what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-09-27 to 2014-09-28

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925
Posted Sep 27, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Various updates and one major bug fix.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 116e5409b054024e15eec983d4518800aee09f04dde73b19d06540244da6f545
Dhclient Bash Environment Variable Injection
Posted Sep 27, 2014
Authored by egypt, Stephane Chazelas | Site metasploit.com

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.

tags | exploit, shell, code execution, bash
advisories | CVE-2014-6271
SHA-256 | 5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1e
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
Posted Sep 27, 2014
Authored by William Costa

Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7157, CVE-2014-7158
SHA-256 | 83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3
Ubuntu Security Notice USN-2364-1
Posted Sep 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2364-1 - Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Various other issues were also addressed.

tags | advisory, arbitrary, shell, bash
systems | linux, ubuntu
advisories | CVE-2014-7186, CVE-2014-7187
SHA-256 | ae34017a4da371e3957cf29ab3e4223ae8d46bc125d31af4b5a3d909728c3d3f
Red Hat Security Advisory 2014-1312-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1312-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 5a5179213e1d426ae806025b6835b14b2c5fc4fe0f9d07f38418998fd760d0e6
Red Hat Security Advisory 2014-1311-01
Posted Sep 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1311-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 2e88505af0a92784844daf9fe3c6fa50a2e04ca48111c2400b827bb859d59a0a
Openfiler 2.99.1 Denial Of Service
Posted Sep 27, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-7190
SHA-256 | 77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20
Comersus Sophisticated Cart Database Disclosure
Posted Sep 27, 2014
Authored by indoushka

Comersus Sophisticated Cart suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Posted Sep 27, 2014
Authored by indoushka

Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
SHA-256 | 8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642a
NDBLOG 0.1 Cross Site Scripting / SQL Injection
Posted Sep 27, 2014
Authored by indoushka

NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023
Get Simple CMS 3.3.3 Information Disclosure / XSS
Posted Sep 27, 2014
Authored by indoushka

Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | cbbfcd1ffbd19b40f68a09bc3831b08a98ed0e3a45c608112c9f9cce82a3a2ef
PayPal Community Web Portal Cross Site Scripting
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal Community Web Portal suffered from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 66eac32c73b32b474e784bbd86e55d93ac7e0620b25e7cf309f01b0e26ef0773
PayPal Mail Encoding Script Insertion
Posted Sep 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Malicious script code could be inserted into PayPal's mail encoding functionality.

tags | exploit
SHA-256 | ed363ae648c831c78fce7311c71efe723fd447f58dd5e7d30215423e85dfa3a5
POSNIC 1.02 Directory Listing / File Upload
Posted Sep 27, 2014
Authored by indoushka

POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.

tags | exploit, vulnerability, file upload
SHA-256 | ca1313a59105d7e4fb14cfff488765f623bb0fbcd07ff8b06039cfb663615a8d
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close