what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

PRTG Network Monitor 7.1.3.3378 Cross Site Scripting
Posted Mar 1, 2019
Authored by Rafael Pedrero

PRTG Network Monitor version 7.1.3.3378 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-9206, CVE-2019-9207
SHA-256 | 929aabab18dd36ddc0d64df2ed1835203b3bfafb3b51f2c7989ed4531b579fda

Related Files

Ubuntu Security Notice USN-1197-8
Posted Mar 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
SHA-256 | d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55d
Samhain File Integrity Checker 3.0.3
Posted Mar 28, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Some bugs that could lead to deadlocks have been fixed, as well as the missing support for O_NOATIME on 64-bit Linux.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | c8c3069e78dcb8b749a066c7c3bfcea1168243f75afe69a91a6330c99efd9ae4
Ubuntu Security Notice USN-1197-7
Posted Mar 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-7 - USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
SHA-256 | ac7160e78e5c4f1586b86308adbc3d719b961f678bc8a80c5084074cce1d5a5a
Red Hat Security Advisory 2012-0406-01
Posted Mar 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0406-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.0.1 release serves as a replacement for JBoss ON 3.0.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0032, CVE-2012-0052, CVE-2012-0062, CVE-2012-1100
SHA-256 | 360d101810e6235cc19b655e12a4aa1d69327636cb618300fd94bdd33f5fd22e
Red Hat Security Advisory 2012-0396-01
Posted Mar 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-1100
SHA-256 | 145fc959fbc7cc8bfb9b7e7eccef6c448ffafe94e95ffa18be3f080b0c3cbf48
Samhain File Integrity Checker 3.0.2a
Posted Feb 24, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression that could cause a segfault at startup on systems that do not have inotify.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 4547cdadbae075b9106eead876d49fe5ad3ce417882f0447b7f7181590f95a4e
Blade API Monitor Unicode Bypass Buffer Overflow
Posted Feb 20, 2012
Authored by b33f

Blade API Monitor unicode bypass exploit that leverages a serial number buffer overflow vulnerability.

tags | exploit, overflow, bypass
SHA-256 | c109d660b442ebc03a56a50cd730ba3d2d076545a02df2184c4d3368a7dd25c8
Red Hat Security Advisory 2012-0101-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0059
SHA-256 | 0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287a
Red Hat Security Advisory 2012-0089-01
Posted Feb 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0089-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 2.4.2 release serves as a replacement for JBoss ON 2.4.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3206, CVE-2011-4573, CVE-2011-4858, CVE-2012-0052, CVE-2012-0062
SHA-256 | 7178588f30ba4bd4d6f52da97027502090e75fdc4cc09fcce68a551d4ef378f1
ME Monitoring Manager Cross Site Scripting / SQL Injection
Posted Jan 29, 2012
Authored by Benjamin Kunz Mejri, Pim J.F. Campers, Vulnerability Laboratory | Site vulnerability-lab.com

ME Monitoring Manager versions 9.x and 10.x suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 27495ed2f2e058fb3695234a4e0de35c6432d8dc1b07b45b11e1b624e0d050bf
Zorp Proxy Firewall Suite 3.9.3
Posted Jan 29, 2012
Authored by Balazs Scheidler | Site balabit.com

Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.

Changes: This release fixes passphrase handling of trusted CA private keys and removes support for obsolete Linux versions and Solaris.
tags | tool, firewall
systems | unix
SHA-256 | 05c0dd91dd29762f5e296d14459621c31954abd49ee245eed81ed44d3cf305ae
Ubuntu Security Notice USN-1338-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4623
SHA-256 | 6264f07026f2ba1f45c37662a5f12cb7b5059c2d86077a34f78fb276df4673e8
Security Implications Of IPv6 Extensions Headers With Neighbor Discovery Rev 2
Posted Jan 13, 2012
Authored by Fernando Gont | Site ietf.org

IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.

tags | paper, local
SHA-256 | a8b7a492cc8ab102f8884547a7f042ea0e94a1cdbbad648050eb655bf675f524
OP5 license.php Remote Command Execution
Posted Jan 11, 2012
Authored by Peter Osterberg | Site metasploit.com

