what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

sms.181.dtmail
Posted Feb 1, 1999

dtmail

MD5 | 498d5ab9f5e77838381201dc07090ea2

Related Files

Cura 1.5
Posted Jul 16, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: The modules screen is now Tabular, providing a much better user experience in which all of Cura's modules are provided as tabs on the top of the screen.
tags | exploit, remote
MD5 | 199eea14b1da9508876ff2a0c72ff8c5
Cura 1.4
Posted Jul 13, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release features a completely new UI for the Home (Login) screen where you are dropped upon launch. This is where you access/create/update/delete your server accounts, and it's had a complete do-over.
tags | tool, remote, wireless
MD5 | 7793c2a4d7768273e8677d80b00b06b6
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
MD5 | 1d7bccb50f01020bb04d06e9755e0eec
Netsniff-NG High Performance Sniffer 0.5.7
Posted Jun 30, 2012
Authored by Netsniff-NG Workgroup | Site netsniff-ng.org

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: This is a major release with lots of bug fixes and new features. Highlights include new dissectors for ICMPv6, IGMP, VLAN Q-in-Q, and MPLS, raw 802.11 support for capturing and replaying, and much more.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
MD5 | d2da7a75d163f839129c9ebb8b0004d0
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
MD5 | 333569f5708db49e25c089f6a7579295
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
MD5 | 982fe54a20016aa46a871c084c990c36
Debian Security Advisory 2477-1
Posted May 22, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2477-1 - Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2352
MD5 | dcf5471efc3b58750527fba26e39e8be
Cura 1.0
Posted May 20, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release satisfies all the the tasks promised: terminal, syslog reader, SysMonitor (for CPU and RAM), Nmap, and server stats. In addition, there's the security feature (an SMS can wipe Cura's database (the phone's location is sent back)). It works for Android 2.3.3 (Gingerbread) and above.
tags | tool, remote, wireless
MD5 | cfdfd1bd2a625000e3184f76e8d9cdb0
Cura 0.4.0
Posted May 12, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: Nmap is now fully functional.
tags | tool, remote, wireless
systems | unix
MD5 | af62f7e523cb90aa1162c7561bf4a44e
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | 2a1b0bca846a966a56f662f855ced9fb
IPhone TreasonSMS HTML Injection / File Inclusion
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

tags | exploit, vulnerability, file inclusion
systems | apple, iphone
MD5 | baf9f8ad1ec36e375b28bc78fba8b6f1
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | b607d4a63d0250d0e1f386df5bb3cafb
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
MD5 | c29898edd3a98bd1b649f060126d2bfe
SriSMS Cross Site Scripting
Posted Apr 4, 2012
Authored by the_cyber_nuxbie

SriSMS suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | b985274935b8bf10946e372d58661255
Netsniff-NG High Performance Sniffer 0.5.6
Posted Mar 29, 2012
Authored by Netsniff-NG Workgroup | Site netsniff-ng.org

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: This is a major release with lots of new features.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
MD5 | 9db3d2027c1f59437890f637178c1a02
Analyzing WordPress Themes
Posted Mar 27, 2012
Authored by MaXe

This paper is about discovering vulnerabilities inside the files that make up WordPress themes. It also discusses reverse engineering of encoded PHP files, common tools, exploits, and dangerous copyright protection mechanisms.

tags | paper, php, vulnerability
MD5 | 5db141a79f177a46eeefb27ea5a7acc7
SRISMS SQL Injection
Posted Mar 11, 2012
Authored by the_cyber_nuxbie

SRISMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d8311fd8c32f4d7d3f7c815a3c7bf115
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | b25956639dcd31137e4ec6372376fcc2
Ubuntu Security Notice USN-1364-1
Posted Feb 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1364-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0038, CVE-2012-0055, CVE-2012-0056, CVE-2012-0207, CVE-2012-0038, CVE-2012-0055, CVE-2012-0056, CVE-2012-0207
MD5 | 81c901a7230d414992297f7d2373c766
Ubuntu Security Notice USN-1363-1
Posted Feb 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1363-1 - A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207, CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207
MD5 | 5272d68bea7e1475f014348307a446fd
Dinama SMS Service Cross Site Scripting
Posted Feb 7, 2012
Authored by Ivan Montilla Miralles | Site vulnerability-lab.com

Dinama SMS Service suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 845749ded093bb7db0d9d472e236b2cf
p0f 3.03b Windows Port
Posted Jan 25, 2012
Authored by Michal Zalewski, David Coomber | Site lcamtuf.coredump.cx

P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).

Changes: This is a Windows port of the latest release created by David Coomber.
tags | tool, web, scanner, tcp
systems | windows
MD5 | aea524324828790b24a90be3bb7a0d93
P0f 3.0.0b
Posted Jan 17, 2012
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).

Changes: This complete rewrite adds a range of new TCP fingerprinting mechanisms, sophisticated NAT detection, HTTP inspection and fingerprinting, and updated signatures.
tags | tool, web, scanner, tcp
systems | linux, unix
MD5 | 8a7ea1821b4599bdd1749b6112865c41
P0f 3.0.0 Release Candidate 1
Posted Jan 10, 2012
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).

Changes: Complete rewrite.
tags | tool, web, scanner, tcp
systems | linux, unix
MD5 | c2b4417fce9bb70bee49a1225dbc10f1
Technical Cyber Security Alert 2012-6A
Posted Jan 7, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-6A - Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.

tags | advisory
MD5 | 76510dac2e1855f24b26eba6af7220b0
Page 1 of 4
Back1234Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close