Bluetooth Chat Connect version 1.0 for iOS suffers from cross site scripting and denial of service vulnerabilities.
65f84266ca3b5cd9a93afb354991405e9577aab3627609b1bb372446e0c25408Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
3c758c94c86c4ac72895c9fdaefa767f6b9256d8e658c5b70a850133a119c72bA vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.
1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614Red Hat Security Advisory 2012-1148-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
baa3650c927f75b71009e6046fdee38dd97700186f1927162b03c07e62ab28f7Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.
9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741feconntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
e1da5f4c46094c252df5a167b28ecf2085dd73d1258316021d80612e5c9e332bRed Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
6c0b4a58bbe502f34d3cdba3053094775341e381fd60d5e809bd0de7e804b918This is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against Twitter, Card.io and Square; all of them implement certificate pinning.
016ff5115ca0297edb536e716d760f3e930e000322e864984fcef533462a846bRed Hat Security Advisory 2012-1114-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
737ca44d3c22f02002125758603606b3bf1912e7077558158feefff2fb692236Mandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.
0e6890a08ae22ca1f467f5d5fce0ae80f27743e936d792f852966aa408755bd7Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34ctormux.rb is a single file, zero dependency ruby tor controller for reverse multiplexing outgoing connections between tor exit nodes. By default tor only builds a single circuit, and all your traffic will travel out of a single exit node until the circuit is destroyed and a new circuit is created. but tormux.rb will build and maintain one circuit for each of the number of exit nodes you specify, and round robin your outgoing tor connections between them automatically.
527f59cc6a812254ef01ef67daeaf6d9554561605fa74a844bc39f29447d4419metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.
cb2904017bd8381379f534d13af9da18283b5ba0d4dca0d7ece74f329056ef4eUbuntu Security Notice 1507-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded. Various other issues were also addressed.
16f2b75936f467bc23ca10f8ddc7c026a0d723c0ceef279e65985417b73730bcMagento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.
93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
452844524965f84e286b89ccffc1bed14c53bc8b474602302070ba68650597c9Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
557ffed24e36cacc4f3361981664dc75d9334f99a5cbd59d57af8decc4ab8878Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash. Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported. There are no workarounds that mitigate these vulnerabilities. Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.
d697966c2bf18aa4e5c2c7875970e0cc5906ca0fdb9589c54e691f940c9898edWeevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
9ca1b6b62a4fcc57851e48e31b456e9ea711e0ef46b10cf39d3277547b450333Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9e3d29cc126a1609f93c89cc4b178fb01f091d989e2b8cec117b79eadf7b611cRed Hat Security Advisory 2012-1064-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
0852eec4bdd3e4bd9f3b62617cce1230392a218607fdd7e60df4b80eb3789675This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
a5fb5f9fb5256f9b9ed0a73d71160bd6699b2d23e1947554a86a9c745e5bff43strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed