what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2017-06-30

OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection
Posted Jun 30, 2017
Authored by Wolfgang Ettlinger, Marc Nimmerrichter | Site sec-consult.com

OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.

tags | advisory, vulnerability, xxe
advisories | CVE-2017-10668, CVE-2017-10669, CVE-2017-10670
SHA-256 | e836d90008122100e3bb9c8d79986aeef8cdb8cc46a5f5f505ce7a6396d60f8e
Bettercap 1.6.1
Posted Jun 30, 2017
Authored by evilsocket | Site bettercap.org

BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

Changes: Huge improvement on HTTPS parser, now it parses TLS Client Hello messages with SNI extension in order to extract the real hostname. Removed IPv6 specific options, use of IPv6 is automatically detected now. Updated BSD firewall manager to support IPv6 forwarding. IPv6 port redirection option. Various other updates and improvements.
tags | tool, web, sniffer, tcp
systems | unix
SHA-256 | a9cf8dc94aba25e88ac6d175f5ef4d8b1d9ba7111aeccffc46959534722d0dbb
Rootkit Hunter 1.4.4
Posted Jun 30, 2017
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled. Added a Japanese translation file. Added support for the 'BSDng' package manager option. This can be used by those BSD systems which have the 'pkg' command available (currently later FreeBSD systems). Various other improvements and bug fixes made.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
SHA-256 | a8807c83f9f325312df05aa215fa75ad697c7a16163175363c2066baa26dda77
TOR Virtual Network Tunneling Tool 0.3.0.9
Posted Jun 30, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 48d4880bf6ccb19ce9af2abde6946d7cf0635cc807548badbf4a221a79581e42
Google Chrome RegExp Stubs Out-Of-Bounds Access
Posted Jun 30, 2017
Authored by Google Security Research, natashenka

Google Chrome suffers from an out-of-bounds access vulnerability in RegExp.prototype.exec and RegExp.prototype.test.

tags | exploit
SHA-256 | a2dfbfbd5b6b713bef9434dadf2a4e4076dec67533a901bf128641446d851b2b
LG ASFParser::SetMetaData Stack Overflow
Posted Jun 30, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple stack overflows in ASFParser::SetMetaData.

tags | exploit, overflow
SHA-256 | ea05f7a62253726acc0eb18d46ed9849a18b0dea1654d3211310564f7f79f2fe
Linux Kernel ldso_dynamic Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.

tags | exploit, kernel
systems | linux, debian, fedora, ubuntu
advisories | CVE-2017-1000366, CVE-2017-1000371
SHA-256 | 019f1ce6374470fd5095849ce9301acb133a3679244b764940a7e40a80e999df
OpenBSD at Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

OpenBSD 'at' local stack clash privilege escalation exploit.

tags | exploit, local
systems | openbsd
advisories | CVE-2017-1000373
SHA-256 | a80fd36081b8074669422ec386b383f6b02e6147e8b26cd6b180b8bcfaa859d2
Linux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.

tags | exploit, kernel
systems | linux, debian, fedora, ubuntu, centos
advisories | CVE-2017-1000366, CVE-2017-1000379
SHA-256 | 7c324e4c61aee597fae1e36e8fbd936e360099156578d347ef8a0c10d633cce6
Linux Kernel offset2lib Stack Clash
Posted Jun 30, 2017
Site qualys.com

Linux kernel offset2lib stack clash exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2017-1000370, CVE-2017-1000371
SHA-256 | f1addfd343ecc2a4c4e2f9697900b6d0f23b685b668f34ffb4b54dd9fc0ac77f
Easy File Sharing Web Server 7.2 Account Import Buffer Overflow
Posted Jun 30, 2017
Authored by Chako

Easy File Sharing Web Server version 7.2 suffers from an account import local buffer overflow vulnerability.

tags | exploit, web, overflow, local
SHA-256 | 44230e2afab50a3e2ac2122de6b916d5564602604dc11314483782d5a94ad8ea
Microsoft Dynamic CRM 2016 Cross Site Scripting
Posted Jun 30, 2017
Authored by Gregory Draperi

Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7a7ac559b01961f3ee6d891d89c708a79570c82bf81792a0b6b527819cb4e8d5
Microsoft .NET Framework 4.7 DLL Hijacking
Posted Jun 30, 2017
Authored by Stefan Kanthak

Microsoft .NET Framework version 4.7 suffers from dll hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | a14c76d3be8ec71126b11a235d5adde47541281cc460aeede7942fad1dde0f2e
Trihedral VTScada DoS / XSS / Information Disclosure
Posted Jun 30, 2017
Authored by Karn Ganeshen

Trihedral VTScada versions prior to 11.2.26 suffer from resource consumption, cross site scripting, and information disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
SHA-256 | e14e0d0f4e7e01e5baeffed7b702d91c7d3bbbc0662e4bfd676b5401df83dceb
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
Posted Jun 30, 2017
Authored by Karn Ganeshen

Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.

tags | exploit, web
SHA-256 | 3a6fb63ee2321ae2148abfe45340ced49709d99fb96721ff3760ab329b26826c
Digital Canal Structural Wind Analysis 9.1 Buffer Overflow
Posted Jun 30, 2017
Authored by Karn Ganeshen

Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 682cc56b7180418fb3999e685a72a5afe4e35da7c9f4873634145310163a17df
Ubuntu Security Notice USN-3323-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000366
SHA-256 | 39e7f8f276dcc79f00dd5616e1101e41d073297143dedea3d186c76f8bf36f8e
Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 8c0a85a29d7e094864d1ecfcffae3ea3162517bb7e02a399d5a29154df774192
Ubuntu Security Notice USN-3342-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | ad451459a82d58adcf3830ea5d4699fed8e20f06f412d9ed72a01f01f346917d
Red Hat Security Advisory 2017-1664-01
Posted Jun 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1664-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.

tags | advisory
systems | linux, redhat
SHA-256 | 52c7f57e1472d238435376232c35551c746a9d83b5397a43d27d161fefa1bfcc
Microsoft Machine Debug Manager (mdm) DLL Hijacking
Posted Jun 30, 2017
Authored by Karn Ganeshen

Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | db92dfe873e589fe2a002dfec15943dbc9eb4432297101f2fd0811808db098a2
Microsoft Office Patch Installer DLL Hijacking
Posted Jun 30, 2017
Authored by Karn Ganeshen

Microsoft Office Patch Installer suffers from dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 9dd76fa20f90231d58e4b700d50c6a63b8428b18f97fc2b8c466a1268ea2c8bc
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close