log4j-payload-generator is a plugin for the woodpecker framework to produce log4 jndi injection vulnerability payload. Five types of payloads can be produced with one click.
9319f5c8420c855db8f2e53dd3489078c212cfa37c4333ed77c190d1645962f9Secunia Security Advisory - m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
e2af86e51f3b172ba44db4551fe392b03f4fd5094dab76f17d25471293940bb0GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
7e3f431a43e5366ff5a9b7646d2a79892a905237ef18cb147b945ec99012686dSielco Sistemi Winlog version 2.07.14 suffers from a buffer overflow vulnerability.
71dc0e478c018802c78851d100f2652f7e842e3e1604094dcb13528a24d8940eSecunia Security Advisory - A vulnerability has been discovered in the Theme My Login plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
bd7791c5e26a1a58fa8454cf5a09fc73ed249beba8d67b339c94bc4daa36e62fmod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
8ff3de9c5acc026c6fd74fd8e599c0c2659cd29c51693dbf67a8bf8c609be94eThe seventh annual EUSecWest applied technical security conference - where the eminent figures in the international security industry get together share best practices and technology - will be held in downtown Amsterdam near Leidseplein Square on September 19/20, 2012. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials. This is the Call For Papers.
73ac8a41554f9ccb3147b8d66807d54eb71c1fb95d025fa3bfdc12562e584f7bDblog version 1.4.1 suffers from an access bypass vulnerability.
b385b6d7bfd3e487033ccfb40153e6b9b3e9d4761dab6f1dcb1a584ab7a75cd9Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
73ff5dfb078e0744709d0ead26276a1c88af8a9f0515e786a60c84bd9cd9cfc7F2blog suffers from a shell upload vulnerability.
3b1f10882bb049e0f5c63bdc6ff4ae280a1de98097ff9908017c8b912c2f8520This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.
5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70Prominent Technologies CMS suffers from a remote SQL injection vulnerability.
219ea236e99b1a274098f6b9d807535638575f4db7ba125471561a7144829bbaTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
2f1ba76561161a4b1b0a817d76cb62c817dd94f5aeb98806a1a2cb79ca795bb4OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
6409174084ae79389fb5b4081cf1fa663331c5ddae49e401a3f98afe59518417This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.
a9247fc86c26d352083bf798cdd011abca8e533b47fe3653ae48f91b1a8c9e3bMultiple SQL injection vectors and an authentication bypass were discovered in SCLIntra Enterprise. An attacker can leverage this flaw to bypass authentication to the application or to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. SCLogic SCLIntra Enterprise version 5.5.2 on Windows 2003 is affected.
c7954229b9ce16aaf5f3c60a61787040cfee262c67b973d25aca89a39defc883GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
310262d1ded082d1ceefc52d6dad265c1decae8d84e12b5947d9b1dd193191e5This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63Secunia Security Advisory - A vulnerability has been reported in Logitec LAN-W300N/R, LAN-W300N/RS, and LAN-W300N/RU2, which can be exploited by malicious people to bypass certain security restrictions.
f9d56eee8b724d15b8c7efac14f151b0179305f5089c72f08e59bb9a31cc91f5This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
9bd2fe133907afe8dae3b0872be07135e15c6152fbb081eaf7b8fefe328ad0a3LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
20e0cd6da8ae12e950d981ee3947ff25853bdc8fedef7053293f570dfee099d1Secunia Security Advisory - Codseq has discovered multiple vulnerabilities in Adiscon LogAnalyzer, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
b53f4c7909bd71be210b970d4fd281b79f3a83074200830f5fdf510e1b6caa91Plogger Photo Gallery suffers from a URL encoded SQL injection vulnerability.
1d809b3e47f9bc73a1cdb2626975f37ede3807ab5c5a5139362dded3b11e4574Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
11557623033f83fd59c047df77732ae8b78ffc6326f727c0c1aea355a332f580The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) Call For Papers has been announced. It will be held December 10th through the 12th, 2012, in London, United Kingdom.
c791793c87de3a8c911dbcc3147c6c70f0263c3df33aac921b6f65cb2a93c7adSolaris suffers from a TTYPROMPT remote login bypass that allows for command execution as uid bin.
70ebcee51d2df3080fb3f951463a878b96b34bc14e853bfdff728b55adb1313c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed