ignore security and it'll go away
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-12-05 to 2013-12-06

Whowatch 1.8.5
Posted Dec 5, 2013
Authored by Michal Suszycki | Site wizard.ae.krakow.pl

Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.

Changes: Various updates.
tags | tool, intrusion detection
systems | unix
MD5 | 77cf0f8d4a96bcb72e280a4c7aeca507
Lynis Auditing Tool 1.3.6
Posted Dec 5, 2013
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release added many new features, including an extension of support for *BSD systems like DragonFly BSD, FreeBSD, NetBSD, and OpenBSD. New support was provided for elementary OS (Luna) along with several new Apache tests, OSSEC, and the dntpd time daemon. New functions have been added to compact the code and simplify development. Smaller bugs have been fixed. Logging and reporting was extended, the man page updated, and screen display improved. Under the hood minor adjustments have been made to support systems which are slightly different, such as those missing the dig binary.
tags | tool, scanner
systems | unix
MD5 | 8847596617a6290b3e00d0e90be343db
Drupal OG Features 6.x Access Bypass
Posted Dec 5, 2013
Authored by Andrey Tretyakov | Site drupal.org

Drupal OG Features third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | e584edbc146a521dcc777f9d71996b01
Debian Security Advisory 2810-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2810-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, arbitrary, ruby
systems | linux, debian
advisories | CVE-2013-4164
MD5 | 6498173d65a1c9ecdc5c9d0293cc1146
Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
MD5 | e799f488cbc7b8db8045f474277c1fdd
Red Hat Security Advisory 2013-1786-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1786-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 6994dd0c13f1548bef2f8ca0f3eb8d0c
Red Hat Security Advisory 2013-1785-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1785-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 8721cfc3af1c96be0682f313c4b7fe1d
Red Hat Security Advisory 2013-1784-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1784-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 56405179f4d4c5df7c81cc4abec4c91e
Amazon Application Store / AWS/ECS2 Vulnerabilities
Posted Dec 5, 2013
Authored by Larry W. Cashdollar

The Try Before You Buy feature in Amazon's Application Store allows an external party to test software prior to download. Poor sandboxing and failed security controls allowed a malicious attacker the ability to perform portscanning of AWS backend services, spawn rogue services in the AWS cloud, and much more.

tags | advisory
MD5 | 672c2d2c7b0a3c65e94cc4f892d4bcac
Steinberg MyMp3PRO 5.0 SEH Buffer Overflow
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 SEH buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | af360b7b618250a47c39159e32430980
Steinberg MyMp3PRO 5.0 DEP Bypass With ROP
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 buffer overflow exploit that has DEP bypass with ROP that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | a127e5e1e58257af08d9ba61f595e030
Steinberg MyMp3PRO 5.0 Buffer Overflow
Posted Dec 5, 2013
Authored by metacom

Steinberg MyMp3PRO version 5.0 buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | 7abc572c39ee9b80ff4621e08fd1fc08
Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection
Posted Dec 5, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Imagam iFiles version 1.16.0 suffers from file inclusion, command injection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, file inclusion
MD5 | bab664590604b678e77647c1c27abcb1
HTMLPurifier 4.5.0 Hash Length Extension
Posted Dec 5, 2013
Authored by Arseny Reutov | Site ptsecurity.com

HTMLPurifier version 4.5.0 suffers from a hash length extension attack that allows for signature forgery.

tags | advisory
MD5 | 7b24bbc532dca1a2c2e75c83e81fee72
Joomla Hotornot2 Shell Upload
Posted Dec 5, 2013
Authored by DevilScreaM

Joomla Hotornot2 component suffers from a remote code execution vulnerability via a shell upload.

tags | exploit, remote, shell, code execution
MD5 | 31e169c96d9019c2cacf5ea5bc6e7fc8
VMware Security Advisory 2013-0014
Posted Dec 5, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.

tags | advisory
systems | windows
advisories | CVE-2013-3519
MD5 | b375c40dddae997f9e5571bd99647afe
McAfee Email Gateway 7.6 Command Execution / SQL Injection
Posted Dec 5, 2013
Authored by Brandon Perry

McAfee Email Gateway version 7.6 suffers from remote command execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 49b1eb2b0e0edf755e5c587b1095a5c1
Hex Workshop 6.7 DLL Hijack
Posted Dec 5, 2013
Authored by Akin Tosunlar, Ozgur Yurdusev

Hex Workshop version 6.7 suffers from a DLL hijacking vulnerability in mfc100trk.dll.

tags | exploit
systems | windows
MD5 | 0f745486779b95ba9de962f59c5448ba
OpenCart 1.5.6 File Upload / XSS / Path Disclosure
Posted Dec 5, 2013
Authored by trueend5

OpenCart version 1.5.6 suffers from cross site scripting, path disclosure, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, info disclosure, file upload
MD5 | 11d65d0e69b375a944f1da52213975cd
Pytacle Alpha2
Posted Dec 5, 2013
Authored by Daniel Mende

pytacle is a tool inspired by tentacle. It automates the task of sniffing GSM frames of the air, extracting the key exchange, feeding kraken with the key material and finally decode/decrypt the voice data. All You need is a USRP (or similar) to capture the GSM band and a kraken instance with the berlin tables (only about 2TB).

Changes: Support of RTLSDR sticks, possibility to scan for cells around you, and more.
tags | tool, wireless
systems | unix
MD5 | 5468c3e07706a551b3141dbab8b002e3
MySQL 5.0.x Denial Of Service
Posted Dec 5, 2013
Authored by Neil Kettle

MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability.

tags | exploit, remote, denial of service
advisories | CVE-2007-2583, OSVDB-34734
MD5 | ccdb986362621ab28a3aa95d51452078
Digital Whisper Electronic Magazine #47
Posted Dec 5, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 47. Written in Hebrew.

tags | magazine
MD5 | 6f2c558d7a58274b27ea5c03aa3fbca7
Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
Posted Dec 5, 2013
Authored by ryujin

Microsoft Windows NDPROXY local SYSTEM privilege escalation exploit.

tags | exploit, local
systems | windows
advisories | CVE-2013-5065
MD5 | ead032fd87af22e8b7c9a9ab3054a0c8
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close