hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
0283791b91db9dd7ee7431d8975c63419c73232945b76eedcefbe12becfa19c4hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
54fe501ecc7b5246aaf92eef3f6afc23f985f721ef8d53e5ce5fda7d680f46a2Red Hat Security Advisory 2016-1435-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.9 Release Notes, linked to in the References. Multiple security issues have been addressed.
dec36409f1db8464a059ab01e8ba22bb42c5d3313fb7fb064859dda6b2cd0963Red Hat Security Advisory 2016-1434-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
9a8e4409727b247a7ebae466821413f642efde07ee3e7723a5c7ce8f773ea250Red Hat Security Advisory 2016-1433-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
35bd8a4148689c1a27929208cf6843e664a746e2a01785a0dec3a04ff5e0c5f2Red Hat Security Advisory 2016-1432-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Multiple security issues have been addressed.
6f3886566e926a59135b67d8dd635deae1b47778fd8b00f54cfa44a2c8520776Meinberg NTP Time Server ELX800/GPS M4x version 5.30p suffers from remote command execution and privilege escalation vulnerabilities.
6f1633ae04e491afc092bd0cc7bf524f422ae1a8b4cace3c75f7cbe230c2861aOpenSSHD versions 7.2p2 and below user enumeration exploit.
b69a28b747a4fe5a117cdc11aded97dd15df51cde6788bd96001aa8f57bc36a6Axis Communications MPQT/PACS Server Side Include (SSI) remote format string exploit that provides a connect-back root shell.
581d58f31b42ec0fd4f623e4f07fe9d1a20069ed433eac4bbf372d1675a12c75Red Hat Security Advisory 2016-1420-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
7cede861a05dabf8a87aa3760a62b71b991e7fc3605adcc358f10a01192a48e5Ubuntu Security Notice 3023-1 - It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
3fe98ccb366eec5429c1c3e2cb265917ff74bc9ce1c34996d652c69f97e7db00Ubuntu Security Notice 3038-1 - It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.
74e95b5addef4fc8153088ab09870ab4f82e6df17b22f4b1bc874aa554309f32Red Hat Security Advisory 2016-1421-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
436fc4e839cc2887a759542674a0dc2989aec34c7b74fe6ed4b9921e48d2096dRed Hat Security Advisory 2016-1422-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
87acaf1ab290cbcda124e1031ca7e28dc94b6eaedf153777e3ce2d06a749ae8bDebian Linux Security Advisory 3621-1 - A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes.
50e10d38c3a83eef01688935a8575bd4219f7fbd2d682f2937b749a2ed5fba3eRed Hat Security Advisory 2016-1430-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2e0dead1b133f8a72d51a82a75b7622573a3e29ce6a7ae5ab0f9a63e34cd23a3Debian Linux Security Advisory 3620-1 - Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.
d90effb448b50288f53be7ccd3c3b9c1a05aba6fa608eaa71df88a26c8d7a457Debian Linux Security Advisory 3619-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
3ab1c0b1ddecf980dd4d33f7d66025e28859df01864ca2ce789d9500ed6dfbaeHP Security Bulletin HPSBMU03562 3 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 3 of this advisory.
eed9f65b9705737625677d7e690f7560a269ccc0e480bfd90248f7ddbb67a48fNexthon Whois Website Value Calculator version 1.5 suffers from a remote blind SQL injection vulnerability.
d48fbcedbce7bc9888606207c458e661a0a0bdf61a2a1e7188d99fdaea89f6b5The installer for VeraCrypt version 1.17 suffers from a dll hijacking vulnerability.
da2330e7ad3228c7507f3b754b72ba7cabcaa6c3591eeffcfa8f7886bc98e2c5Codebase Business Directory Pro version 1.02 suffers from a remote SQL injection vulnerability.
d15c4152eaa5d4990211755c774ff35fbdb0b2fd2cad240e48272350019245f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed