accept no compromises
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-02-08

FireHOL 3.1.2
Posted Feb 8, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Included user policies in chains before handling orphans. Saved firewall contents made reproducible by always zeroing counters and removing the dates from comments. Various other updates.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | f6d1f099872da8b6af258b67e4e51189
Microsoft Office Word Malicious Macro Execution
Posted Feb 8, 2017
Authored by sinn3r | Site metasploit.com

This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.

tags | exploit
systems | windows
MD5 | c1a49f79dbc7ac2992732441a08b8995
EMC Isilon InsightIQ Authentication Bypass
Posted Feb 8, 2017
Site emc.com

EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.

tags | advisory, bypass
advisories | CVE-2017-2765
MD5 | d92586473d4adb42421cb749cab5a715
JUNG Smart Visu Server 1.0.8x Path Traversal / Backdoor Accounts
Posted Feb 8, 2017
Authored by T. Weber | Site sec-consult.com

JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.

tags | exploit, vulnerability
MD5 | a430b54aba9641238f193bcacf9c48b5
Stegano 0.6.4
Posted Feb 8, 2017
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: A command line for the red module has been added. Fixed a bug in the lsb-set command line.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 2bf8e84f0e364bd8eb29908002536cdc
Red Hat Security Advisory 2017-0259-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0259-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-9565, CVE-2016-9566
MD5 | f68c3e3df95bbd0e1b3601f6e3a9a4fd
Red Hat Security Advisory 2017-0260-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0260-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The gdeploy package provides Ansible modules to setup and configure GluterFS. Multiple security issues have been addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-9587
MD5 | a626bedfa1ac5fb87996fa7c50fb73d5
Red Hat Security Advisory 2017-0258-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0258-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-9565, CVE-2016-9566
MD5 | 7d3a76f28c2fd222c5d98ff75fca22bc
Proxmark Iceman Fork 1.6.9
Posted Feb 8, 2017
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.

Changes: Some bug fixes and multiple additions.
tags | tool
systems | unix
MD5 | 635ccdc1a364e0922c85c5009cf0eb3d
Ubuntu Security Notice USN-3194-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 0e20f36eb780736730028ff4372ad61d
Ubuntu Security Notice USN-3180-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3180-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
MD5 | 060b6cc148a661d4b0067b78d465e12a
Western Digital My Cloud 2.21.119 Authentication Bypass
Posted Feb 8, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud with firmware version 2.21.119 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | f46c4b926e69f43a369a3377142d32e0
Linux/x86 Reverse TCP Alphanumeric Staged Shellcode
Posted Feb 8, 2017
Authored by Snir Levi

103 bytes small Linux/x86 reverse TCP alphanumeric staged shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | 2c1496def1028a35176e13741c1ddcc9
WordPress wp-json Content Injection
Posted Feb 8, 2017
Authored by Larry W. Cashdollar, Marc Montipas

WordPress wp-json API content injection exploit proof of concept.

tags | exploit, proof of concept
MD5 | fa42f8c002a21ad5018cfc312ecd960f
SumatraPDF 3.1.2 DLL Hijacking
Posted Feb 8, 2017
Authored by Stefan Kanthak

SumatraPDF version 3.1.2 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | cc365f1651e1ac9cbdb32e98b0dfeebe
Clone Script Directory Script 1.1.0 SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Clone Script Directory Script version 1.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 903d746c6a65b44c56d723613ed14b9a
Muviko Video CMS SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Muviko Video CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 16cefdfbedc0f03a3978b4234fd50323
Multi Outlets POS 3.1 SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Multi Outlets POS version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0772513861c3c19d4965c88a7df197d7
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close