Whitepaper called PHP Web Backdoor Decode. It covers decoding an obfuscated/encoded web backdoor shell, recovering the original source code, and the encrypted password in order to login to the backdoor shell.
e0c6be6e2503a4a9e4172a895e212a3b584c528fed2ed991014fcbf0da7ad296Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7Ubuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ba5b903c212775a3900d1f88e72486fb256e8202fa117e10525eaf3cbcd9a736It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.
3bf6f3467455c33428751c5faf437aa7d6c64fe01342c90cc65e1d94808e2336Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ea497bd34cac8fb3ea8df64d24c03b963f18392532a993273d189149c06c84ccRed Hat Security Advisory 2019-2579-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue was addressed.
b7da198c2a2efed0d3ca88cd075ea9eba23338a7a304cf7bd020c4f906c05729I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
30482b56becb6135ed4b74bd4715906774f7c3f3302753985a5fde363f0cc713Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.
38e7a01258bfec09b0882ac7dbf7cd123357ef8737f810d17b3e0ebf1d0c844eRed Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
4345dc1d608a0488b324d4434e2cfb1c27a4314f6530857a03a16fd149420252Red Hat Security Advisory 2019-2571-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.
0faa131337ca5e32a57d48ec0ac89a3416c733ab208d593f8a65826cae68d0b0Red Hat Security Advisory 2019-2577-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue has been addressed.
e60f27e303aab7b3ce7bce56331be0d0c4fd9b703ea70eac7cdcd0d653aeeba9Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
304d734f8346c73e85ea728a6b76429713959e68248569d54ebbdad82c84f68cDebian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.
c04546fd005105ce0ea049041181543abc29468ef19bad67410168c397658f7dUbuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
266fb9a4d88612b859b072db5fec419fd51c1b8f1685d5cfba9cc0a100abcb6bJoomla version 2.5.28 with JomEstate component version 4.1 suffers from a remote SQL injection vulnerability.
61ab3acfecdebfd920fbaa36e2d768af550632f8eb37ce45974f6442d0ab958aJoomla version 1.0.15 with Easy GuestBook component version 1.0 suffers from a remote SQL injection vulnerability.
e34ccc99cb63a7ae6256b9dfe2a8b822378741f20fa917534a05320da115dcc5Outlook Password Recovery version 2.10 suffers from a denial of service vulnerability.
7def290697853aa29553f64be36b153e6a61f20c1e3faa6cdc4d1064a5f9eb71This is an Nmap NSE script to detect where or not a target is vulnerable to the Pulse Secure SSL VPN file disclosure vulnerability. It reads /etc/passwd.
0aeb01131d3f5f40cb1691ea869f293d277ea5bb78ccab4d48d23b912648ac96Red Hat Security Advisory 2019-2565-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. An OpenSSL issue was addressed where an X509 name equality check did not work correctly.
935cc6c3b1e5db1458c55ac7bd5923c3cb3ad5b2cfb9f8be3de685a814df4c15Red Hat Security Advisory 2019-2566-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An issue was addressed where a missing check in fs/inode.c:inode_init_owner() did not clear SGID bit on non-directories for non-members.
786a2c0ea2c94bed1720aef805cb107fa37919901ca1dadc573cec6a373647f1Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a security issue.
aa594b346d11354a2066df25074c9d8e7426543aad3b1db4eb312a646852c745Debian Linux Security Advisory 4509-1 - Several vulnerabilities have been found in the Apache HTTPD server.
05f15168b7b98ddf7c58034b303654c50c6fce27c6c243e52c9f5c3c414bf30dTableau suffers from an XML external entity injection vulnerability.
bed246781976f0c088ca2b766a9c307c9c47fe7ecf081b42bc305d750396f6c5Apple Security Advisory 2019-8-26-3 - tvOS 12.4.1 is now available and addresses an arbitrary code execution vulnerability.
041f2d8074d27f28e655030a8d80e0c4f0803ffff4d36c01ad2db40aecce83eaApple Security Advisory 2019-8-26-2 - macOS Mojave 10.14.6 Supplemental Update is now available and addresses an arbitrary code execution vulnerability.
d6c9009bc10735742bd2f36d80f6d568d2ec1c8e6ad5ec5b208526eb55bdf72c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed