what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

MyBB Advanced Forum Signatures 2.0.4 SQL Injection
Posted Oct 11, 2011
Authored by Mario_Vs

MyBB Advanced Forum Signatures version 2.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 45c7d0b8e4218857dcc995fe41462f80

Related Files

Portspoof Service Signature Obfuscator
Posted Aug 5, 2012
Authored by Piotr Duszynski | Site portspoof.duszynski.eu

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. The general goal of the program is to make the port scanning process very slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.

tags | tool
systems | unix
MD5 | 12b4fbe3591f8bdd8f06597a4d89ed53
Suricata IDPE 1.3
Posted Jul 8, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds a TLS/SSL handshake parser, an HTTP user agent keyword, experimental rule reloading support, AF_PACKET bpf support and packet loss counters, Napatech hardware support, a configuration test mode, a rule analyzer, and on-the-fly MD5 calculation and matching for files. Performance and scalability have been improved.
tags | tool, intrusion detection
systems | unix
MD5 | 058e4f2b2660330f790bff2e1e7a6ffb
OpenLimit Reader Vulnerable Components
Posted Jun 26, 2012
Authored by Stefan Kanthak

OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.

tags | advisory
MD5 | cba35307c4a79af3a60bc1a77bfe05e4
GNU Privacy Guard 2.0.19
Posted Mar 29, 2012
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A space-separated fingerprint is now accepted as a user ID, to ease copying and pasting. The longest key ID available is now used by default. Support for the original HKP keyserver has been dropped. The trustdb is now rebuilt after changing the option "--min-cert-level". The option "--cert-digest-algo" is now honored when creating a cert. Detection of JPEG files has been improved.
tags | tool, encryption
MD5 | 6a8589381ca1b0c1a921e9955f42b016
Carbylamine PHP Encoder
Posted Mar 15, 2012
Authored by Prakhar Prasad | Site code.google.com

Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed.

tags | tool, php, rootkit
systems | unix
MD5 | 2a0006cd9cce2fd3adfed55243144cf7
GNU Privacy Guard 1.4.12
Posted Feb 1, 2012
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: A space separated fingerprint is now accepted as a user ID. This allows you to copy and paste the fingerprint from the key listing. Support for the original HKP keyserver was removed. The trustdb is now rebuilt after changing the option --min-cert-level. JPEG detection was improved. More VMS patches are now included. File locking was made more portable. The 32-bit variant of the mingw-w64 toolchain is now supported. Minor bugs were fixed.
tags | tool, encryption
systems | unix
MD5 | f9a65ccd7166d3fdb084454cf7427564
Suricata IDPE 1.2.1
Posted Jan 21, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Writing of malformed unified2 log records was fixed. TCP timeout handling was improved.
tags | tool, intrusion detection
systems | unix
MD5 | 79a74f7d9cc32d7cacd9783e258d6fee
Suricata IDPE 1.2
Posted Jan 19, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: PCAP live runmodes were fixed. CPU affinity settings for live runmodes were fixed. Windows/Cygwin path handling was improved.
tags | tool, intrusion detection
systems | unix
MD5 | bd7dbcb882281b5a2bdceed5821c114c
Suricata IDPE 1.1.1
Posted Dec 8, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release fixes a crash in the SMTP parser and a problem with AF_PACKET compilation.
tags | tool, intrusion detection
systems | unix
MD5 | 6f011407b67edf10783197b1a087d7cb
Suricata IDPE 1.1
Posted Nov 12, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Performance, accuracy, and stability were improved. Many HTTP rule keywords added. Several SSL keywords have been added. Event suppression support was added. SCTP decoding support was added. IPS mode was improved. An SMTP parser was added. Protocol detection was improved. Extended HTTP output was added. AF_PACKET support was added. PF_RING support was improved. Pcap logging was added. The stream engine was improved.
tags | tool, intrusion detection
systems | unix
MD5 | 8e0d1c3d04694ffcb67334f222446bd1
FStealer Filesystem Mirroring Tool
Posted Oct 31, 2011
Authored by pleed

