Exploit the possiblities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2016-10-10

Mobius Forensic Toolkit 0.5.26
Posted Oct 10, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of C++ API changes. Various other improvements.
tags | tool, python, forensics
MD5 | c8cfc5982d32602b5f1b357feee8f245
Tinc Virtual Private Network Daemon 1.0.29
Posted Oct 10, 2016
Authored by Ivo Timmermans | Site tinc.nl.linux.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: Fixed UDP communication with peers with link-local IPv6 addresses. Ensured compatibility with OpenSSL 1.1.0. Ensured autoreconf can be run without requiring autoconf-archive. Now logs warnings about dropped packets only at debug level 5.
tags | tool, encryption
systems | unix
MD5 | bb7d2a672dd6958372da23fd764ba067
Mandos Encrypted File System Unattended Reboot Utility 1.7.13
Posted Oct 10, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 9b59a0e5eb18aa29c59221d2e29c1dd8
GNU Transport Layer Security Library 3.4.16
Posted Oct 10, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
MD5 | c73afab887cce4064df94283d13d825d
GNU Transport Layer Security Library 3.3.25
Posted Oct 10, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.

Changes: Various updates.
tags | protocol, library
MD5 | 00ec77f05cc0b970f44dad0cd0c67fb9
Powershell Payload Execution
Posted Oct 10, 2016
Authored by Matt Andreko, RageLtMan | Site metasploit.com

This Metasploit module generates a dynamic executable on the session host using .NET templates. Code is pulled from C

tags | exploit
systems | windows
MD5 | 0dcc3eb75c6e975b2168fec769526fd5
Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
Posted Oct 10, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels built in: 3.8.0-19-generic (13.04 default) 3.11.0-12-generic (13.10 default) 3.11.0-15-generic (13.10) This exploit may take up to 13 minutes to run due to a decrementing (1/sec) pointer which starts at 0xff*3 (765 seconds)

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | f3b6c4e0beead8eebe4c182da3752bd8
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
Posted Oct 10, 2016
Authored by h00die, KotCzarny | Site metasploit.com

This Metasploit module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices.

tags | exploit
MD5 | 32179e6db04a6f9a2f0eb177393f0d3d
Wireless Keyboard Set LX901 GK900 Replay Attack
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.

tags | advisory
MD5 | b2e2f5586748b67b748f9ac80253a72f
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
MD5 | b8100d53ca3844d785d9989a182491f2
Android Qualcomm GPS/GNSS Man-In-The-Middle
Posted Oct 10, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.

tags | exploit, java, denial of service
advisories | CVE-2016-5348
MD5 | 203f0bfd030998e5141cfa3444b35526
ZendStudio IDE 13.5.1 Privilege Escalation
Posted Oct 10, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ZendStudio IDE version 13.5.1 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 0ee701b1e8d18163500ed77eeb3357ed
Gentoo Linux Security Advisory 201610-04
Posted Oct 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-4 - Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator. Versions less than 1.7.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3591, CVE-2015-0837, CVE-2015-7511, CVE-2016-6313
MD5 | 147a44bea15a80b98804e1aa1fcdfe21
Gentoo Linux Security Advisory 201610-03
Posted Oct 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-3 - A buffer overflow in Quagga might allow remote attackers to execute arbitrary code. Versions less than 1.0.20160315 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-2342
MD5 | 69c65c932771fd13ec9cb35a24d286ca
Red Hat Security Advisory 2016-2043-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2043-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 6da0bd40a5c680d7049e0626fa3561ef
Red Hat Security Advisory 2016-2041-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2041-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 00439dca5936623548075e128c80ca9d
Red Hat Security Advisory 2016-2039-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2039-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | dbcb237a375ddc6cfcddaa0b3e249510
Red Hat Security Advisory 2016-2040-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2040-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 705c299413c2e0c6b10fe75d900f1590
Red Hat Security Advisory 2016-2042-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2042-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | fb6bc39c8beacf7811e0910541b0173f
Red Hat Security Advisory 2016-2038-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2038-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | b5bd49e8785f83f482f50a3e8ac1eab9
HP Client Automation 7.9 Command Injection
Posted Oct 10, 2016
Authored by slidingwindow0xff

HP Client Automation remote command injection exploit that adds backdoor accounts and provides a reverse shell. Author tested on version 7.9 but believes it should also work on 8.1, 9.0, and 9.1.

tags | exploit, remote, shell
advisories | CVE-2015-1497
MD5 | 67ab6e5588817394db2e3d945fd4c7e5
Apache Tomcat 8 / 7 / 6 Privilege Escalation
Posted Oct 10, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros.

tags | exploit
systems | linux, redhat
advisories | CVE-2016-5425
MD5 | f3c04168ae0abb155248a68219096e68
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close