Exploit the possiblities
Showing 1 - 25 of 46 RSS Feed

Files Date: 2016-03-23

Nmap Port Scanner 7.11
Posted Mar 23, 2016
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Added some support and fixed some crashes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
MD5 | 810902e1a71d8f5f9668a89561f03cc2
I2P 0.9.25
Posted Mar 23, 2016
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates and bug fixes.
tags | tool
systems | unix
MD5 | 27e817afd43a72e651879ef3ed660bed
CA Single Sign-On Web Agents Information Disclosure / Denial Of Service
Posted Mar 23, 2016
Authored by Kevin Kotas, Michael Brooks | Site www3.ca.com

CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Michael Brooks of BishopFox alerted CA to vulnerabilities that can allow a remote attacker to cause a denial of service or possibly gain sensitive information. CA has fixes that address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2015-6853, CVE-2015-6854
MD5 | ea6cfd50604423801445013893f8aff9
Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password
Posted Mar 23, 2016
Authored by Gianni Carabelli

Plain text hardcoded passwords have been discovered in /bin/busybox and /bin/dropbear for Zyxel MAX3XX series Wimax CPEs.

tags | exploit
MD5 | 72a7a8ae063dc2679dc4abc2a4f7c4e2
Apache Qpid Proton 0.12.0 SSL Failure
Posted Mar 23, 2016
Authored by M. Farrellee

Messaging applications using the Proton Python API to provision an SSL/TLS encrypted TCP connection may actually instantiate a non-encrypted connection without notice if SSL support is unavailable. This will result in all messages being sent in the clear without the knowledge of the user. Apache Qpid Proton python API versions starting at 0.9 and up to 0.12.0 are affected.

tags | advisory, tcp, python
advisories | CVE-2016-2166
MD5 | 027fbe7b9c88dfd3e93b88750fb08319
Facebook Messenger Certification Validation
Posted Mar 23, 2016
Authored by Sean Wright

The Facebook social networking service includes a mobile application called Messenger that allows users to send private messages to their Facebook contacts. Although the application uses HTTPS to communicate with the backend servers, insufficient validation (only when the device is configured to use a proxy) of the certificates returned by these servers leaves the application open to man-in-the-middle (MITM) attacks.

tags | advisory, web
MD5 | 701bf0ea4e142669addc991a3299d6c2
CCTV-DVR Remote Code Execution
Posted Mar 23, 2016
Authored by Exodus

CCTV-DVR remote code execution exploit that affects over 70 different vendors.

tags | exploit, remote, code execution
MD5 | 590ef34b4d4d995ad7a5ea072c262e60
HTTPS Only 3.1
Posted Mar 23, 2016
Authored by David Leo | Site httpsonly.net

HTTPS Only is a tool that ensures specific sites visited from your browser only transit over HTTPS.

Changes: Various updates.
tags | tool, web
systems | unix
MD5 | e2206fc2d54a7429478afca32cd60089
DirectAdmin CP 1.50.0 Cross Site Request Forgery
Posted Mar 23, 2016
Authored by Ehsan Hosseini | Site vulnerability-lab.com

DirectAdmin CP version 1.50.0 suffers from a client-side cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | d7f7b7edd926935189e8fbe71415f7b9
WordPress Issuu Panel 1.6 Remote / Local File Inclusion
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Issuu Panel plugin version 1.6 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 4415f30d08718840e8a97cd7f6a6e2ed
WordPress Facebook With Login 1.0 Cross Site Scripting / SQL Injection
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Facebook With Login plugin version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 85534f4639916e912befef98852a512e
WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | f0699e5cd4d047d454faf0fbdd8f86a1
Comodo DLL Hijacking
Posted Mar 23, 2016
Authored by Stefan Kanthak

Comodo's installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 4e1b4ca74c3115fbbe1897749ea3de93
Red Hat Security Advisory 2016-0495-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0495-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-1950
MD5 | 4515c2ca3a2a8f9878694d9b28206825
Debian Security Advisory 3529-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3529-1 - Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure.

tags | advisory, web, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-8346, CVE-2015-8473, CVE-2015-8474, CVE-2015-8537
MD5 | 4b47cda84b5fd89df2256ceb8783c603
Debian Security Advisory 3528-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3528-1 - Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-8833
MD5 | 6c9f78c18011d5180c2579d09d7101e9
Cisco Security Advisory 20160323-l4f
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Wide Area Application Services (WAAS) Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability by routing a crafted TCP segment through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a denial of service (DoS) condition. To exploit this vulnerability, the attacker needs to route a crafted TCP segment through an egress interface of a device because the vulnerable function is an output feature of the software. In addition, the WAAS Express feature must be enabled on the interface, typically a WAN interface. In most deployments, this means crafted traffic must be initiated from within a device to exploit the vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, tcp
systems | cisco
MD5 | 17af4d424262b70413c4e894c52ae972
Cisco Security Advisory 20160323-lisp
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Locator/ID Separation Protocol (LISP) of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an unauthenticated, remote attacker to cause a reload of the vulnerable device. The vulnerability is due to a lack of proper input validation when a malformed LISP packet header is received. An attacker could exploit this vulnerability by sending a malformed LISP packet on UDP port 4341. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, denial of service, udp, protocol
systems | cisco
MD5 | 29b341252a9550a4e137d8e730245d80
Cisco Security Advisory 20160323-smi
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.

tags | advisory, remote, denial of service, tcp
systems | cisco, osx
MD5 | 748847f923f39a4ebca45945ba1c299c
Cisco Security Advisory 20160323-ios-ikev2
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

tags | advisory, remote, udp
systems | cisco, osx
MD5 | 521b0dbae5b3f8db2decb01b0f8012bc
Cisco Security Advisory 20160323-sip
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.

tags | advisory, remote, protocol, memory leak
systems | cisco, osx
MD5 | 04a214260ad60368b306ab6546597412
Cisco Security Advisory 20160323-dhcpv6
Posted Mar 23, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | cc3a65013c615319c880774f0e3e19d8
Ubuntu Security Notice USN-2939-1
Posted Mar 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2939-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784
MD5 | dbf2b058ae7200e0490a23c8a5616b67
Debian Security Advisory 3526-1
Posted Mar 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3526-1 - It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8792
MD5 | 41136babfa7a6001e2465c94d55e3237
Red Hat Security Advisory 2016-0497-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0497-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-2315, CVE-2016-2324
MD5 | 495bfc638e332a9036738db99be359ec
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close