what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-11-29

FireHOL 3.1.0
Posted Nov 29, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Rework installation to make full use of autoconf results in all programs. Option to disable wizard added. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | ed5c1d5cd2cd9bf119d8d60416e7c3add765eff5cab598208998aa5d7c2d2619
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect
Posted Nov 29, 2016
Authored by LiquidWorm | Site zeroscience.mk

Input passed via the '_redirect' GET parameter via 'service.cgi' script on various Peplink VPN-Firewall devices is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

tags | exploit, arbitrary, cgi
SHA-256 | 857b49544d6bb02347eefe4f8fad675fde6301b8ceab69e24b15a2ac153324bc
WinPower 4.9.0.4 Privilege Escalation
Posted Nov 29, 2016
Authored by Kacper Szurek

WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.

tags | exploit, proof of concept
SHA-256 | ec522491360ef2eea63aba812282511dbf4434f0517e72db396d11d570822b22
Zurb Foundation 5.5.3 / 5.5.1 Cross Site Scripting
Posted Nov 29, 2016
Authored by Winni Neessen

Zurb Foundation versions 5.5.1 and 5.5.3 suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | f24e729af9e63fb4ce65ccc21a22893690b66398a546e6fe4f1f266b5546ac8d
WordPress Insert Html Snippet 1.2 Cross Site Request Forgery
Posted Nov 29, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 88cdb0cc08fc0716a77ecedb0dcebc1babd0f1b3b9aff65d890c24afc0b2ffb3
Red Hat Security Advisory 2016-2823-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2823-01 - This release of Red Hat JBoss BRMS 6.4.0 serves as a replacement for Red Hat JBoss BRMS 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
SHA-256 | 8dbab47734f09bd5535d85680eeb30af3067f1855c752393866e2574216e77c4
Red Hat Security Advisory 2016-2825-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2825-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-5290
SHA-256 | 54ff8650e4490e85629a750535d3779d73f23bb595e59bd9e223f6a5ed9a9cac
Red Hat Security Advisory 2016-2822-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2822-01 - This release of Red Hat JBoss BPM Suite 6.4.0 serves as a replacement for Red Hat JBoss BPM Suite 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
SHA-256 | 6a3f71e3995dd45560a98eb9719679794b13ea13a4d9ddd7133a684f5961eaf8
Google Chrome Accessibility blink::Node Corruption
Posted Nov 29, 2016
Authored by SkyLined

A specially crafted web-page can trigger an unknown memory corruption vulnerability in Google Chrome Accessibility code. An attacker can cause code to attempt to execute a method of an object using a vftable, when the pointer to that object is not valid, or the object is not of the expected type. Successful exploitation can lead to arbitrary code execution.

tags | exploit, web, arbitrary, code execution
SHA-256 | 2e778c3221fa3eaf8abf088d1e8b32a2d106db4dc5bdebdb26527e31a4f3f729
Evilgrade - The Update Exploitation Framework 2.0.8
Posted Nov 29, 2016
Authored by Francisco Amato | Site infobyte.com.ar

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

Changes: ASUS OEM LiveUpdate module added. OpenBazaar module added. Various updates and bug fixes.
tags | tool, spoof
systems | unix
SHA-256 | 2b34668f668604c1c71f5d4ca8461268f4bcccc5cbb057426e1138e95eefc13f
Botan C++ Crypto Algorithms Library 1.10.14
Posted Nov 29, 2016
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: Various updates.
tags | library
SHA-256 | 10ed0b394db165733ac9557d8656356b7e9744d38c61c2b9c44cba6d84ff4c1c
Ubuntu Security Notice USN-3139-1
Posted Nov 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3139-1 - Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1248
SHA-256 | cd7c375a66724dd2cd449203c8cca7ddce33d575128a34810feae44d65173725
Eagle Speed USB Modem Software Privilege Escalation
Posted Nov 29, 2016
Authored by R-73eN

Eagle Speed USB modem software suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | cda286f25eab66e0cb5e9bd9dbeff7eac9f7849b3309554eb2bade42c4c55f4d
Nuit Du Hack 2017 Call For Papers
Posted Nov 29, 2016
Authored by Nuit Du Hack

The Nuit Du Hack Call For Papers for 2017 has been announced. It will be held June 24th through the 25th, 2017 in Paris, France.

tags | paper, conference
SHA-256 | e589dd16262df00ac4012674fa05b6493b46fe29f2ed4f3c460b5bcccbe62d70
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
Posted Nov 29, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
SHA-256 | 7843ed94a73178cbbad1a3abd757df71b39cbeea28ef32b9271d33b5a8956fe1
BloomCON 2017 Call For Papers
Posted Nov 29, 2016
Site bloomcon.com

The BloomCON 2017 Forensics and Security conference will be held March 24th through the 25th, 2017 in Bloomsburg, PA, USA.

tags | paper, conference
SHA-256 | 58f865c1f369e7110bb46d32ca2ccec101d12594980dbf76f519a6bd31c8ec00
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
Posted Nov 29, 2016
Authored by Taurus Omar

Biesta Billing version 4.0 Beta suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
SHA-256 | 1dbc8d21c6556545a544de74ed9e813e4cb5d2098b52219b9c607c83be2a4e40
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close