exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2020-11-09

OATH Toolkit 2.6.3
Posted Nov 9, 2020
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Various improvements.
tags | tool
systems | unix
SHA-256 | a1f7fd5fc5df214eebe263233bae750596b8aeee4c8a424ed3623269115551b2
Botan C++ Crypto Algorithms Library 2.17.1
Posted Nov 9, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a build problem that could occur if Python was not in the PATH. This was known to occur on some installations of macOS. Re-enabled support for the x86 CLMUL instruction on Visual C++, which was accidentally disabled starting in 2.12.0.
tags | library
SHA-256 | 741358b3f1638ed7d9b2f59b4e344aa46f4966b15958b5434c0ac1580df0c0c1
Chrome ConvertToJavaBitmap Heap Buffer Overflow
Posted Nov 9, 2020
Authored by Google Security Research, Glazvunov

Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2020-16011
SHA-256 | 6cc96d681acbe2353993f9686bff12b65ff3403d9d2f2e1174221ff43dfd1572
Chrome V8 Turbofan Type Confusion
Posted Nov 9, 2020
Authored by saelo, Google Security Research

Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.

tags | exploit
advisories | CVE-2020-16009
SHA-256 | 4675105280cdacd6d7b10a3432235de93f0ad03438e55b1af205dc5e314ff026
Red Hat Security Advisory 2020-4379-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649
SHA-256 | 03c60bfa2d8c1046248c0cfa4c939826b7f73b98d517ee74c3b85197ca0a4fa7
OvulaRing 4.2.2 Broken Object Level Authorization
Posted Nov 9, 2020
Authored by Tobias Glemser | Site secuvera.de

OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.

tags | advisory, web
SHA-256 | dffcde032a8dd793d393ba02105fd87ad9d62221dd74ab9bedb8f1a24fa594ec
Ubuntu Security Notice USN-4623-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2020-25654
SHA-256 | e287d7bfec7d1627d24b4a33840a84ed3a697aec6183036087562752af19d573
Red Hat Security Advisory 2020-4978-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.

tags | advisory, web, memory leak
systems | linux, redhat
advisories | CVE-2020-25644
SHA-256 | deebcf308d8a3de54dc210fbf3db14f230871afb42a63007af3dafd96c98b77d
Apple Security Advisory 2020-11-05-7
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2020-10002, CVE-2020-10003, CVE-2020-10010, CVE-2020-10016, CVE-2020-10017, CVE-2020-27905, CVE-2020-27909, CVE-2020-27910, CVE-2020-27911, CVE-2020-27912, CVE-2020-27916, CVE-2020-27917, CVE-2020-27918, CVE-2020-27927, CVE-2020-9974
SHA-256 | 889d96ec67ade4c0f0e43bbc7a94ed00053f0176caab85fb2c16a5e690fb9736
Active Directory Attacks - Red It Out
Posted Nov 9, 2020
Authored by Akash Sarode

This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network. This would also mark an introduction to Active directory along with its components. Topics covered include an introduction to Active Directory, Active Directory Structure, Multiple Attack Phases, Domain Persistence Techniques, Golden Ticket Attack, DCSync Attack, Silver Ticket Attack, and DSRM Attack techniques.

tags | paper
SHA-256 | 44a6dc0147aec02f155b590f92ed64b64954750c17a82f9750df4a42169a6b70
Joplin 1.2.6 Cross Site Scripting
Posted Nov 9, 2020
Authored by Philip Holbrook

Joplin version 1.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1e5266da70c885257df4581e74084856e3a8b953afbb0e848ea1237c019d8d16
Privacy Drive 3.17.0 Unquoted Service Path
Posted Nov 9, 2020
Authored by Mohammed Alshehri

Privacy Drive version 3.17.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | f47b8cbdfbd5b27393ebaa4f942d9eaaf7a93c57369ea668c1ec26d595b43e7f
Deep Instinct Windows Agent 1.2.24.0 Unquoted Service Path
Posted Nov 9, 2020
Authored by Paulina Giron

