FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
f6d1f099872da8b6af258b67e4e51189This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.
c1a49f79dbc7ac2992732441a08b8995EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.
d92586473d4adb42421cb749cab5a715JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.
a430b54aba9641238f193bcacf9c48b5Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
2bf8e84f0e364bd8eb29908002536cdcRed Hat Security Advisory 2017-0259-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
f68c3e3df95bbd0e1b3601f6e3a9a4fdRed Hat Security Advisory 2017-0260-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The gdeploy package provides Ansible modules to setup and configure GluterFS. Multiple security issues have been addressed.
a626bedfa1ac5fb87996fa7c50fb73d5Red Hat Security Advisory 2017-0258-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
7d3a76f28c2fd222c5d98ff75fca22bcThis is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
635ccdc1a364e0922c85c5009cf0eb3dUbuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
0e20f36eb780736730028ff4372ad61dUbuntu Security Notice 3180-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
060b6cc148a661d4b0067b78d465e12aWestern Digital My Cloud with firmware version 2.21.119 suffers from an authentication bypass vulnerability.
f46c4b926e69f43a369a3377142d32e0103 bytes small Linux/x86 reverse TCP alphanumeric staged shellcode.
2c1496def1028a35176e13741c1ddcc9WordPress wp-json API content injection exploit proof of concept.
fa42f8c002a21ad5018cfc312ecd960fSumatraPDF version 3.1.2 suffers from a dll hijacking vulnerability.
cc365f1651e1ac9cbdb32e98b0dfeebeClone Script Directory Script version 1.1.0 suffers from a remote SQL injection vulnerability.
903d746c6a65b44c56d723613ed14b9aMuviko Video CMS suffers from a remote SQL injection vulnerability.
16cefdfbedc0f03a3978b4234fd50323Multi Outlets POS version 3.1 suffers from a remote SQL injection vulnerability.
0772513861c3c19d4965c88a7df197d7
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed