Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
9c6e1e62011dc14636b4f5849d5f84a87d42f3acec586620f4296ac473fb6a89189 bytes small add user t0r with password of Winner shellcode for Linux x86_64.
241545198395d326774323f27d944073f582076812a68301bd6bb70961f8cd60Remote command execution exploit for Collaborative Passwords Manager (cPassMan) version 1.82.
e960e46c31b010c7c21b65520e2cf34f88405a9be03cfbdef7f03b7d9cd6edd1This is a small connect-back script written in Python.
835b9dec3575dd1389efc8a4a007dd336a926416a6593e7523caf0ba48d3e976PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ba03e5371037a7543536b1b3657f4b8d9eb3f36d5711e818d4cc69d3057f12f4Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
31da0efcb3a1c6bfaf12e06688d0619522253f130e943a73a69af7e3f60d8eeaSecunia Security Advisory - Some vulnerabilities have been reported in Cisco Small Business SRP520 / SRP540 series, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
2f3f55b2689997092d4a01dbc45d1c49405f5db2fb416c39d947f727955989af62 bytes small Linux/x86 BackShell-TCP bash[/dev/tcp],execve(/bin/sh) shellcode.
c11501f06303b67afdaf120cb4cec86433c1a1f77db9fe89aaa1c8245ba1b310strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964fUbuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.
fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6cAdsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
595f7b9ab3b055170bcdfc0cee03c49f559cde4e2a3910de1d8daf1161cee3f097 bytes small OS X / x86 shellcode that binds a shell to port 4444.
623642c76b21d9c8b8565f08b67486e7985cda73e2d5e7e4e1a112dc36fa3ceeThe cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6SmartyCMS version 0.9.4 suffers from a cross site scripting vulnerability in the template module.
3805f965b9dce94554411cc59a2a33f1e57d235ef1aa6e4fe89e2a264fc7f8c3This is a small application built to demo the weakness in pgsql and networking. It is capable of running login attempts from multiple threads in parallel and can run up to 1024 concurrent connections.
a1cbc90da097874a42f190353d335d48e7833a5c03b38e5d2c09ee9a1505b115This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is capable or reducing internet connections to a crawl and also greatly increasing the load on the server.
a5d2da95b1cd1d0ba6fe4dd2c6679e8bf9b21070ccc3eee14c9f4eeffaa83726Cisco Security Advisory - Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Workarounds that mitigate this vulnerability are available.
4864f4e17fe47b8f6178a603e1cc20bb9f967ec80c223712f14bfa2e367c5c8c180 bytes small Linux/x86 add new user/password shellcode.
2507665fb5598085aa7170024022a8af2b3c254563abca1ee43b028cda2e1de8ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
55175736a0aab53c4fd0bf06c3f44e0984708faf5114baa47134e8aef4661b7fThis is a very small backdoor written in Python.
d0baeea38076b6dcda8e266effbaece56f3447f95f42e03b5da43c0f47bbafefThis is a small MySQL cracking tool capable of running login attempts from multiple threads in parallel. It is capable of 1024 concurrent connections.
f146f20998994d92b163d14ad2d638e4e8fe1b472cee16e5eb3e73270024ebabSecunia Security Advisory - A vulnerability has been reported in HP StorageWorks Modular Smart Array P2000, which can be exploited by malicious people to disclose sensitive information.
ad5992bb3150e1b38938c1fb8e6323a50844bcff511961d5219109156ec7d04eA small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
9656eba6276599aea703b4aa47b69f55bd69c00ef0b2c038630bff66db930ca5HP Security Bulletin HPSBST02735 SSRT100516 - A potential security vulnerability has been identified with HP StorageWorks Modular Smart Array P2000 G3. This vulnerability could be exploited to allow remote execution of arbitrary code. Revision 1 of this advisory.
30e4564ad8125978aac6f705d2b064fcbaa74e30b73701baf28cb18e05dc360794 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.
fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95fThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
c7bba621aee40e67ae1732c8d26a49c49f892205610014eda299bd9d8e79a5b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed