what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2020-11-19 to 2020-11-20

GRAudit Grep Auditing Tool 2.8
Posted Nov 19, 2020
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Updated Electron rules. Updated PHP rules. More scala rules and a scala signature set. Updated C rules. Updated Java rules. Many other updates as well.
tags | tool
systems | unix
MD5 | e38b9c328f5747a4cd4db02bd628a0ef
American Fuzzy Lop plus plus 2.68c
Posted Nov 19, 2020
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Added the GSoC excellent afl++ grammar mutator by Shengtuo. A few QOL changes for Apple and its outdated gmake. Various other updates and improvements.
tags | tool, fuzzer
systems | unix
MD5 | d193b5f93e53d0acb749fcf01faf27f7
Global Socket 1.4.22
Posted Nov 19, 2020
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

tags | tool, tcp
systems | unix
MD5 | 697aff8d6aa465252692af99375ce8f7
erfs 1.4
Posted Nov 19, 2020
Authored by thc, Skyper | Site thc.org

erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.

tags | tool, remote, bash
systems | unix
MD5 | 8760e61d1fb0d63faba1e847ebb48b34
THC Tips, Tricks, And Hacks Cheat Sheet
Posted Nov 19, 2020
Authored by thc | Site thc.org

This paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work.

tags | paper
systems | linux
MD5 | fa4c8dc91c13d2440428ff60d1c22572
Oracle WebLogic Server Administration Console Handle Remote Code Execution
Posted Nov 19, 2020
Authored by wvu, Jang, voidfyoo | Site metasploit.com

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.

tags | exploit, java
systems | linux, windows
advisories | CVE-2020-14750, CVE-2020-14882, CVE-2020-14883
MD5 | 5405ea15491baee8139d2505e9a04d02
TestSSL 3.0.3
Posted Nov 19, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Updated certificate stores. BREACH is now medium. Dockerfile improvements. Various other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | afcbd6001bd3128b99675f5eceab35ce
Ubuntu Security Notice USN-4638-1
Posted Nov 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4638-1 - It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-8277
MD5 | 44f58c24d1c620f3c03815521bb69811
TCMalloc Inspector Tool
Posted Nov 19, 2020
Authored by Marcin Kozlowski | Site github.com

TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.

tags | tool
systems | unix
MD5 | 5bfabbb583351d1bd58083c6bba6c75c
Sokrates SOWA SowaSQL Cross Site Scripting
Posted Nov 19, 2020
Authored by Marek Holka

Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.

tags | exploit, xss
advisories | CVE-2020-28350
MD5 | 15252a94b63142ee47e189d614cb2549
TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution
Posted Nov 19, 2020
Authored by Darren King

TestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution
MD5 | 6b5e7dfb10e7c55e6f044ad18e15665b
TestBox CFML Test Framework 4.1.0 Directory Traversal
Posted Nov 19, 2020
Authored by Darren King

TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 88450fd3a243fe57d5806f5e6b84c134
Gemtek WVRTM-127ACN 01.01.02.141 Command Injection
Posted Nov 19, 2020
Authored by Gabriele Zuddas

Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.

tags | exploit, arbitrary
advisories | CVE-2020-24365
MD5 | 83915d2924ba8a50603a28a3724ffd72
Internet Download Manager 6.38.12 Buffer Overflow
Posted Nov 19, 2020
Authored by Vincent Wolterman

Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 75f8a4e63787ca4ceecda8a6cac0ad9f
Nagios Log Server 2.1.7 Cross Site Scripting
Posted Nov 19, 2020
Authored by Emre OVUNC

Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 102cbaa765bfdff7bcd28a1786fecca1
M/Monit 3.7.4 Password Disclosure
Posted Nov 19, 2020
Authored by Dolev Farhi

M/Monit version 3.7.4 suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 87650ececf79737f062ed7b60d0c8f27
M/Monit 3.7.4 Privilege Escalation
Posted Nov 19, 2020
Authored by Dolev Farhi

M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 113ca819223ec2509a10cb30146bc254
Gitlab 12.9.0 Arbitrary File Read
Posted Nov 19, 2020
Authored by Jasper Rasenberg

Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.

tags | exploit, arbitrary
MD5 | 3a88b97ad457af5b8a78720ceabce567
Fortinet FortiOS 6.0.4 Password Modification
Posted Nov 19, 2020
Authored by Ricardo Longatto

Fortinet FortiOS version 6.0.4 suffers from an unauthenticated SSL VPN user password modification vulnerability.

tags | exploit
advisories | CVE-2018-13382
MD5 | 8cbcfebe7d54fee1190d0829da7cd468
xuucms 3 SQL Injection
Posted Nov 19, 2020
Authored by icekam

xuucms version 3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28091
MD5 | c0a81aa562cb050ae8e03852cc39f6b4
PESCMS TEAM 2.3.2 Cross Site Scripting
Posted Nov 19, 2020
Authored by icekam

PESCMS TEAM version 2.3.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-28092
MD5 | 6a30b850cb736abb614e9c8813bb1ca9
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    20 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close