exploit the possibilities
Showing 1 - 25 of 40 RSS Feed

Files Date: 2020-11-09

OATH Toolkit 2.6.3
Posted Nov 9, 2020
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Various improvements.
tags | tool
systems | unix
MD5 | f624f867ea186d011406e36a33f092d0
Botan C++ Crypto Algorithms Library 2.17.1
Posted Nov 9, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a build problem that could occur if Python was not in the PATH. This was known to occur on some installations of macOS. Re-enabled support for the x86 CLMUL instruction on Visual C++, which was accidentally disabled starting in 2.12.0.
tags | library
MD5 | f34d12a78cd5406724c5e98dca2f806b
Chrome ConvertToJavaBitmap Heap Buffer Overflow
Posted Nov 9, 2020
Authored by Google Security Research, Glazvunov

Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2020-16011
MD5 | c8867dbfed920c86be64013795e08eb9
Chrome V8 Turbofan Type Confusion
Posted Nov 9, 2020
Authored by saelo, Google Security Research

Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.

tags | exploit
advisories | CVE-2020-16009
MD5 | 8d2abc7a60f64a99e0af818daab042a7
Red Hat Security Advisory 2020-4379-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 0cf46118f69703d7bfa10646e22dac09
OvulaRing 4.2.2 Broken Object Level Authorization
Posted Nov 9, 2020
Authored by Tobias Glemser | Site secuvera.de

OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.

tags | advisory, web
MD5 | a4d2f3d8f3deb95903e052373bad61ab
Ubuntu Security Notice USN-4623-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2020-25654
MD5 | a404c7158aa20923e972db53c69bdbcc
Red Hat Security Advisory 2020-4978-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.

tags | advisory, web, memory leak
systems | linux, redhat
advisories | CVE-2020-25644
MD5 | e9b4d756e9db8b61cad2000683152c8d
Apple Security Advisory 2020-11-05-7
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2020-10002, CVE-2020-10003, CVE-2020-10010, CVE-2020-10016, CVE-2020-10017, CVE-2020-27905, CVE-2020-27909, CVE-2020-27910, CVE-2020-27911, CVE-2020-27912, CVE-2020-27916, CVE-2020-27917, CVE-2020-27918, CVE-2020-27927, CVE-2020-9974
MD5 | afdd7d495da761675d9100b068a53d3c
Active Directory Attacks - Red It Out
Posted Nov 9, 2020
Authored by Akash Sarode

This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network. This would also mark an introduction to Active directory along with its components. Topics covered include an introduction to Active Directory, Active Directory Structure, Multiple Attack Phases, Domain Persistence Techniques, Golden Ticket Attack, DCSync Attack, Silver Ticket Attack, and DSRM Attack techniques.

tags | paper
MD5 | d00d241885bb6b3d8e30cf19426be800
Joplin 1.2.6 Cross Site Scripting
Posted Nov 9, 2020
Authored by Philip Holbrook

Joplin version 1.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1b42a7dcd2c16c0c1ab40aa4e447a8c7
Privacy Drive 3.17.0 Unquoted Service Path
Posted Nov 9, 2020
Authored by Mohammed Alshehri

Privacy Drive version 3.17.0 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | bae2dc92e6dc2fe60946a1bbce1882ff
Deep Instinct Windows Agent 1.2.24.0 Unquoted Service Path
Posted Nov 9, 2020
Authored by Paulina Giron

Deep Instinct Windows Agent version 1.2.24.0 suffers from an unquoted service path vulnerability.

tags | exploit
systems | windows
MD5 | 710a4f3fb635ea60583298c23be0091f
Online Book Store 1.0 SQL Injection
Posted Nov 9, 2020
Authored by ferhatcil

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.

tags | exploit, remote, sql injection
MD5 | d00d1df95e2d22bc5aa1b78b4bde7553
Windows File Enumeration Intel Gathering Tool 2.2
Posted Nov 9, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NtFileSins.py is a Windows file enumeration intel gathering tool.

Changes: Searches target user dir on first pass, unless the -d flag is used.Added .dat, .tmp file extension checks.
tags | exploit, tool
systems | windows
MD5 | fa7b79d046994c4fd18ec24f8250ec70
Ubuntu Security Notice USN-4622-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-25692
MD5 | c9c68a915194629894262084656686cf
SunSSH Solaris 10 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
MD5 | c44d6cb6c1ce8626e0f9dcf0f1591010
Apple Security Advisory 2020-11-05-2
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple, ios
advisories | CVE-2020-27929, CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
MD5 | e403bd4c30b82e389c6c41871b8a9527
Canon Inkjet Extended Survey Program 5.1.0.8 Unquoted Service Path
Posted Nov 9, 2020
Authored by Carlos Roa

Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 7e42a26767c2efd8c06a85041a87a7ef
DiskBoss 11.7.28 Unquoted Service Path
Posted Nov 9, 2020
Authored by Mohammed Alshehri

DiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 2f28bca451a7c9e75b7dfdee8f4f3206
RealTimes Desktop Service 18.1.4 Unquoted Service Path
Posted Nov 9, 2020
Authored by Erick Galindo

RealTimes Desktop Service version 18.1.4 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 4cb3bc12e6076b6c13b2167ed62118ca
Etherify Radio Signal Analysis Tool
Posted Nov 9, 2020
Authored by Jacek Lipkowski | Site lipkowski.com

Etherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.

tags | tool
systems | unix
MD5 | 60fcf8af8b72e15e4c184951eb7b03b8
Red Hat Security Advisory 2020-4974-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009
MD5 | 439c305b39ff65ddfffe37601d84a451
iDeskService 3.0.2.1 Unquoted Service Path
Posted Nov 9, 2020
Authored by Leslie Lara

iDeskService version 3.0.2.1 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | e5b8afca9871279a95c7555bb4f5e348
Apple Security Advisory 2020-11-05-1
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2020-10002, CVE-2020-10003, CVE-2020-10004, CVE-2020-10010, CVE-2020-10011, CVE-2020-10016, CVE-2020-10017, CVE-2020-13524, CVE-2020-27902, CVE-2020-27905, CVE-2020-27909, CVE-2020-27910, CVE-2020-27911, CVE-2020-27912, CVE-2020-27916, CVE-2020-27917, CVE-2020-27918, CVE-2020-27925, CVE-2020-27926, CVE-2020-27927, CVE-2020-27930, CVE-2020-27932, CVE-2020-27950, CVE-2020-9974
MD5 | e316caeb924e1e7eb685c0783a056ddb
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close