what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2016-11-23

Blue Team Training Toolkit (BT3) 2.1
Posted Nov 23, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New Mocksum module added, improved Maligno HTTP method support, minor adjustments.
tags | tool, python
systems | unix
SHA-256 | f5cd8522d591a0dd1ba1a51efe38a2cf35711c545c26210022790e8d6241ce45
FireHOL 3.0.2
Posted Nov 23, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fixed transparent_proxy IPV6 output. Added manual page for cthelper. Added connlimit to blacklist and iptrap. Added stateful option to blacklist. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 89726c52dece93dfee0c409aba6bbbf3c5eb1b6f1352a6d7e18e3810d01951da
Linux Kernel 4.6.3 Netfilter Privilege Escalation
Posted Nov 23, 2016
Authored by h00die, vnik | Site metasploit.com

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2016-4997
SHA-256 | bf300c0c899733b435995c0ef2a36f7a7f24b72ea483dc9898f85b794dba5bc8
Linux Kernel 2.6.x pipe.c Privilege Escalation
Posted Nov 23, 2016
Authored by Spender

Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2009-3547
SHA-256 | 75d9acb7f4a5e730359a428a3f8ffeafa457fd42af8d7374f068563ad3b0968d
Linux Kernel 2.6.32-rc1 x86_64 Register Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.

tags | exploit, kernel, proof of concept
systems | linux
SHA-256 | b1b558c35419a8907982c5211fe3a645007a4ed810c911987941600803db3d08
Linux Kernel 2.6.18 move_pages() Information Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.

tags | exploit, kernel, info disclosure
systems | linux
advisories | CVE-2010-0415
SHA-256 | c05fdfd283ea5558f5b2b11b7f21af43ae4f388bc69af29cd4cfce64f3668c24
Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg | Site syss.de

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
SHA-256 | b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2d
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg | Site syss.de

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
SHA-256 | aa11c4d5d771f9d150ecfead9f82a16873ca84a8146387dc50c052e29720ecb1
Chrome Blink SpeechRecognitionController Use-After-Free
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2015-1251
SHA-256 | 55331823f8dfff200255c77a7bbd5aa302935b3af6f4e3f1ef14fc56b9da6164
Red Hat Security Advisory 2016-2820-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705
SHA-256 | 09101d18a8872a1fbd6b7d886a1ccee516c5e7b8e80f40ea7d9248d12b1d8f60
Red Hat Security Advisory 2016-2819-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
SHA-256 | c10e120fa474ab10ba77d113aeba63c5f3226b7220d718cf61f8cbf65756abcc
Linux Kernel 2.6.32-642 / 3.16.0-4 Inode Integer Overflow
Posted Nov 23, 2016
Authored by Todor Donev

Linux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.

tags | exploit, overflow, kernel, proof of concept
systems | linux
SHA-256 | 20defbb599c5e84b62933befff3dbdc7d08fdf1cbcf768c8aefb44e16c752bcf
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
SHA-256 | 700cdd3f3460d4db512a15ccc778012b27d14b9d9019961e561b1b27ac8ed277
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7
Red Hat Security Advisory 2016-2816-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-8626
SHA-256 | 139b9b08c711bedadc85f67290f1923e202d4dd9d564f6fee986e44d565ac765
Red Hat Security Advisory 2016-2815-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-8626
SHA-256 | ef405f0bd7b17b62af6a472bc30f36f4a65f15e773f951d2de8b2b16aaddd1c8
Microsoft Internet Explorer 8 8 MSHTML SRunPointer::SpanQualifier/RunType Out-Of-Bounds Read
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.

tags | exploit, web
advisories | CVE-2015-0050
SHA-256 | 401440c68b1412518e4b354f8345508179c046033ef8057964dd02d484e451bc
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
Posted Nov 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

EasyPHP Devserver version 16.1.1 suffers from cross site request forgery and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, csrf
SHA-256 | eda4d8f8037371c5984319f153fb7c221633fa3d30ff01226627c02bed5c0f8a
Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials
Posted Nov 23, 2016
Authored by Zach Lanier

Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2016-5639
SHA-256 | 074016f3af8de3f5aba4073ac2978de1a2f471fab2e93cdc83e0e5e6e533147e
Huawei UTPS UTPS-V200R003B015D16SPC00C983 Privilege Escalation
Posted Nov 23, 2016
Authored by Dhruv Shah

Huawei UTPS software version UTPS-V200R003B015D16SPC00C983 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
advisories | CVE-2016-8769
SHA-256 | af111ecaebdf0489157a897bd2e30ba71575f983ee1d5267b509300f73bbb79a
Acunetix 10.0 DLL Hijacking
Posted Nov 23, 2016
Authored by Ashiyane Digital Security Team

Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | f9156bed3c4501962e7c625db7d1820c157af7c061dbcc82b917eb9966b17fcc
Linux Reboot Shellcode
Posted Nov 23, 2016
Authored by MALWaRE43

89 bytes small /bin/sh -c reboot shellcode for Linux.

tags | shellcode
systems | linux
SHA-256 | d283ae2adba844d13ddf0ac100ad3f983481d8cac7b242ee525dedd4103902e1
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close