what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Backup Key Recovery 2.2.7 Denial Of Service
Posted Jun 8, 2021
Authored by Erick Galindo

Backup Key Recovery version 2.2.7 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 9abf25afe887cb7990ba1f1dcf4a4071

Related Files

Red Hat Security Advisory 2013-0191-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d9a177ae77d5a5d614afb6b19fecda3c
Red Hat Security Advisory 2012-1344-01
Posted Oct 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b5987ecaec1135d3720ef5059dd9296e
Red Hat Security Advisory 2012-1330-01
Posted Oct 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1330-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | 2592d2a7fb7b0ba9fa70b3f2e7027c1b
Secunia Security Advisory 50033
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Symantec Backup Exec System Recovery 2010 and Symantec System Recovery 2011, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | e9f67b981f02e79d890e0d2875931dc2
Quarks PwDump 0.1b
Posted May 20, 2012
Authored by Kaczmarek Sebastien | Site code.google.com

Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts local accounts NT/LM hashes and history, domain accounts NT/LM hashes and history, cached domain password, and Bitlocker recovery information.

tags | local, cracker
systems | windows, 32
MD5 | 8f2cf3805445690010dece3116715100
PcwRunAs 0.4 Password Obfuscation Design Flaw
Posted Mar 26, 2012
Authored by otr

The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.

tags | exploit, local
advisories | CVE-2012-1793
MD5 | cccadcae9e833c363605398616a5e1ac
Android Wipe Failure
Posted Mar 19, 2012
Site hatforce.com

Hatforce has discovered that the "wipe" function on Android does not reliably delete data on all devices. On a Nexus S running Android 2.3.6, they were able to recover user data after running a "wipe" both using the "factory data reset" from the menu and by wiping the device from recovery.

tags | advisory
MD5 | 88595f91899876265c913f5363a272a5
Ubuntu Security Notice USN-1355-1
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443, CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
MD5 | 21014e7685b2de0234ac75fd2b4a5509
Ubuntu Security Notice USN-1355-2
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443
MD5 | 8791de077f5bd63d5d9c170bf7739905
Ubuntu Security Notice USN-1355-3
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443
MD5 | 89b0a01e7c3a96dcdd52016aac1b682d
Conduit Wibiya Password Recovery Toolbar Cross Site Scripting
Posted Feb 4, 2012
Authored by r007k17-w

Conduit Wibiya Password Recovery Toolbar suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 08fb2a09c22520dcd558560108ec7578
RSA Adaptive Authentication Security Fix
Posted Dec 13, 2011
Site emc.com

An issue with RSA Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the Device Recovery capability and Device Identification used by the defined policy.

tags | advisory
advisories | CVE-2011-2741, CVE-2011-2742
MD5 | 94a93d63e1e7550e5a2777617c527928
Core Security Technologies Advisory 2011.0606
Posted Jun 30, 2011
Authored by Core Security Technologies, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.

tags | exploit, remote, arbitrary
advisories | CVE-2011-1866
MD5 | 2b607c134d5d1bd9d316d28d48a0077d
Core Security Technologies Advisory 2011.0514
Posted Jun 30, 2011
Authored by Core Security Technologies, Oren Isacson | Site coresecurity.com

Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.

tags | exploit, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2011-1865, CVE-2011-1514, CVE-2011-1515
MD5 | abd37569821fe8444da64f3385882387
Digital Forensics Framework 1.1.0
Posted May 25, 2011
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: The GUI is now available in Chinese and also fully supports Unicode. An AFF dump connector has been added, based on AFFLib by Simson L. Garfinkel. Another new module allows you to extract mailbox contents from PST, OST, and PAB files, while also recovering deleted, orphaned files, and unallocated clusters, based on Joachim Metz's LibPFF. A new cache system was added for File Mapping and File Descriptor, and new time stamps handling was added. FAT orphaned files scan and attributes have been improved. A bug when adding devices and files on Windows several times has been fixed. FAT and NTFS modules have also been fixed.
tags | tool, forensics
systems | unix
MD5 | 77372cb3787af918f49709227aab2d99
Secunia Security Advisory 44629
Posted May 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two weaknesses have been discovered in Symantec System Recovery, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
MD5 | b7aeca479b7d4127b77f4d57c62093c0
Symantec Backup Exec System Recovery 8.5 Crash
Posted May 12, 2011
Authored by Stefan Le Berre, Heurs

Symantec Backup Exec System Recovery version 8.5 kernel null pointer dereference crash proof of concept exploit.

tags | exploit, kernel, proof of concept
MD5 | d6cc9d3c9a787b698fbe40bb188ecf01
Digital Forensics Framework 0.9
Posted Jan 13, 2011
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

tags | tool, forensics
systems | unix
MD5 | cfbbd55046b1833424192ed91532bca8
Secure RM 1.2.11
Posted Nov 29, 2010
Authored by Matthew Gauthier | Site srm.sourceforge.net

secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.

Changes: Win32 command line wildcard expansion was implemented. The use of "-v -v" displays the current write position. The SIGINFO and SIGUSR2 signals trigger a display of the current write position. The -x option does not cross file system boundaries. Block devices are overwritten.
systems | unix
MD5 | 9617033fc97651a529fb80930da6a278
HP Security Bulletin HPSBMA02604 SSRT100320
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02604 SSRT100320 - Potential security vulnerabilities have been identified in HP Insight Recovery for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or arbitrary file download. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
systems | windows
advisories | CVE-2010-4101, CVE-2010-4102
MD5 | ab9c2d5a9082619ab74f886f402d2abb
Secunia Security Advisory 42037
Posted Nov 1, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in HP Insight Recovery, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
MD5 | 5e2400856f1a6d53980278b39113f556
Digital Forensics Framework 0.8
Posted Oct 28, 2010
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: Ext2/3/4 and NTFS are now supported. The picture viewer now extracts thumbnails and EXIF metadata, and next and previous buttons are available. Linux live analysis is now possible. Browsers were enhanced. Widget management was improved. Menus were cleaned up. Live doc was enhanced by providing more information when calling "help(classname)" from the Python interpreter. The IDE now supports templates for new MFSO from v0.7.0. FAT FS manages recursion on deleted folders. A new statistic module was added, which produces a round chart listing the number of files by data type. A bindiff module was added, showing hex differences between two binary streams.
tags | tool, forensics
MD5 | 97f4c59edbdaf51186cd8f90715248ef
Secunia Security Advisory 41584
Posted Sep 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in MunSoft Easy Office Recovery, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 5048944d42a7a202b383f88914d1a874
SEasyOfficeRecovery DLL Hijacking
Posted Sep 23, 2010
Authored by anT!-Tr0J4n

SEasyOfficeRecovery DLL hijacking exploit.

tags | exploit
MD5 | cb15e4dfc7774383becf2e69f68a6f63
Digital Forensics Framework 0.7.0
Posted Jul 26, 2010
Authored by Christophe M., Solal J. | Site digital-forensic.org

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

Changes: This release is dedicated to the DFRWS 2010 challenge. The API was rewritten to provide mapped file system objects, allowing data identification from a very low level. Attributes on nodes were improved, so any module can dynamically add its own attributes. Support was added for BSD systems. Many bugs were fixed. Graphical embellishments were made.
tags | tool, forensics
MD5 | 6b32705c46baca28919e4eb4a86d5edb
Page 1 of 4
Back1234Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close