what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 41 of 41 RSS Feed

Files Date: 2012-01-16 to 2012-01-17

Secunia Security Advisory 47567
Posted Jan 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 53fa82a1f162398684a46593a9753e2c9ed325b3f1135ff4f07be87a2ad380ab
Secunia Security Advisory 47351
Posted Jan 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Asish Agarwalla has reported a vulnerability in Apigee, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | eeade674c9aecb3a5b8c5bf7747e9aa6619c6a7a9b2092dd78e85742af02ff74
Xplico Network Forensic Analysis Tool 0.7.1
Posted Jan 16, 2012
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: RTP bug fixed. Dispatcher core functionality bug fixed. Various other fixes and additions.
tags | tool, imap, forensics
systems | linux
SHA-256 | c99cfbbbb00544ab79b5ca9139f18335bd2c7eda42e0a196b91659636ff2c4cf
Debian Security Advisory 2390-1
Posted Jan 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2390-1 - Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4619
SHA-256 | 1bd9dd54ebd2b8dd8949d61a5c6e4677ff00eb13c0570952b6ac1337b614615a
LACSEC 2012 Call For Presentations
Posted Jan 16, 2012
Site lacnic.net

LACSEC 2012 Call For Presentations - The 7th Network Security Event for Latin America and the Caribbean will be held in Quito, Ecuador May 6th through the 11th, 2012.

tags | paper, conference
SHA-256 | 392c7fb730b40f0d8112dae4fc4f807d48ffab5821f1d3a9b500100a3ead7649
Debian Security Advisory 2388-1
Posted Jan 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2388-1 - Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.

tags | advisory, vulnerability, code execution
systems | linux, debian
advisories | CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | 826cbdcd9ebdd1ede5d583faeba9ffd5a6efaea2feab949f5f4db2e314923ec2
BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) Shellcode
Posted Jan 16, 2012
Authored by KedAns-Dz

94 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.

tags | x86, shellcode
systems | bsd
SHA-256 | fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95f
Exploit Next Generation SQL Fingerprint 1.12.120115/RC0
Posted Jan 16, 2012
Authored by Nelson Brito

The Exploit Next Generation® SQL Fingerprint tool uses well-known techniques based on several public tools capable of identifying the Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of showing only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).

tags | tool, scanner
systems | windows
SHA-256 | bf4a7c2d83f70c89142fb442c4c5a64539b4f8b6d26e806e53e2c6a7329d4ac4
FreeBSD telnetd Remote Root
Posted Jan 16, 2012
Authored by knull | Site leethack.info

This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems.

tags | exploit, remote, root, python
systems | freebsd
advisories | CVE-2011-4862
SHA-256 | 4249e9430985117ad8d3275e803d36e641c4beae4c0f6950bde8f0af5b3e100c
GOM Player 2.1.33 (ASX) Stack Buffer Overflow
Posted Jan 16, 2012
Authored by KedAns-Dz, Debasish Mandal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | b3d6b213896bb1a0f9594f5b388cc6189527081d4b00c1e99a39ed41e41f07f9
Mandos Encrypted File System Unattended Reboot Utility 1.5.3
Posted Jan 16, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: The D-Bus property se.recompile.Client.LastCheckerStatus has been added to Server and is used in mandos-monitor to fix a display logic bug. Client bugs in the example "bridge" network hook have been fixed.
tags | remote, root
systems | linux, unix
SHA-256 | c7bba621aee40e67ae1732c8d26a49c49f892205610014eda299bd9d8e79a5b3
TFTP SERVER 1.4 RRQ Remote Root Buffer Overflow
Posted Jan 16, 2012
Authored by KedAns-Dz

This Metasploit module exploits a Read Request packet buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | a286523e4973c08648295a9f06365c71b398d607ccc3a9716e5f04b48fc8c4ff
PHP Membership Site Manager Script Cross Site Scripting
Posted Jan 16, 2012
Authored by Atmon3r

PHP Membership Site Manager script suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | a9bf3c9de3516a38cd249502932b35eee4325c060a177b654c86686732ea1c57
phpMyAdmin 3.3.x / 3.4.x Local File Inclusion Via XXE Injection
Posted Jan 16, 2012
Authored by Marco Batista | Site metasploit.com

phpMyAdmin versions 3.3.x and 3.4.x suffer from a local file inclusion vulnerability via XXE injection. The attacker must be logged in to MySQL via phpMyAdmin.

tags | exploit, local, file inclusion, xxe
advisories | CVE-2011-4107, OSVDB-76798
SHA-256 | 3198e8d89bc1a8cc793e92a6136c7fe6f956875742096c8de8840899af48ddb4
Priv8 2012 Bypass Shell
Posted Jan 16, 2012
Authored by izleyici

This is a php shell that offers various connect-back methods, the ability to read files, grab source, execute code, etc.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 65024e9ae949507819c9344a2e134ff406e24c6e2a54ded2dab8ef8e6e7d1f83
HashCollision Denial Of Service Proof Of Concept 6.0
Posted Jan 16, 2012
Authored by FireFart

HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.

Changes: Added Javapayloadgenerator.
tags | exploit, denial of service, proof of concept, python
systems | unix
advisories | CVE-2011-4885
SHA-256 | 01da1f50ab5e7ffaf8680f1bf9bdef32b70eecac7583949ac5a2e2840b4e971a
Page 2 of 2

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By