Deep Instinct Windows Agent version 1.2.24.0 suffers from an unquoted service path vulnerability.

tags | exploit
systems | windows
SHA-256 | 26f3d7111df7d87345bf3c620d2e351edb3de34b7db7bed9f311cd98b4862a59
Online Book Store 1.0 SQL Injection
Posted Nov 9, 2020
Authored by Ferhat Cil

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.

tags | exploit, remote, sql injection
SHA-256 | 675396e3ea7d73dd4643ee38770d0f67dd5481623894231205f4ce450b2ad058
Windows File Enumeration Intel Gathering Tool 2.2
Posted Nov 9, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NtFileSins.py is a Windows file enumeration intel gathering tool.

Changes: Searches target user dir on first pass, unless the -d flag is used.Added .dat, .tmp file extension checks.
tags | exploit, tool
systems | windows
SHA-256 | cd7f7668a2bd1ab454e0856174991064837bd101596c5b6b4aca04e244ce7d70
Ubuntu Security Notice USN-4622-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-25692
SHA-256 | 66af5b77a52767ac11cda7c006ca24caad68688a0868e7348115df74bdcf0a86
SunSSH Solaris 10.0 / 11.0 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
SHA-256 | 4efe811f974352dcef13923a4c23660cd48238ef8eed2fdf0c41f3fb02116a22
Apple Security Advisory 2020-11-05-2
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple, ios
advisories | CVE-2020-27929, CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
SHA-256 | fb4dc85c6b2fc86ad05ff418ad9bb7d6d481312f42277636e0adcb847b752c78
Canon Inkjet Extended Survey Program 5.1.0.8 Unquoted Service Path
Posted Nov 9, 2020
Authored by Carlos Roa

Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 0ebd104ee5752417b051275761495faa1b31369bba13528d715df3e968c5743d
DiskBoss 11.7.28 Unquoted Service Path
Posted Nov 9, 2020
Authored by Mohammed Alshehri

DiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 668093fabfc3bd146317eb5f486572bf378ed7a87018e137863aa4098b2a2222
RealTimes Desktop Service 18.1.4 Unquoted Service Path
Posted Nov 9, 2020
Authored by Erick Galindo

RealTimes Desktop Service version 18.1.4 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 5df6aee9ebcb86970111fd0401411fb1f208b854a7770fd50c60b23d915e60fa
Etherify Radio Signal Analysis Tool
Posted Nov 9, 2020
Authored by Jacek Lipkowski | Site lipkowski.com

Etherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.

tags | tool
systems | unix
SHA-256 | 82e95f87ba18d3a0b893afabe8935525740f4835431b92b56c6e04bbd2ad9309
Red Hat Security Advisory 2020-4974-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009
SHA-256 | c80061d82cef24bc64baedab79d23ad9348f87acde79021ab4ead04124299c64
iDeskService 3.0.2.1 Unquoted Service Path
Posted Nov 9, 2020
Authored by Leslie Lara

iDeskService version 3.0.2.1 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | b53196313ab74e4143c6416cc5279bd15dc25ea2de138f20913db7cdf3093acc
Apple Security Advisory 2020-11-05-1
Posted Nov 9, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2020-10002, CVE-2020-10003, CVE-2020-10004, CVE-2020-10010, CVE-2020-10011, CVE-2020-10016, CVE-2020-10017, CVE-2020-13524, CVE-2020-27902, CVE-2020-27905, CVE-2020-27909, CVE-2020-27910, CVE-2020-27911, CVE-2020-27912, CVE-2020-27916, CVE-2020-27917, CVE-2020-27918, CVE-2020-27925, CVE-2020-27926, CVE-2020-27927, CVE-2020-27930, CVE-2020-27932, CVE-2020-27950, CVE-2020-9974
SHA-256 | b4ba2b646a2c1090fd8c8b6e0af7db8899f53238e08bc6a937eb264ef6a6a8e2
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close