FStealer automates file system mirroring through remote file disclosure vulnerabilities on Linux machines. It uses both, initial path signatures and runtime analysis of downloaded files to recursively find new files. Because of its modularity it is trivial to extend it by writing your own file or path analysis.

tags | tool, remote, vulnerability
systems | linux, unix
MD5 | a4d280034bc90b78804ef5635d94daf6
Secunia Security Advisory 46352
Posted Oct 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Advanced Forum Signatures plugin for MyBB, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | b7f414b4a3b23603fc8618fe09d0850c
GNU Privacy Guard 2.0.18
Posted Aug 17, 2011
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Compatibility with newer versions of libgcrypt was restored. dirmngr/gpgsm interaction was improved for OCSP. Card keys can now be generated up to 4096 bits. The SSH confirm flag is now supported, and SSH fingerprints are shown in SSH related pinentries.
tags | encryption
MD5 | 2f37e0722666a0fedbe4d9f9227ac4d7
Suricata IDPE 1.0.5
Posted Jul 26, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A stream engine bug was fixed. Various issues found by the Coverity source code analyzers were fixed.
tags | tool, intrusion detection
systems | unix
MD5 | 38a76efd1c9c0d01f6bb49d75dd1b440
Ubuntu Security Notice USN-1169-1
Posted Jul 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1169-1 - William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-1829
MD5 | e35e7194c6573e250bbb6d02a847e348
Suricata IDPE 1.0.4
Posted Jun 25, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various issues found by different source code analyzers were fixed. Bundled LibHTP was updated to 0.2.6.
tags | tool, intrusion detection
systems | unix
MD5 | bb69eff00783e64c75a94e29a6400ef4
Ubuntu Security Notice USN-1139-1
Posted May 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1139-1 - It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-3762, CVE-2011-1910
MD5 | c23b70e91271bcfd86ad725a00c7a970
Remote Timing Attacks Are Still Practical
Posted May 25, 2011
Authored by Nicola Tuveri, Billy Bob Brumley

This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.

tags | exploit, paper, crypto, vulnerability
MD5 | 4558b899d97a106def3ba064ab5eadfe
Suricata IDPE 1.0.3
Posted Apr 14, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Bugs in the detection engine, TCP stream engine, IP defrag engine, and HTTP parser were fixed.
tags | tool, intrusion detection
systems | unix
MD5 | 7c612349fd63a459ded235956769a74f
Ubuntu Security Notice USN-1079-3
Posted Mar 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-3 - USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
MD5 | 7fe5b4348e900358dbdced47d919377f
Ubuntu Security Notice USN-1079-2
Posted Mar 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-2 - USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
MD5 | 169cc48fcffe0c5cbdec7109434561db
Ubuntu Security Notice USN-1079-1
Posted Mar 1, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1079-1 - Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.

tags | advisory, java, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706
MD5 | d0fdae600b8038ace7a4e0a40f6561cf
Ubuntu Security Notice USN-1055-1
Posted Feb 1, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2010-4351, CVE-2011-0025
MD5 | 7f31cba08e7a2017bc21bb6ac3b5b024
GNU Privacy Guard 2.0.17
Posted Jan 22, 2011
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: More hash algorithms are now possible with the OpenPGP v2 card. gpg-agent now tests for a new gpg-agent.conf configuration file on a SIGHUP. The output of "gpgconf --check-options" was fixed. A bug where scdaemon sends a signal to gpg-agent running in non-daemon mode was fixed. TTY management for pinentries and a session variable update problem were fixed. Further minor bugfixes were made.
tags | encryption
MD5 | 123af099740fd159c73a0352a274ec81
Evading Antivirus Signatures
Posted Jan 4, 2011
Authored by Legion Of XTRemers

Whitepaper called Evading AV Signatures - Derailing Antivirus.

tags | paper
MD5 | 5367708e1ee5bd9006afd06da4193ce7
Page 1 of 4
Back1234Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close