Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
47080b28a8e6f189781fc5c7cf47144a2979d43b700a2d3c2a02da8c54e85bcdWonder CMS version 3.1.3 suffers from a persistent cross site scripting vulnerability.
ccccd9ed98df37b0b7a126ce3016965c698022509b6de871a00456304fad8878NetSurveillance version 4.02.R11.00000140.10001.131900.00000 allows for an unauthenticated password change when no default security questions are set.
fd6228be6ec00b50ecd7051a15b7ee6d6dab5137e53bd49f35b84c6cdb78e569Zortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.
0c44dc348d50e18cbc6ca452a51654910cc7056e24192001ae9b51ca1edf22a1This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.
2fc82acea7b95409d6f96c56885e269103215f19b294a61787c2ac74dca93a0fUbuntu Security Notice 4637-2 - USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Various other issues were also addressed.
4f713adabc152105077747045996121534ba7401875c9364bf618c591b2cdb5cUbuntu Security Notice 4639-1 - It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting attack via a crafted URL. Various other issues were also addressed.
0779e7fa341ac78947934c261f4952b8924a503204b0c78b2229b84b8e1cf6f8Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
25ed4c4c97f26a3df2dd64a41c356940753751abc3e5c7c9e0d7b682495221d9Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7derfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cfThis paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work.
07ddd32f849e88cecb82baf3b3250a7eb1c7d1d4a8c6cc06db0ab498817a4eb2This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.
6c879a4e9e6dc2c3ad319ed39819005bbf1975b59feee6d511f7f1140f97fd91testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43Ubuntu Security Notice 4638-1 - It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service.
22de1321f37779e2a2d90f916ad60679e84d0748afd9a717f50205a77a95bd19TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.
2b86aa20695ff99c9d185ed04df1ba3584158ebaa73e1ac6836170d8afc84ad0Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.
126c83263ec1f977ca3ab7e64bbe290057fbec2da0c2f3bde1d8a8451fe4b9caTestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.
233c49f03cbf8d45807a7927e676676ff08c5611513b7f16a38b6e2269b4f097TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.
564d7395708184ec2af19cd4ab16e8142690010142bb9ee73b933525fb89b775Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.
288c20759376d1be2b2201de3eb7d9f660659dd2077eb3c2933919f67608b027Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.
77157f59589b89e5782b1e7180f9a4549ec5495b926d3cc0be053079751dbf39Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.
a114564a42184343d9c6589e82df2fbc813bb7026cb726f7d8f2579fd2b930dbM/Monit version 3.7.4 suffers from a password disclosure vulnerability.
a92ed4a23d80cabbc2f2973223f9125882573e59be97d5bf20768d3a5a796437M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
940af9a4fdd41005d1f80fc80891326898228ca47a2d355adeb0d8951f939180Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.
3fa20aa2a7c614b9b11d6fbc0c9ba54d294469d6ed5ae63e80764789e70be637
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed