connection without notice if SSL support is unavailable. This will result in all messages being sent in the clear without the knowledge of the user. Apache Qpid Proton python API versions starting at 0.9 and up to 0.12.0 are affected.

tags | advisory, tcp, python
advisories | CVE-2016-2166
SHA-256 | 68f91e3dd01e746dfc1937199c650b9c4fab137baa29178d81db86380e0218cd
Facebook Messenger Certification Validation
Posted Mar 23, 2016
Authored by Sean Wright

The Facebook social networking service includes a mobile application called Messenger that allows users to send private messages to their Facebook contacts. Although the application uses HTTPS to communicate with the backend servers, insufficient validation (only when the device is configured to use a proxy) of the certificates returned by these servers leaves the application open to man-in-the-middle (MITM) attacks.

tags | advisory, web
SHA-256 | 74652a5aec3baf181af6b9812022ab2b21dfb9d934a01d021673079a04ae47d6
CCTV-DVR Remote Code Execution
Posted Mar 23, 2016
Authored by Exodus

CCTV-DVR remote code execution exploit that affects over 70 different vendors.

tags | exploit, remote, code execution
SHA-256 | ce95b1ee4ba9240a2e96a1eda958a74e90a4d5e1502c5ba9760eab017bf280a0
HTTPS Only 3.1
Posted Mar 23, 2016
Authored by David Leo | Site httpsonly.net

HTTPS Only is a tool that ensures specific sites visited from your browser only transit over HTTPS.

Changes: Various updates.
tags | tool, web
systems | unix
SHA-256 | 2f05a5ad6f7916b74543a8d3194f6c5a0cc538ddd060a0921f0ccadb08ee13da
DirectAdmin CP 1.50.0 Cross Site Request Forgery
Posted Mar 23, 2016
Authored by Vulnerability Laboratory, Ehsan Hosseini | Site vulnerability-lab.com

DirectAdmin CP version 1.50.0 suffers from a client-side cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 59c77cb56e0789e4be014bd2c1a38ee5e97e95966d145442a7b1499c24efd156
WordPress Issuu Panel 1.6 Remote / Local File Inclusion
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Issuu Panel plugin version 1.6 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | a996002a712018e88a8aed792ec836191644cec4370e3d309eaea43f8351f730
WordPress Facebook With Login 1.0 Cross Site Scripting / SQL Injection
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Facebook With Login plugin version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 2f3c9ec821c6469b3456f8e8bc410758420a9186932941f949810b1a0ee536be
WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | a62b01c936bc067331799d9144b2109ebfa8892e7e59e632b01f1f691ccb0d19
Comodo DLL Hijacking
Posted Mar 23, 2016
Authored by Stefan Kanthak

Comodo's installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 39dd4ee8c3ac0b62707f66921fcfd62cc92494094f64c900b4c4f5e78fed2945
Red Hat Security Advisory 2016-0495-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0495-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-1950
SHA-256 | e62e55b7facaf86e4436e3627f2fd1668a6dde632b5a3e0917d5aed3396fa121
Debian Security Advisory 3529-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3529-1 - Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure.

tags | advisory, web, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-8346, CVE-2015-8473, CVE-2015-8474, CVE-2015-8537
SHA-256 | 3c4bd36e3f4f56c4d2db7e9d3f4f6240302caccb9ba58ac01e47ebbb76aee5b6
Debian Security Advisory 3528-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3528-1 - Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-8833
SHA-256 | 91076704061523e8bd8949e259aa2c51fc44e8643687d0d0a6c85c950b421c2c
Cisco Security Advisory 20160323-l4f
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition. To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, tcp
systems | cisco
SHA-256 | 8c9151ca025717f5aea4d7b8e3bc65979100a2c12ccc7b8bf41bf75ee4e096d7
Cisco Security Advisory 20160323-lisp
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Locator/ID Separation Protocol (LISP) of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device. The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received. An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, denial of service, udp, protocol
systems | cisco
SHA-256 | 1d37c1dacd7682c9ff94e7579f5aa202f95e8e0753652ea482a401163e4f4696
Cisco Security Advisory 20160323-smi
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.

tags | advisory, remote, denial of service, tcp
systems | cisco, osx
SHA-256 | 18b930eb75967cb7ea01a0eaf7a974f21b10af07b68ca43711cc30f589a17f1c
Cisco Security Advisory 20160323-ios-ikev2
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

tags | advisory, remote, udp
systems | cisco, osx
SHA-256 | 210ad4da6ac20b8601b82dc32071c53bf698d18f5db91e2d3b3ed794abbfca80
Cisco Security Advisory 20160323-sip
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.

tags | advisory, remote, protocol, memory leak
systems | cisco, osx
SHA-256 | 82f7616aeeffff2c3526a5e32f3ec5032d0965215fa1730a4b03b1956abd77b3
Cisco Security Advisory 20160323-dhcpv6
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 4b7b9f267c20abe07e7b17e66c8b870b9a8e0b20a8cd0ef535d5c77533548d70
Ubuntu Security Notice USN-2939-1
Posted Mar 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2939-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784
SHA-256 | 31a04cc1e394b8107383398fd69a54b55358e90cbaacb507ee0a0b40e97b151a
Debian Security Advisory 3526-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3526-1 - It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8792
SHA-256 | e17fe6d624441bcd832b90facbdb9a9ed02233c8966a0650fe4993cb2060aeb4
Red Hat Security Advisory 2016-0497-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0497-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-2315, CVE-2016-2324
SHA-256 | 212fda6729a6768d6f7ad3d832d6f9ef4276e13fe9fc71f9ae59f9653f50af59
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close