what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-02-08

FireHOL 3.1.2
Posted Feb 8, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Included user policies in chains before handling orphans. Saved firewall contents made reproducible by always zeroing counters and removing the dates from comments. Various other updates.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 2dabf3306920bf685cd64fccd4af57a2c08164437c3589022728c8bcd8d4650f
Microsoft Office Word Malicious Macro Execution
Posted Feb 8, 2017
Authored by sinn3r | Site metasploit.com

This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.

tags | exploit
systems | windows
SHA-256 | 7415a9c1ca3ef854a9f6d2f27ca6e461d7630f6d7777043d3cab28fc430dbf55
EMC Isilon InsightIQ Authentication Bypass
Posted Feb 8, 2017
Site emc.com

EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.

tags | advisory, bypass
advisories | CVE-2017-2765
SHA-256 | 2a49ba5c322887c588a0082e8f9beb3b0588a3dc77722821f03b0d7b0213a873
JUNG Smart Visu Server 1.0.8x Path Traversal / Backdoor Accounts
Posted Feb 8, 2017
Authored by T. Weber | Site sec-consult.com

JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.

tags | exploit, vulnerability
SHA-256 | cf2d0ac3035650b704e93a6417b5d0df5e42066af0f4bc43a4a26516470ff0ed
Stegano 0.6.4
Posted Feb 8, 2017
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: A command line for the red module has been added. Fixed a bug in the lsb-set command line.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | b772e3ece182edf79691ca30e3af7ab6cd981028a01ac70c402db17d3c7a2948
Red Hat Security Advisory 2017-0259-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0259-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-9565, CVE-2016-9566
SHA-256 | 7a48c001f115ba93b88cdf468884c8870faeff90cc50353c074b79dace68f92c
Red Hat Security Advisory 2017-0260-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0260-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The gdeploy package provides Ansible modules to setup and configure GluterFS. Multiple security issues have been addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-9587
SHA-256 | 202b927aacce6a620515bed162f08c7c2d6f86c33a63957ec31ca25637474014
Red Hat Security Advisory 2017-0258-01
Posted Feb 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0258-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-9565, CVE-2016-9566
SHA-256 | 88b73dd0573b8aabffdf9a10ba27358630138a470160f808b243a17456913841
Proxmark Iceman Fork 1.6.9
Posted Feb 8, 2017
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.

Changes: Some bug fixes and multiple additions.
tags | tool
systems | unix
SHA-256 | ef1f678e22cd90af71de78894ae41f394c587a79f50d3227fd66fa5c848d7951
Ubuntu Security Notice USN-3194-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
SHA-256 | ca0c18acba4b88e6e80fee104c08afc6e2119a222bc4f831a5368db334579045
Ubuntu Security Notice USN-3180-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3180-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
SHA-256 | 0de654a056ff41708c63dd08b1a747fefc182fd29bd615cfe0152ef65198a0cc
Western Digital My Cloud 2.21.119 Authentication Bypass
Posted Feb 8, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud with firmware version 2.21.119 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 07f438c38cd48633a9f62d69405eb28f29efca802afed3c49bd9740875178ddc
Linux/x86 Reverse TCP Alphanumeric Staged Shellcode
Posted Feb 8, 2017
Authored by Snir Levi

103 bytes small Linux/x86 reverse TCP alphanumeric staged shellcode.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | 884f4d7a58427b57c40dd909782c13ee937f147e99cec5956b8a22a40d65113b
WordPress wp-json Content Injection
Posted Feb 8, 2017
Authored by Larry W. Cashdollar, Marc Montipas

WordPress wp-json API content injection exploit proof of concept.

tags | exploit, proof of concept
SHA-256 | f2bd654825c2a33cf9a482dda51a1c94d3caf75c65e12399b5758aed301edbbf
SumatraPDF 3.1.2 DLL Hijacking
Posted Feb 8, 2017
Authored by Stefan Kanthak

SumatraPDF version 3.1.2 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 601ed610ba5925a63dea0564014681b1062e030c87127aba26cfeef6284cedb2
Clone Script Directory Script 1.1.0 SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Clone Script Directory Script version 1.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 702147164acc395bf993d0558f2311a5470798a27552724b54402693022baddf
Muviko Video CMS SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Muviko Video CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e0cf0ebaeba45a8abcba550ac764ec03e8dc50d4fc2d9f5a74751b1c008a1238
Multi Outlets POS 3.1 SQL Injection
Posted Feb 8, 2017
Authored by Ihsan Sencan

Multi Outlets POS version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bf26ead7cb156de434c1ff0f58e456124ba52efc3d955149cb4dafba5c807f7
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close