accept no compromises
Showing 1 - 22 of 22 RSS Feed

Files Date: 2017-06-30

OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection
Posted Jun 30, 2017
Authored by Wolfgang Ettlinger, Marc Nimmerrichter | Site sec-consult.com

OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2017-10668, CVE-2017-10669, CVE-2017-10670
MD5 | 852b54bfa71394caa84d2551937c6f52
Bettercap 1.6.1
Posted Jun 30, 2017
Authored by evilsocket | Site bettercap.org

BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

Changes: Huge improvement on HTTPS parser, now it parses TLS Client Hello messages with SNI extension in order to extract the real hostname. Removed IPv6 specific options, use of IPv6 is automatically detected now. Updated BSD firewall manager to support IPv6 forwarding. IPv6 port redirection option. Various other updates and improvements.
tags | tool, web, sniffer, tcp
systems | unix
MD5 | 3652340784b3aea6917af77f803c7e7e
Rootkit Hunter 1.4.4
Posted Jun 30, 2017
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled. Added a Japanese translation file. Added support for the 'BSDng' package manager option. This can be used by those BSD systems which have the 'pkg' command available (currently later FreeBSD systems). Various other improvements and bug fixes made.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
MD5 | c625bcb5e226d1f2a7a3a530b7e4fbd9
TOR Virtual Network Tunneling Tool 0.3.0.9
Posted Jun 30, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 3e1592efce06ab867db637b03754d0a3
Google Chrome RegExp Stubs Out-Of-Bounds Access
Posted Jun 30, 2017
Authored by Google Security Research, natashenka

Google Chrome suffers from an out-of-bounds access vulnerability in RegExp.prototype.exec and RegExp.prototype.test.

tags | exploit
MD5 | e32ebd7f4a92e20cfef8f90e72a5ae90
LG ASFParser::SetMetaData Stack Overflow
Posted Jun 30, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple stack overflows in ASFParser::SetMetaData.

tags | exploit, overflow
MD5 | 11032cdfb45063fe394b921e0d88804a
Linux Kernel ldso_dynamic Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.

tags | exploit, kernel
systems | linux, debian, fedora, ubuntu
advisories | CVE-2017-1000366, CVE-2017-1000371
MD5 | 26e7fd3397117950b21fa67eb23afc32
OpenBSD at Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

OpenBSD 'at' local stack clash privilege escalation exploit.

tags | exploit, local
systems | openbsd
advisories | CVE-2017-1000373
MD5 | acb82c1ba12f5809cb4718f34c7c4f71
Linux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.

tags | exploit, kernel
systems | linux, debian, fedora, ubuntu, centos
advisories | CVE-2017-1000366, CVE-2017-1000379
MD5 | 0807adfea74deef734fd4ac194527b9c
Linux Kernel offset2lib Stack Clash
Posted Jun 30, 2017
Site qualys.com

Linux kernel offset2lib stack clash exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2017-1000370, CVE-2017-1000371
MD5 | 9c45e4e7a5d321c745ee653fb91aba99
Easy File Sharing Web Server 7.2 Account Import Buffer Overflow
Posted Jun 30, 2017
Authored by Chako

Easy File Sharing Web Server version 7.2 suffers from an account import local buffer overflow vulnerability.

tags | exploit, web, overflow, local
MD5 | 3fe8d27b0bff54d459eee1a9037b30f7
Microsoft Dynamic CRM 2016 Cross Site Scripting
Posted Jun 30, 2017
Authored by Gregory Draperi

Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6edb82874ea081b8edfc3b1e81d10c4d
Microsoft .NET Framework 4.7 DLL Hijacking
Posted Jun 30, 2017
Authored by Stefan Kanthak

Microsoft .NET Framework version 4.7 suffers from dll hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 5b1e4d178e8382d65a9f6aa04db6bba5
Trihedral VTScada DoS / XSS / Information Disclosure
Posted Jun 30, 2017
Authored by Karn Ganeshen

Trihedral VTScada versions prior to 11.2.26 suffer from resource consumption, cross site scripting, and information disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
MD5 | cb976665ca752634c866774df96acaff
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
Posted Jun 30, 2017
Authored by Karn Ganeshen

Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.

tags | exploit, web
MD5 | 2b609eb1e1a05b44853880ed5da03f26
Digital Canal Structural Wind Analysis 9.1 Buffer Overflow
Posted Jun 30, 2017
Authored by Karn Ganeshen

Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a7290e29db03e678669abbc187954af5
Ubuntu Security Notice USN-3323-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000366
MD5 | a78b5e8caa51c4d2d2fa51e3fe96b76a
Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 64ba1a86998e890e6e111e8ae95e7d42
Ubuntu Security Notice USN-3342-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
MD5 | bc0f3fd59ebd9a60119251cd743295fc
Red Hat Security Advisory 2017-1664-01
Posted Jun 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1664-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.

tags | advisory
systems | linux, redhat
MD5 | 906e422b3322d77b5e4f6635e5997964
Microsoft Machine Debug Manager (mdm) DLL Hijacking
Posted Jun 30, 2017
Authored by Karn Ganeshen

Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 3c06775c91214d9d0ce304e8f6548704
Microsoft Office Patch Installer DLL Hijacking
Posted Jun 30, 2017
Authored by Karn Ganeshen

Microsoft Office Patch Installer suffers from dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | 2b690a8c242cf48c547db68a1f8c4cd8
Page 1 of 1
Back1Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close