what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Transposh WordPress Translation 1.0.8.1 Improper Authorization
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".

tags | exploit
advisories | CVE-2022-25810
SHA-256 | af33faff2eac2d7e60b23a09b13a21e743b2acab343abb9a1ba1e8f3913a386d

Related Files

Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow In Win32k!scl_ApplyTranslation
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2456
SHA-256 | 04fddfcac6b041b9767e037c57308e83d27c063d91368ef64e5e28a5f2f828ad
SSLsplit 0.4.11
Posted Mar 18, 2015
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Fix loading of certificate chains with OpenSSL 1.0.2 (issue #79). Fix build on Mac OS X 10.10.2 by improving XNU header selection.
tags | tool, encryption
SHA-256 | 75554ca11ee38d727456b17b6afd5379e5c14c05160ca66755a25f248b4b1730
SSLsplit 0.4.10
Posted Nov 30, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Multiple new options added. Startup memory leaks have been fixed. Minor bug fixes and improvements.
tags | tool, encryption
SHA-256 | f230772efe25557ac62987a865b889bd9253345acb4f0ad2841c7848e7993ce0
SSLsplit 0.4.9
Posted Nov 4, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: No longer chroot() to /var/empty by default if run by root, in order to prevent breaking -S and sni proxyspecs (issue #21). Fixed segmentation fault when using -t without a CA. Various other updates.
tags | tool, encryption
SHA-256 | 05c5417a42590ca3bba3ad30881484bc6f8f78aad1a422b3765409428a5e3f06
Cisco Security Advisory 20140924-nat
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 63ec1698c6f3c1763eb3e90238c8c14bb13ab2307119a50dc21da378dde9e0b4
Cisco Security Advisory 20140326-nat
Posted Mar 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
SHA-256 | 0d4a383712ff0282199a25bb4210625c70f16c2c87c4f53b3319173aabba2fbe
SSLsplit 0.4.8
Posted Jan 16, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release adds experimental support for pf on Mac OS X, and adds support for pf divert-to on FreeBSD and OpenBSD. SSLsplit now removes headers advertising support for SPDY/QUIC from HTTP responses. Additionally, a number of segmentation faults, a memory leak, and a file descriptor leak have been fixed, greatly improving overall stability.
tags | tool, encryption
SHA-256 | 2c181413b1ac98c2e968838cf2aff201b6ff5bba656c22f9d1c756626cd5aa16
Mandriva Linux Security Advisory 2013-255
Posted Oct 18, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-255 - A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances. Physically proximate attackers could use this flaw for example to obtain unauthorized access to gnome-shell session right after system resume.

tags | advisory, shell
systems | linux, mandriva
advisories | CVE-2013-2190
SHA-256 | 318c161bad22c9578dac995bb0cc50a71769a4b20ec80a826c602730c6f8d7cc
Cisco Security Advisory 20130925-nat
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
SHA-256 | 94953ab0dff6a2e901274ec8b4f46779d4645720bf2390bbffed0e8224d63fb2
SSLsplit 0.4.7
Posted Jul 3, 2013
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release prevents IETF draft public key pinning by removing HPKP headers from responses. Also, remaining threading issues in daemon mode are fixed, and the connection log now contains the HTTP status code and the size of the response.
tags | encryption
SHA-256 | 7e75b73ed026d9c776cf93a1d7ed5ad247973c3ce94a6b3367f474f7a56117db
SSLsplit 0.4.6
Posted Jun 4, 2013
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This bugfix release fixes a bug in passthrough mode (-P) when no matching certificate is found for a connection (issue 9) and a bug in binding to ports less than 1024 with default settings (issue 8). Additionally, it works around a bug in OpenSSL 1.0.0k and 1.0.1e which caused a segmentation fault when loading certificates or keys.
tags | encryption
SHA-256 | 3143e1c71803d7c023db29134bb1a2f142de3ebaf7c35d5109204828ddb3b075
Mandriva Linux Security Advisory 2013-082
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3481, CVE-2012-3403, CVE-2012-3236, CVE-2012-5576
SHA-256 | 5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62e
Cisco Security Advisory 20130327-nat
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | d8a9ebcc5bcdbb846ebb55212f513487470545447c60d9e5baa8b680cb2e36b9
Cisco Security Advisory 20130327-pt
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7bfd2bd455cd5f6b92d91689d93812aab9c993e272761cdfb6ba0d2c3bf6c303
Foswiki MAKETEXT 1.1.7 / 1.0.10 Code Execution
Posted Feb 19, 2013
Authored by George Clark, Paul Harvey, Crawford Currie, John Lightsey

This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, which Foswiki uses to provide translations when {UserInterfaceInternationalization} is enabled in the configuration. Because of this vulnerability it may be possible for a user to invoke arbitrary perl modules on the server through a crafted macro.

tags | advisory, arbitrary, perl
advisories | CVE-2012-6329, CVE-2013-1666
SHA-256 | 023db9151bd2be81fe7fb2120f8132f7dc0869271e0ab523331a0d259b93ee55
Linux IPTables Firewall 1.4.17
Posted Jan 26, 2013
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release adds support for the Day Transition Ignore option in xt_time.
tags | tool, firewall
systems | linux
SHA-256 | 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925
Ubuntu Security Notice USN-1681-3
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-3 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743
SHA-256 | aef9bd0134382453da04d18de3f8d989d0313ca67877b0a7c7b82b2dd398cd22
SSLsplit 0.4.5
Posted Nov 9, 2012
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This maintenance release fixes a number of bugs, including daemon mode issues related to threading and a problem in the Linux netfilter support. It adds support for 2048-bit and 4096-bit Diffie-Hellman.
tags | tool, encryption
SHA-256 | 176b0905be6ec22ab6f20a0142ee7bbc6a083a889490a27c60503a7e9dbd155b
Linux IPTables Firewall 1.4.16.2
Posted Oct 8, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release includes aliasing support, which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well.
tags | tool, firewall
systems | linux
SHA-256 | 4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e
Cisco Security Advisory 20120926-nat
Posted Sep 26, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains two denial of service (DoS) vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | f866d237931005ac54413bcca55338710c290b4fd86b1addc2bab627cc0c95ad
Linux IPTables Firewall 1.4.15
Posted Aug 1, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release adds support for changes found in Linux 3.5: the "hashlimit" match has gained support for byte-based operation, and the "recent" match has gained the "--mask" option to group hosts.
tags | tool, firewall
systems | linux
SHA-256 | 867c144e60075e7bebe6fcecf0b65169d5e2d1fa5ceec2ebd9780cd5026123ea
Linux IPTables Firewall 1.4.14
Posted May 27, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release supports the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT targets.
tags | tool, firewall
systems | linux
SHA-256 | 9be675696f41cd4f35cc332b667d285fe9489ca93c8e1f77804bd04b3315a522
SSLsplit 0.4.4
Posted May 12, 2012
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release adds improvements to OCSP denial and bugfixes.
tags | encryption
SHA-256 | 10da16c1be95d20157145da3dd5e9ffea69818889a25c2c134fcd14c97fbf6a3
Linux IPTables Firewall 1.4.13
Posted Apr 22, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release added support for xt_addrtype rev 1, xt_nfacct, xt_rpfilter, IPv6-capable xt_ecn, and xt_recent's reap feature.
tags | tool, firewall
systems | linux
SHA-256 | 321e2600fc4541a958e44cafd85a42864b0035404097e0f2e082d474029b9ded
Cisco Security Advisory 20120328-nat
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2012-0383
SHA-256 | 621d511df36164003264ce4995e8cc2dd26b288bbfe0e1518a4cf0d7dddeebc1
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close