what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files

fmat.txt
Posted Oct 21, 2006
Authored by K-sPecial | Site xzziroz.net

An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.

tags | paper
systems | unix
SHA-256 | 0c45b1d562e077e6945b0677cd1ab74d79b4754f927c1df8be3f30b948146365

Related Files

Microsoft Windows MSHTML Overview
Posted Sep 20, 2021
Authored by Eduardo Braun Prado

This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.

tags | exploit
advisories | CVE-2021-40444
SHA-256 | 78527c30f8b16f6de1e16c3cf93b1aaa4506bde934637509d7046e6e1fd8681b
Debian Security Advisory 4946-2
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4946-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.12.

tags | advisory
systems | linux, debian
SHA-256 | c68262c97d919eb578386a6d0bafebde010db2b518d3a8fc42fc6793711fbefd
Ubuntu Security Notice USN-4995-2
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260ee
Debian Security Advisory 4899-2
Posted May 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4899-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.11.

tags | advisory
systems | linux, debian
SHA-256 | f70ba620a0f91af5f16feb81d31fee9120de509e3d414a516cbeb63fb061c53c
Alternative For Information_Schema.Tables In MySQL
Posted Jan 29, 2017
Authored by Osanda Malith

Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.

tags | paper, sql injection
SHA-256 | 8006a7c0f0af2402a7ed534eb5b6b5a2613ea2701de03a1ce153a9ff29ed3eab
FreeBSD Security Advisory - OpenSSL Certificate Forgery
Posted Jul 10, 2015
Authored by Adam Langley, David Benjamin | Site security.freebsd.org

FreeBSD Security Advisory - During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS. An error in the implementation of this logic could erroneously mark certificate as trusted when they should not. An attacker could cause certain checks on untrusted certificates, such as the CA (certificate authority) flag, to be bypassed, which would enable them to use a valid leaf certificate to act as a CA and issue an invalid certificate.

tags | advisory
systems | freebsd
advisories | CVE-2015-1793
SHA-256 | 7506aba3461e8c1915436a9531f38abc96e09fee2b93caefa87da64dce1a32d3
OpenSSL Security Advisory - Certificate Forgery
Posted Jul 9, 2015
Site openssl.org

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

tags | advisory
advisories | CVE-2015-1793
SHA-256 | cfc5b150eaaface19d5bc83171cbff00f8f18c960fc0ee96be5169072ac0faf9
Debian Security Advisory 3222-1
Posted Apr 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3222-1 - Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server.

tags | advisory, vulnerability
systems | linux, redhat, debian
advisories | CVE-2015-1821, CVE-2015-1822, CVE-2015-1853
SHA-256 | 4322d7113061b959d9091b6bf8f6bac42fe6ec571c0c5ae8e3403642e50ba4f9
Generating Stable Privacy-Enhanced Addresses With IPv6
Posted Jun 4, 2013
Authored by Fernando Gont | Site ietf.org

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware address (e.g., using IEEE identifiers), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses.

Changes: Revision 9 of this document.
tags | paper, local
SHA-256 | aea1ddd79e402a7e6cae6940341f56386d8efe61f639f9142e54a9dda4b93d71
Generating Stable Privacy-Enhanced Addresses With IPv6
Posted Mar 31, 2012
Authored by Fernando Gont

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the benefits of stable addresses can be achieved without sacrificing the privacy of users.

tags | paper
SHA-256 | 2be85628520d1d07881dc0a60f77204594c41e42519ec05b5b14ddb2b2f10d7f
SourceForge Local File Inclusion
Posted Jan 5, 2012
Authored by 3spi0n

Lgames.sourceforge.net suffers from a local file inclusion vulnerability. Packet Storm contacted SourceForge about this issue and they told us that they are aware of the issue but that the files exposed do not pose a security threat. An additional request asking for clarification on whether or not they are going to fix this fell on deaf ears. Packet Storm suggests using an alternative such as Google Code to host your project.

tags | exploit, local, file inclusion
SHA-256 | f89e74ed8e62040c8eea0f61df5f2b4d5a8882bbe6124d928c23adc425bf3a7e
IETF I-D On "Stable Privacy Addresses"
Posted Dec 16, 2011
Authored by Fernando Gont

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the same manageability benefits can be achieved without sacrificing the privacy of users.

