GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
ce092ee4ab58fd19b9fb34a460c07b06c348f4360dd5dd4886d041eb521a534c
Debian Linux Security Advisory 2701-1 - It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition.
0836cbd23bcc004f062506b46b562c4e1e8b8b1e57e4a9fe0c0aaa296d36348d
This archive contains all of the 126 exploits added to Packet Storm in May, 2013.
c29831f658ed77c2534eddffe84f7ab2fbc633835a65c57ff018013e6ceac702
This Metasploit modules exploits a vulnerability found in the Oracle WebCenter Content CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where user controlled input is used to call ShellExecuteExW(). This Metasploit module abuses the control to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the CheckOutAndOpenControl ActiveX installed with Oracle WebCenter Content 11.1.1.6.0.
b0e1c2b4d5000f5d54ab03faad81b1e6f76cdaf93878521b78deb176531d5582
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions prior to 2.3.14.2. A specifically crafted request parameter can be used to inject arbitrary OGNL code into the stack bypassing Struts and OGNL library protections. When targeting an action which requires interaction through GET the payload should be split having into account the uri limits. In this case, if the rendered jsp has more than one point of injection, it could result in payload corruption. It should happen only when the payload is larger than the uri length.
b8de09303f34b2ff81911d9ef267d142269251e15e41b38a2fb9e953d6b6f460
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
abfa8165947837ada2363355ada25d913f48e6bb261f0a67f20d2fb6079e22fe
Debian Linux Security Advisory 2700-1 - Multiple vulnerabilities were discovered in the Wireshark dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code.
ff03f8b24b1d41d37d4162fb29bafcd76ce613db1a1674f295db2eae979d897a
Debian Linux Security Advisory 2699-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. These issues include multiple memory safety errors, missing input sanitizing vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors which may lead to the execution of arbitrary code, privilege escalation, information leaks or cross site scripting.
0c8d95ee21c71cdad274d263f5504e4aa7ef4314c41cc7e9044a6c7ce9603f81
BOINC Manager (SETI at Home) version 7.0.64 Field stack based buffer overflow exploit.
9a68f8632644c25c3db7ebc94abb6b9bcd6204f3cab0bd2f03d079a774d30a30
AntiVirus for WordPress version 1.0 suffers from security bypass and path disclosure vulnerabilities.
0271b9f61209e7bc28bc04692baa01327ddec0b5dac9ef1d98f84af5b58aa72f
Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. This is the universal binary.
285b752a5654ebc12d1cdde6a34f79438f321b1ba9e23e9ca345f7cd9739587b