the original cloud security
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-02-18

RECON 2017 Call For Papers
Posted Feb 18, 2017
Authored by REC0N Montreal 2017 | Site recon.cx

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada, and as of this year, a new edition of the conference was held in Brussels, Belgium. The Call For Papers closes on April 15th, 2017. The conference takes place June 16th through June 18th, 2017.

tags | paper, conference
MD5 | 6a89928da827961f971dcb651d5bfb5e
Suricata IDPE 3.2.1
Posted Feb 18, 2017
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A handful of features and multiple bug fixes have been added.
tags | tool, intrusion detection
systems | unix
MD5 | 61b5cbb70591ea8ff4b26a0b00214a54
Stegano 0.6.5
Posted Feb 18, 2017
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Added a command to list all available generators for the lsb-set module. Added a test when the data image is coming via byte stream, for the lsb module.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 1e5f7149efdbe891021f573c6ddbc446
Lynis Auditing Tool 2.4.2
Posted Feb 18, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Properly detects SSH daemon version. Various other updates and additions.
tags | tool, scanner
systems | unix
MD5 | 783a9ec54f9035dfc08327828964c062
FireHOL 3.1.3
Posted Feb 18, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: More strict when detecting address ranges. Bug fixes.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 4625f41fc615fd0243b7060535852e2c
QEMU Host Filesystem Arbitrary Access
Posted Feb 18, 2017
Authored by Google Security Research, jannh

QEMU has an issue where virtfs permits a guest to access the entire host filesystem.

tags | advisory
advisories | CVE-2016-9602
MD5 | 44ce981c2743db060165adeb97c78a51
Adobe Flash MP4 AMF Parsing Overflow
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing.

tags | exploit, overflow
advisories | CVE-2017-2992
MD5 | a8fdf97d5a70cb37a9f2b900f4bfb27c
Adobe Flash SWF Stack Corruption
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a stack corruption vulnerability using a fuzzed SWF file.

tags | exploit
advisories | CVE-2017-2988
MD5 | 01a3b9a73a2d2cff9eb2e10a14d936fe
Adobe Flash YUVPlane Decoding Heap Overflow
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability during YUVPLane decoding.

tags | exploit, overflow
advisories | CVE-2017-2986
MD5 | 77ceb32a66d17feef35fb481f0097663
Adobe Flash Bitmapfilter Use-After-Free
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free vulnerability in applying bitmapfilter.

tags | exploit
advisories | CVE-2017-2985
MD5 | 55283af8ab2bd473ff20b1d60cf5d237
Google Chrome Download Filetype Blacklist Bypass
Posted Feb 18, 2017
Authored by Google Security Research, jannh

Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.

tags | exploit, bypass
MD5 | ae38a5ec06fe60eb345dfdafae27e295
Cisco ASA WebVPN CIFS Handling Buffer Overflows
Posted Feb 18, 2017
Authored by Google Security Research, ochang

Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.

tags | advisory, overflow
systems | cisco
advisories | CVE-2017-3807
MD5 | 1b708a5d3eea7c18692ce1592fd30ac2
GDI GDI32!ConvertDxArray Insufficient Bounds Check
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.

tags | exploit
MD5 | d5c354d3e906dfea67a9f054fb19b81d
Microsoft Office Powerpoint 2010 MSO/OART Heap Out-Of-Bounds Access
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.

tags | exploit, x86
systems | windows, 7
MD5 | ca1c82365cc2a1b575eafd2a2e538109
AIEngine 1.7.0
Posted Feb 18, 2017
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Improvements on the DNS to return matched CNAMES records. Now allows big packets of pcap files. Fixed some minor bugs on IMAP, POP and SSL. Various other updates and changes.
tags | tool
systems | unix
MD5 | 3572a02391c125a9e49ebe8525357e20
Microsoft Office 2010 MSO!Ordinal5429 Heap Corruption
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.

tags | exploit, x86
systems | windows, 7
MD5 | ceb97370c320f4b5f667b446d895a4c1
Elefant CMS 1.3.12-RC Code Execution
Posted Feb 18, 2017
Authored by Tim Coen | Site curesec.com

Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
MD5 | 6263c4d7846795ca4fdd5587b97a59d9
Plone 5.0.5 Cross Site Scripting
Posted Feb 18, 2017
Authored by Tim Coen | Site curesec.com

Plone version 5.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-7147
MD5 | 2e3fc08b9fe3736137acd03ed434ec6d
Microsoft SQL Server Clr Stored Procedure Payload Execution
Posted Feb 18, 2017
Authored by OJ Reeves, Lee Christensen, Nathan Kirk | Site metasploit.com

This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This method requires the user to have sufficient privileges to install a custom SQL CRL DLL, and invoke the custom stored procedure that comes with it. This exploit does not leave any binaries on disk. Tested on MS SQL Server versions: 2005, 2012, 2016 (all x64).

tags | exploit, arbitrary
MD5 | 7d355ecabdfa09d1d996db5144b1f183
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close