seeing is believing
Showing 1 - 25 of 506 RSS Feed

Files Date: 2016-11-01 to 2016-11-30

FireHOL 3.1.0
Posted Nov 29, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Rework installation to make full use of autoconf results in all programs. Option to disable wizard added. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 57beb36c4bd81f20966928a4fb627d11
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect
Posted Nov 29, 2016
Authored by LiquidWorm | Site zeroscience.mk

Input passed via the '_redirect' GET parameter via 'service.cgi' script on various Peplink VPN-Firewall devices is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

tags | exploit, arbitrary, cgi
MD5 | 5af9c98feacf1c9f241e8c52fcc8846f
WinPower 4.9.0.4 Privilege Escalation
Posted Nov 29, 2016
Authored by Kacper Szurek

WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.

tags | exploit, proof of concept
MD5 | ed0607905b845ef7350dce9ad139b90e
Zurb Foundation 5.5.3 / 5.5.1 Cross Site Scripting
Posted Nov 29, 2016
Authored by Winni Neessen

Zurb Foundation versions 5.5.1 and 5.5.3 suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | d76ca8deb88a2741d8e25843dfbaeef5
WordPress Insert Html Snippet 1.2 Cross Site Request Forgery
Posted Nov 29, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 70597e9717e758afa7044c6df0d23a30
Red Hat Security Advisory 2016-2823-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2823-01 - This release of Red Hat JBoss BRMS 6.4.0 serves as a replacement for Red Hat JBoss BRMS 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | 94227be66643a4ce9aa75b2772e98354
Red Hat Security Advisory 2016-2825-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2825-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-5290
MD5 | b7a04efb82d5871e8b28dcd19229f9fa
Red Hat Security Advisory 2016-2822-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2822-01 - This release of Red Hat JBoss BPM Suite 6.4.0 serves as a replacement for Red Hat JBoss BPM Suite 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | dee7c00f687aff53c5ce4a18baf8b732
Google Chrome Accessibility blink::Node Corruption
Posted Nov 29, 2016
Authored by SkyLined

A specially crafted web-page can trigger an unknown memory corruption vulnerability in Google Chrome Accessibility code. An attacker can cause code to attempt to execute a method of an object using a vftable, when the pointer to that object is not valid, or the object is not of the expected type. Successful exploitation can lead to arbitrary code execution.

tags | exploit, web, arbitrary, code execution
MD5 | ab98628c1095fe66451caf0ac7387408
Evilgrade - The Update Exploitation Framework 2.0.8
Posted Nov 29, 2016
Authored by Francisco Amato | Site infobyte.com.ar

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

Changes: ASUS OEM LiveUpdate module added. OpenBazaar module added. Various updates and bug fixes.
tags | tool, spoof
systems | unix
MD5 | 49882afcf281d2336135649f9f846930
Botan C++ Crypto Algorithms Library 1.10.14
Posted Nov 29, 2016
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: Various updates.
tags | library
MD5 | e05505ff149a151d8a636928a77cde9f
Ubuntu Security Notice USN-3139-1
Posted Nov 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3139-1 - Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1248
MD5 | 8c65c9036076b54e0594e3d6963c865a
Eagle Speed USB Modem Software Privilege Escalation
Posted Nov 29, 2016
Authored by R-73eN

Eagle Speed USB modem software suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 67a4ea9e0ca59f6d85e2f3fa2dc01b16
Nuit Du Hack 2017 Call For Papers
Posted Nov 29, 2016
Authored by Nuit Du Hack

The Nuit Du Hack Call For Papers for 2017 has been announced. It will be held June 24th through the 25th, 2017 in Paris, France.

tags | paper, conference
MD5 | 0a4cd7ad44964e211e56f0d4e1a07931
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
Posted Nov 29, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
MD5 | 1c5bac58a0fdaf56c3881bb3ed6e6585
BloomCON 2017 Call For Papers
Posted Nov 29, 2016
Site bloomcon.com

The BloomCON 2017 Forensics and Security conference will be held March 24th through the 25th, 2017 in Bloomsburg, PA, USA.

tags | paper, conference
MD5 | 760e48cafe7c8b9bbc431306e2c8ba53
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
Posted Nov 29, 2016
Authored by Taurus Omar

Biesta Billing version 4.0 Beta suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
MD5 | ffa53f44ee22e91a14f026523a749b80
Red Hat Security Advisory 2016-2824-01
Posted Nov 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2824-01 - Expat is a C library for parsing XML documents. Security Fix: An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-0718
MD5 | 754a9be94b6674126e6bd29781af1cba
Ubuntu Security Notice USN-3138-1
Posted Nov 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3138-1 - Markus Doering discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2016-9243
MD5 | 7af8fd9033167a619d1f40c7d195fbcb
Ubuntu Security Notice USN-3135-2
Posted Nov 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3135-2 - USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | 8efb30ba821a826eea7c446f7a0ea77a
Debian Security Advisory 3725-1
Posted Nov 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3725-1 - Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9911, CVE-2015-2632, CVE-2015-4844, CVE-2016-0494, CVE-2016-6293, CVE-2016-7415
MD5 | 999ff3a6c8613cc49e208b4bf2335876
Tenda / D-Link / TP-Link DHCP Cross Site Scripting
Posted Nov 28, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

Tenda, D-Link, and TP-Link routers suffer from a DHCP-related cross site scripting vulnerability.

tags | exploit, xss
MD5 | 35203611e6c87286765993d433525561
Schoolhos CMS 2.29 SQL Injection
Posted Nov 28, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

Schoolhos CMS version 2.29 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9322838288cec4efea647f3760bc4e8e
Microsoft Internet Explorer MSHTML DOMImplementation Type Confusion
Posted Nov 28, 2016
Authored by SkyLined

A specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause code to be executed with a stack layout it does not expect, or have code attempt to execute a method of an object using a vftable, when that object does not have a vftable. Successful exploitation can lead to arbitrary code execution.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2016-0063
MD5 | a39c2c649d0580dbcfd87e206179520a
Sync Breeze Enterprise 9.1.16 Buffer Overflow
Posted Nov 28, 2016
Authored by Tulpa

Sync Breeze Enterprise version 9.1.16 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | d41f9c50741d4e3cbaac5d784239a86b
Page 1 of 21
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close