what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2018-01-09

TOR Virtual Network Tunneling Tool 0.3.2.9
Posted Jan 9, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.2.9 is the first stable release in the 0.3.2 series. The 0.3.2 series includes their long-anticipated new onion service design, with numerous security features.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 435a7b91aa98d8b1a0ac1f60ca30c0ff3665b18a02e570bab5fe27935829160f
THC-IPv6 Attack Tool 3.4
Posted Jan 9, 2018
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Added new function to thc-ipv6-lib. Added RA guard bypass attack. Various updates and bug fixes.
tags | tool, protocol
systems | unix
SHA-256 | ca43866f0090ffc6f4fe3af166ed1eb705e8a4f418b8644a4e288a486971d90c
Commvault Communications Service (cvd) Command Injection
Posted Jan 9, 2018
Authored by b0yd | Site metasploit.com

This Metasploit module exploits a command injection vulnerability discovered in Commvault Service v11 SP5 and earlier versions (tested in v11 SP5 and v10). The vulnerability exists in the cvd.exe service and allows an attacker to execute arbitrary commands in the context of the service. By default, the Commvault Communications service installs and runs as SYSTEM in Windows and does not require authentication. This vulnerability was discovered in the Windows version. The Linux version wasn't tested.

tags | exploit, arbitrary
systems | linux, windows
SHA-256 | 17a8d88e94f4d922aee745206ec1f68bc231beaf46d176bb3e725cce023ab8d7
Ubuntu Security Notice USN-3521-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3521-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5753
SHA-256 | 2b04254723d86ddd229f4fcf7163aaec50cd2ba6cea2b8767d18577223c95dbc
Synology PhotoStation 6.7.2-3429 SQL Injection / File Disclosure
Posted Jan 9, 2018
Authored by James Bercegay | Site gulftech.org

Synology PhotoStation versions 6.7.2-3429 and below suffer from file disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ad09b2ea0675a31e268f69980f1207ad88aa1a915e3330c604acafaf780e7aa6
Synology PhotoStation 6.7.2-3429 Remote Root
Posted Jan 9, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.

tags | exploit, remote, shell, root, vulnerability
SHA-256 | c2633b99ae20f01a367fb4e5e36b30f18ba62871b2f3aa8d07c433862694a6b6
Yawcam 0.6.0 Directory Traversal
Posted Jan 9, 2018
Authored by David Panter

Yawcam versions 0.2.6 through 0.6.0 suffer from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-17662
SHA-256 | 6ff02bfc7b521064c3367b0f6dcbd70678461fbfea70b0fff6e3068ff09ec3c9
Apple Security Advisory 2018-1-8-3
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-3 - Safari 11.0.2 is now available and and addresses security issues relating to Spectre.

tags | advisory
systems | apple
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | 6a0e6b5a0291d9d29a511d5ac88e1e33fb091e444b41c1d05731905fd88b552c
Apple Security Advisory 2018-1-8-2
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-2 - macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.

tags | advisory
systems | apple
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | d853f93e1e71c9aa8d886a2aeccf078dfaa905ed2a74523bb075a36373aaeaf3
Ubuntu Security Notice USN-3520-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3520-1 - It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2017-1000433
SHA-256 | 6b101a157eaeef1fdcfeb5bd0ff7001066eb250d1d82741a1f8ed99760478903
Ubuntu Security Notice USN-3519-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3519-1 - It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-5647, CVE-2017-5648, CVE-2017-5664, CVE-2017-7674
SHA-256 | 38382610e11f924ba68fd9e1ac30126f36e4138680f20e49f3193dccf7392465
VX Search Enterprise 10.1.12 Denial Of Service
Posted Jan 9, 2018
Authored by Ahmad Mahfouz

VX Search Enterprise version 10.1.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-15662
SHA-256 | 272ebddb85b73cde9838c27d96f2f32c9879ae24639a5716e1cb18ac6c00ec25
Disk Pulse Enterprise 10.1.18 Denial Of Service
Posted Jan 9, 2018
Authored by Ahmad Mahfouz

Disk Pulse Enterprise version 10.1.18 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-15663
SHA-256 | fb10f4a9ee5fdb19aec1845435cce577a0fc68624fc402a4f7f620d39597e013
Apple Security Advisory 2018-1-8-1
Posted Jan 9, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-8-1 - iOS 11.2.2 is now available and and addresses Spectre issues with Safari and WebKit.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | 14100c950dadca4bf5143083ee95bc72573920f161f07761ce065fa637ff4c25
Ubuntu Security Notice USN-3518-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3518-1 - It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000501
SHA-256 | faea2e34aef798c0b0b890705edd1cd3dc2fa2fa8b2fee9cb6ecfd54144b67c8
Sync Breeze Enterprise 10.1.16 Denial Of Service
Posted Jan 9, 2018
Authored by Ahmad Mahfouz

Sync Breeze Enterprise version 10.1.16 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-15664
SHA-256 | b21a0d7e726136ba5079e7b43d7b78a0d682f7f56052fbd13596e66ea7db6772
Ubuntu Security Notice USN-3517
Posted Jan 9, 2018
Site security.ubuntu.com

USN-3517.txt - It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000456, CVE-2017-14976
SHA-256 | 7ec69249e51f726fe7daaad3cfdd92f7967d4b1066d3438d5cd1b6ec0f86c7c7
Gentoo Linux Security Advisory 201801-10
Posted Jan 9, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-10 - A vulnerability has been found in LibXfont and LibXfont2 which may allow for arbitrary file access. Versions less than 1.5.4 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2017-16611
SHA-256 | 9726e2c346cfa3759d4f3c7285cb1921a49a2664c99173ce26aa44c2e66118ba
DiskBoss Enterprise 8.5.12 Denial Of Service
Posted Jan 9, 2018
Authored by Ahmad Mahfouz

DiskBoss Enterprise version 8.5.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-15665
SHA-256 | dcdeeb90e66fcad49ed01f320197c07b1e5c77e6b4ca3aa134dff9cec0e20c20
Vanilla Forums Cross Site Request Forgery
Posted Jan 9, 2018
Authored by Anand Meyyappan

Vanilla Forums versions prior to 2.1.5 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-1000432
SHA-256 | 04858042109e0c0c7f04c9a4ccb3c039a9d01f0b31ab811d563e2c0873aad5cc
FreeBSD Update On Spectre / Meltdown Patching
Posted Jan 9, 2018
Authored by Gordon Tetlow

This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 6ca4e042704f1c11c5f3b11989e130de889f46523779b326d9cbaf056da654ca
Linux x86 exec /bin/dash Shellcode
Posted Jan 9, 2018
Authored by Hashim Jawad

30 bytes small Linux x86 exec /bin/dash shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 0dcc25a61556aac3d057ee9989212f00bca2a0687dfb4646dedb97c699a76dbe
AvantFAX 3.3.3 Cross Site Scripting
Posted Jan 9, 2018
Authored by Nassim Asrir

AvantFAX version 3.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-18024
SHA-256 | fd21fcbf251b77df50b58e292ab4ed7015919f47f3d00da8f702fb15a605c592
Office Tracker 11.2.5 Cross Site Scripting
Posted Jan 9, 2018
Authored by Nassim Asrir

Office Tracker version 11.2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-18023
SHA-256 | 37de76be1f820040b12690871f5d7535f218769b517b2df46618110f2578c1ea
Rx Tera 2.0 Cross Site Request Forgery
Posted Jan 9, 2018
Authored by indoushka

Rx Tera version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 458a3f0d6d81f9cd1978ed8a1211c379511bac3fa16fdff01c032efe366cda05
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close