what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-09-27 to 2014-09-28

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925
Posted Sep 27, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Various updates and one major bug fix.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 116e5409b054024e15eec983d4518800aee09f04dde73b19d06540244da6f545
Dhclient Bash Environment Variable Injection
Posted Sep 27, 2014
Authored by egypt, Stephane Chazelas | Site metasploit.com

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.

tags | exploit, shell, code execution, bash
advisories | CVE-2014-6271
SHA-256 | 5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1e
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
Posted Sep 27, 2014
Authored by William Costa

Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7157, CVE-2014-7158
SHA-256 | 83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3
Ubuntu Security Notice USN-2364-1
Posted Sep 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2364-1 - Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Various other issues were also addressed.

tags | advisory, arbitrary, shell, bash
systems | linux, ubuntu
advisories | CVE-2014-7186, CVE-2014-7187
SHA-256 | ae34017a4da371e3957cf29ab3e4223ae8d46bc125d31af4b5a3d909728c3d3f
Red Hat Security Advisory 2014-1312-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1312-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 5a5179213e1d426ae806025b6835b14b2c5fc4fe0f9d07f38418998fd760d0e6
Red Hat Security Advisory 2014-1311-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1311-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 2e88505af0a92784844daf9fe3c6fa50a2e04ca48111c2400b827bb859d59a0a
Openfiler 2.99.1 Denial Of Service
Posted Sep 27, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-7190
SHA-256 | 77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20
Comersus Sophisticated Cart Database Disclosure
Posted Sep 27, 2014
Authored by indoushka

Comersus Sophisticated Cart suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Posted Sep 27, 2014
Authored by indoushka

Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
SHA-256 | 8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642a
NDBLOG 0.1 Cross Site Scripting / SQL Injection
Posted Sep 27, 2014
Authored by indoushka

NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023
Get Simple CMS 3.3.3 Information Disclosure / XSS
Posted Sep 27, 2014
Authored by indoushka

Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | cbbfcd1ffbd19b40f68a09bc3831b08a98ed0e3a45c608112c9f9cce82a3a2ef
PayPal Community Web Portal Cross Site Scripting
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal Community Web Portal suffered from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 66eac32c73b32b474e784bbd86e55d93ac7e0620b25e7cf309f01b0e26ef0773
PayPal Mail Encoding Script Insertion
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Malicious script code could be inserted into PayPal's mail encoding functionality.

tags | exploit
SHA-256 | ed363ae648c831c78fce7311c71efe723fd447f58dd5e7d30215423e85dfa3a5
POSNIC 1.02 Directory Listing / File Upload
Posted Sep 27, 2014
Authored by indoushka

POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.

tags | exploit, vulnerability, file upload
SHA-256 | ca1313a59105d7e4fb14cfff488765f623bb0fbcd07ff8b06039cfb663615a8d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close