This Metasploit module exploits an arbitrary root command execution vulnerability in the OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.

tags | exploit, arbitrary, root, php
advisories | CVE-2012-0261, OSVDB-78064
SHA-256 | d2105e1f89c2f28bca22b1adedc6a39012c035a0e29a2b290c1600b2eb85c472
OP5 welcome Remote Command Execution
Posted Jan 11, 2012
Authored by Peter Osterberg | Site metasploit.com

This Metasploit module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.

tags | exploit, arbitrary, root
advisories | CVE-2012-0262, OSVDB-78065
SHA-256 | c351feb8d2465ec452647ebc76a51ac184772093b2251154fbd643ab54b4fa12
Blade API Monitor 3.6.9.2 Buffer Overflow
Posted Jan 10, 2012
Authored by FullMetalFouad

Blade API Monitor version 3.6.9.2 unicode stack buffer overflow exploit.

tags | exploit, overflow
SHA-256 | c9d48f72dc20fd6b0d25cc5dadb7e0c3ed4ef76bbc99113d1647d78260265cb4
Debian Security Advisory 2384-1
Posted Jan 9, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2384-1 - Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.

tags | advisory, remote, web, arbitrary, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2545, CVE-2011-4824
SHA-256 | 97112ae8aa4be514e6406bc346306ae8f043357bb2bc5dd99ba8f00aab17fbc8
Fwknop Port Knocking Utility 2.0
Posted Jan 2, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | e272a89bb05740d89b6d0eef96460f165e52b285cb635d39794bf0db91a8a7d5
Secunia Security Advisory 47344
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in op5 Monitor, where one has an unknown impact and the other can be exploited by malicious users to disclose certain sensitive information.

tags | advisory, vulnerability
SHA-256 | 55b5faf29df0e97c988be26cdda20aab0c6de521037659c4b45e6a0b06cb3778
DoS Attacks And Mitigation Techniques
Posted Dec 28, 2011
Authored by Subramani Rao

Whitepaper called Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. Unlike other theoretical studies, this paper lays down the steps involved in implementing these attacks in real time networks. These real time attacks are measured and analyzed using network traffic monitors. In addition to that, this project also details various defense strategies that could be enabled on Cisco routers in order to mitigate these attacks. The detection and mitigation mechanisms designed here are effective for small network topologies and can also be extended to analogous large domains.

tags | paper, denial of service
systems | cisco
SHA-256 | f1811013d7d890533de92c4b33eb002cc4aea6e5e46e851c9ffe27c39fa5f389
Fwknop Port Knocking Utility 2.0rc5
Posted Dec 15, 2011
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release adds OpenBSD PF support, adds a new FORCE_NAT mode to transparently force authenticated connections to specified internal systems, adds a comprehensive test suite, and adds the ability to automatically expire SPA keys. Several memory handling bugfixes were made.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 125d5d1970d4ec04aabdd90dbc6c7f44e001a9608b9e4e267079f6bcd47b5370
Samhain File Integrity Checker 3.0.1
Posted Dec 7, 2011
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a memory leak in the code for inotify support, as well as a potential deadlock. Bugs in the suid.check and port check modules have been fixed, and compile problems on FreeBSD have been resolved. .
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 485bfcfb0c90f53608da9a29dc0a85f0ebc26baf7ddc6a466e32b6d65b33beff
Wormtrack Network IDS 0.1
Posted Nov 10, 2011
Authored by Aleksandr Brodskiy | Site code.google.com

Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.

tags | tool, worm, local, intrusion detection
systems | unix
SHA-256 | d14c1f13e9ebf372fff1196929b62f243ebe2d1b93e88472662a96e12abd305b
Samhain File Integrity Checker 3.0.0a
Posted Nov 9, 2011
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release adds support for inotify on Linux, to enable immediate reports on file changes and reduce I/O load. Debugging output for IPv6 issues is more complete now, and a problem with the combination of prelink support and the suid file check has been fixed
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 1090a1afff1ba600c1cbdca7e39f45bef8e7d219ab2aee212c069989219b4b5c
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
Page 2 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close