Exploit the possiblities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2016-11-23

Blue Team Training Toolkit (BT3) 2.1
Posted Nov 23, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New Mocksum module added, improved Maligno HTTP method support, minor adjustments.
tags | tool, python
systems | unix
MD5 | 4e79eb042eb823afaf5a229f2344c8fe
FireHOL 3.0.2
Posted Nov 23, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fixed transparent_proxy IPV6 output. Added manual page for cthelper. Added connlimit to blacklist and iptrap. Added stateful option to blacklist. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 1f24ed2af728ba73cdf9e51337f2d43b
Linux Kernel 4.6.3 Netfilter Privilege Escalation
Posted Nov 23, 2016
Authored by h00die, vnik | Site metasploit.com

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2016-4997
MD5 | 3749f597d7dba9ade2186bcc9aef3668
Linux Kernel 2.6.x pipe.c Privilege Escalation
Posted Nov 23, 2016
Authored by Spender

Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2009-3547
MD5 | 7cd715daa187357bd1edf4c0cb587cbc
Linux Kernel 2.6.32-rc1 x86_64 Register Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.

tags | exploit, kernel, proof of concept
systems | linux
MD5 | d243180fe92ea99f0ca63f222c678db2
Linux Kernel 2.6.18 move_pages() Information Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.

tags | exploit, kernel, info disclosure
systems | linux
advisories | CVE-2010-0415
MD5 | 78ca6c1797fc7d2f33407cc5cf28ac5b
Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
MD5 | aef9f3339073a9ee80368ab5ac42e3e2
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
MD5 | f93defe9672b26e5f08c198f16c16202
Chrome Blink SpeechRecognitionController Use-After-Free
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2015-1251
MD5 | 58cecd42033cec65bf344dd36af29db5
Red Hat Security Advisory 2016-2820-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705
MD5 | 491b87cff099497464b93aa7323a6ffb
Red Hat Security Advisory 2016-2819-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
MD5 | c634ff0bf43812c5d02354fde3c6e91a
Linux Kernel 2.6.32-642 / 3.16.0-4 Inode Integer Overflow
Posted Nov 23, 2016
Authored by Todor Donev

Linux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.

tags | exploit, overflow, kernel, proof of concept
systems | linux
MD5 | 5e4bac26711257f2b173173b9a893edf
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 75bd302689d825abf438d908c7aeabce
Red Hat Security Advisory 2016-2816-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-8626
MD5 | c53faf50d2f9b17fdb12d61c106fa9c9
Red Hat Security Advisory 2016-2815-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-8626
MD5 | 40e849086f142342f2fe5a0a631b942a
Microsoft Internet Explorer 8 8 MSHTML SRunPointer::SpanQualifier/RunType Out-Of-Bounds Read
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.

tags | exploit, web
advisories | CVE-2015-0050
MD5 | 4d0b3ffce8b8ea73636475ad12f99828
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
Posted Nov 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

EasyPHP Devserver version 16.1.1 suffers from cross site request forgery and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, csrf
MD5 | 1c30f5d29d417d09aa93e89605fff2f7
Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials
Posted Nov 23, 2016
Authored by Zach Lanier

Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2016-5639
MD5 | 5b5026c9de1a7593e6278ffca75951c1
Huawei UTPS UTPS-V200R003B015D16SPC00C983 Privilege Escalation
Posted Nov 23, 2016
Authored by Dhruv Shah

Huawei UTPS software version UTPS-V200R003B015D16SPC00C983 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
advisories | CVE-2016-8769
MD5 | a99ab7c10a0cbc6bec9f3c753f2bc5e6
Acunetix 10.0 DLL Hijacking
Posted Nov 23, 2016
Authored by Ashiyane Digital Security Team

Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | c7d17948b507cc164092b9290f9294d3
Linux Reboot Shellcode
Posted Nov 23, 2016
Authored by MALWaRE43

89 bytes small /bin/sh -c reboot shellcode for Linux.

tags | shellcode
systems | linux
MD5 | 6ebbbd4d2b92ca81bfde6be3923f77da
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close