tags | paper
SHA-256 | 542e6aa994a33734dc569e8c3b291d6929f88f48ab8d12f2e29320b1c816fadd
Debian Security Advisory 2202-1
Posted Mar 24, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2202-1 - MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1176
SHA-256 | b928a735f521bacebfb2c8190a7619edeff9aeca300224b2d84504d193d6561b
Zero Day Initiative Advisory 11-081
Posted Feb 9, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within construction of a specific ActionScript3 object. Due to improper type checking in the implementation of the constructor, an alternative type can be provided as an argument to the constructor and stored as a property. When this object is applied to a bitmap copy, the application will corrupt memory. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-0578
SHA-256 | 21b49ddb945270a53d1f6fbd5ead749c4f9bc0c69284816847adb4969b6abb6c
integrit-4.1.tar.gz
Posted Jun 6, 2007
Site integrit.sourceforge.net

Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

Changes: Fixed exit status, considering missing files correctly as a change.
tags | tool, intrusion detection
systems | unix
SHA-256 | 2a09b670ee025d6fae756e044f780ccaca90688a97183a350927e3885174223e
Debian Linux Security Advisory 1164-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1164-1 - A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2006-4434
SHA-256 | b96b17b0d3c4a77b358668969e48fc94d6ed53273c3e36641c0848102b5a2176
integrit-4.0.tar.gz
Posted Aug 17, 2006
Site integrit.sourceforge.net

Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

Changes: Updated output format for "new" file checksums to match "removed".
tags | tool, intrusion detection
systems | unix
SHA-256 | b0c09cf90404045759571a768a1f4581c0fc7db9a07bc00fef7356c799b200ec
scponly-4.6.tgz
Posted Feb 2, 2006
Authored by Joe | Site sublimation.org

scponly is an alternative shell for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. Functionally, it is a wrapper around the ssh suite of applications.

Changes: Added missing semicolon.
tags | remote, shell, local
systems | unix
SHA-256 | dfa5a334d66150289a391aea4dc00d1b039c644fd1c628bdeddaa7b0710e01a7
integrit-3.05.tar.gz
Posted Sep 22, 2005
Site integrit.sourceforge.net

Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

Changes: Documented Chris Johns changes and updated Makefile targets for developers.
tags | tool, intrusion detection
systems | unix
SHA-256 | 12aa8e7506120af5d3dfb3a07869450f492f876d99f18d9f623d17120ac2475d
NISR-AntiBruteForce.pdf
Posted Mar 22, 2005
Authored by Gunter Ollmann | Site nextgenss.com

Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.

tags | paper, web, cracker
SHA-256 | 15245aa7f4bb6184fef5aa8d48258f1200f40a2d9cf75e582ce17ce1140f0645
etherdam-0.3.tar.gz
Posted May 9, 2004
Authored by Kelledin | Site etherdam.sf.net

The etherdam utility is an IPTables firewall configuration engine. It implements a primitive scripting language as an alternative to the direct use of iptables. It comes with full documentation plus a heavily commented example configuration file. The configuration file should work for many scenarios with minimal adjustment.

Changes: Bug fixes.
tags | tool, firewall
systems | linux
SHA-256 | 2a178517bb502a2c6ecb01f4ce83f0fba4d3d3461939e5f3b1ec8cad32127782
etherdam-0.2.tar.gz
Posted May 1, 2004
Authored by Kelledin | Site etherdam.sf.net

The etherdam utility is an IPTables firewall configuration engine. It implements a primitive scripting language as an alternative to the direct use of iptables. It comes with full documentation plus a heavily commented example configuration file. The configuration file should work for many scenarios with minimal adjustment.

tags | tool, firewall
systems | linux
SHA-256 | df9edbb0f8fc948fb608a2b82464df46b4665703551e9d38dd7c28b5af2a28d7
SIDTk10.zip
Posted Nov 6, 2003
Authored by Floydman | Site securit.iquebec.com

The SIDTk 1.0 is a collection of command-line tools aimed at improving host-based intrusion detection conditions on Windows desktops and servers. This kit includes ADSScan, an alternative data stream scanner, IntegCheck, a Tripwire clone, LogUser, a module to detect invalid user accounts, and various other utilities.

systems | windows
SHA-256 | b116b7179c127664fa546eef973bf5814cf8c34bb55b3f3f55382fb126efbfbc
scponly-3.0.tgz
Posted Sep 10, 2002
Authored by Joe | Site sublimation.org

scponly is an alternative shell for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. Functionally, it is a wrapper around the ssh suite of applications.

Changes: Now supports Solaris and gftp. System() has been dropped, and wildcards are expanded with glob() depending on the availability of this function. autoconf has been expanded.
tags | remote, shell, local
systems | unix
SHA-256 | 46e06b1e5699a6fe6b18b1bc76a7660dd12860dc7d6a50248438aba5ca91f3bd
fmatphun.zip
Posted Aug 26, 2002

No information is available for this file.

tags | bbs
SHA-256 | 423e5e143c9ed9c2faa6f97ffaf9abcba1118e1ee9d05f72f26dfb1478ff9afd
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close