OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
f624f867ea186d011406e36a33f092d0Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
f34d12a78cd5406724c5e98dca2f806bChrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.
c8867dbfed920c86be64013795e08eb9Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.
8d2abc7a60f64a99e0af818daab042a7Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.
0cf46118f69703d7bfa10646e22dac09OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.
a4d2f3d8f3deb95903e052373bad61abUbuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.
a404c7158aa20923e972db53c69bdbccRed Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.
e9b4d756e9db8b61cad2000683152c8dApple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
afdd7d495da761675d9100b068a53d3cThis paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network. This would also mark an introduction to Active directory along with its components. Topics covered include an introduction to Active Directory, Active Directory Structure, Multiple Attack Phases, Domain Persistence Techniques, Golden Ticket Attack, DCSync Attack, Silver Ticket Attack, and DSRM Attack techniques.
d00d241885bb6b3d8e30cf19426be800Joplin version 1.2.6 suffers from a cross site scripting vulnerability.
1b42a7dcd2c16c0c1ab40aa4e447a8c7Privacy Drive version 3.17.0 suffers from an unquoted service path vulnerability.
bae2dc92e6dc2fe60946a1bbce1882ffDeep Instinct Windows Agent version 1.2.24.0 suffers from an unquoted service path vulnerability.
710a4f3fb635ea60583298c23be0091fOnline Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.
d00d1df95e2d22bc5aa1b78b4bde7553NtFileSins.py is a Windows file enumeration intel gathering tool.
fa7b79d046994c4fd18ec24f8250ec70Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.
c9c68a915194629894262084656686cfA trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.
c44d6cb6c1ce8626e0f9dcf0f1591010Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
e403bd4c30b82e389c6c41871b8a9527Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.
7e42a26767c2efd8c06a85041a87a7efDiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.
2f28bca451a7c9e75b7dfdee8f4f3206RealTimes Desktop Service version 18.1.4 suffers from an unquoted service path vulnerability.
4cb3bc12e6076b6c13b2167ed62118caEtherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.
60fcf8af8b72e15e4c184951eb7b03b8Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.
439c305b39ff65ddfffe37601d84a451iDeskService version 3.0.2.1 suffers from an unquoted service path vulnerability.
e5b8afca9871279a95c7555bb4f5e348Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
e316caeb924e1e7eb685c0783a056ddb
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed