exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

McAfee Virusscan Command Line 6.0 Symlink Attack
Posted Jan 7, 2011
Authored by Technion

McAfee Virusscan Command Line version 6.0 suffers from a symlink attack vulnerability.

tags | advisory
SHA-256 | 2982d0bd574a2e9f74f1a3b7856c4cfdfb8451c7b3e920ec3829b6dbace0a944

Related Files

Secunia Security Advisory 50232
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in EMC Lifeline, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 5da7f9a81fe7255ecce8519f8d252071fd8be51983df7f74245222c8b3ab7027
Iomega StorCenter/EMC Lifeline Remote Access
Posted Aug 9, 2012
Site emc.com

A vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.

tags | advisory, remote
advisories | CVE-2012-2283
SHA-256 | 1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
SHA-256 | b06a8a97e093f62b1f9d8ff1ae71702688d1cb47e94160036dd253ab69142e43
YourOnlineAgents CMS Cross Site Scripting
Posted Aug 7, 2012
Authored by Crim3R

YourOnlineAgents CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 08c47bd484b067291df87dd30298341a33104a747b55afc101b3888cdada0f17
ISMA Online Translator 1.2 / ISMA Agnet 1.1 Cross Site Scripting
Posted Aug 6, 2012
Authored by Avatar Fearless

ISMA Online Translator version 1.2 and ISMA Agnet version 1.1 suffers from cross site scripting and html injection vulnerabilities. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ suffers from cross site scripting, and html injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 411f5617606b2ca82327c9da33b7ff101c4d6c3fedc64438adc9cbc62ef01b87
Conntrack Tools 1.2.2
Posted Aug 1, 2012
Authored by Pablo Neira Ayuso | Site conntrack-tools.netfilter.org

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

Changes: Selective flushing for the "-t" and "-F" command options has been implemented. The commit operation is now synchronous.
tags | tool
systems | linux
SHA-256 | e1da5f4c46094c252df5a167b28ecf2085dd73d1258316021d80612e5c9e332b
Mandriva Linux Security Advisory 2012-111
Posted Jul 25, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.

tags | advisory, spoof, protocol
systems | linux, mandriva
advisories | CVE-2012-1177
SHA-256 | 0e6890a08ae22ca1f467f5d5fce0ae80f27743e936d792f852966aa408755bd7
Setuid Nmap Exploit
Posted Jul 19, 2012
Authored by egypt | Site metasploit.com

Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.

tags | exploit, root, perl, ruby
systems | unix
SHA-256 | 36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57ea
Mandriva Linux Security Advisory 2012-105
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-105 - Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. This update provides pidgin 2.10.6, which is not vulnerable to this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3374
SHA-256 | 7c185305688a5cfa89d9db251c3b24316e457ced47fbef3f5bb81d3426a8a0ee
Having Fun With VirusScan Enterprise
Posted Jul 12, 2012
Authored by Mert SARICA | Site mertsarica.com

VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.

tags | paper, spoof, virus
SHA-256 | 2245ea07c6a13e3cfa317e75e1bd13e79210f3bafacb32336208b8c41a1e3a8f
Plow 0.0.5 Buffer Overflow
Posted Jul 4, 2012
Authored by Jean Pascal Pereira

Plow command line playlist generator version 0.0.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 1b0190493c6d4750f65fb5bf9746711aff97801af066f351fcc086f07d490965
Netsniff-NG High Performance Sniffer 0.5.7
Posted Jun 30, 2012
Authored by Netsniff-NG Workgroup | Site netsniff-ng.org

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: This is a major release with lots of bug fixes and new features. Highlights include new dissectors for ICMPv6, IGMP, VLAN Q-in-Q, and MPLS, raw 802.11 support for capturing and replaying, and much more.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
SHA-256 | ab4e1ef6aadb00b998349aff66e4e1cec53910113344c53ac8eb947fd46b5e89
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
SHA-256 | 2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0
Red Hat Security Advisory 2012-1041-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2678, CVE-2012-2746
SHA-256 | 02001d1e71ee84e1ac827dd563294cf7f71f0d1e542e4d2379a601515d3d2c88
Zero Day Initiative Advisory 12-098
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, arbitrary, activex
SHA-256 | a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
Red Hat Security Advisory 2012-0997-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0997-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2678, CVE-2012-2746
SHA-256 | d8fcd715d68abc63df0d8bfd8b39169de1feaa4b944697d2033befadfa07578f
Red Hat Security Advisory 2012-0813-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0813-04 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-0833
SHA-256 | 129a838e37c542da05a23067eaf70559fd31bab9c8b1fd61e86531f3baa4cc2c
Red Hat Security Advisory 2012-0796-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0796-04 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-4623
SHA-256 | 2155d79e28e8e74a243b1f67069744419bc5811e098622feae8c4b6cb4ec4962
Clam AntiVirus Toolkit 0.97.5
Posted Jun 16, 2012
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This release addresses possible evasion cases in some archive formats. It also addresses stability issues in portions of the bytecode engine. This release is recommended for all users.
tags | tool, virus
systems | unix
advisories | CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
SHA-256 | db6c5e1a5ec8ca0b8006cf82661d3158d3365ba1b4bc14c03c5d0bca89a93c0d
DeXSS 1.2
Posted Jun 12, 2012
Site dexss.org

DeXSS provides a SAX2 Parser to help protect against cross site scripting (XSS) attacks. DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML. You can use the DeXSS parser in place of your existing SAX2 parser, or you can use the DeXSS utility to provide a string-to-string conversion.

Changes: This release adds a CSS sanitizer, uses the OSBCP CSS Parser, canonizes CSS in @style, and attempts to remove javascript: and expression(). Inline <style> CSS is still elided.
tags | tool, web, javascript, xss
SHA-256 | 6b2ac847ccc68a5a4b369c54df3b011afeef4702562ef4d6304a3355e16ed115
Tenshi Log Monitoring Program 0.14
Posted Jun 3, 2012
Authored by Andrea Barisani | Site dev.inversepath.com

Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: Cleaned up tail invocation code. Fixed repeat handling. Gentoo init script update.
tags | tool, system logging
systems | unix
SHA-256 | 73ff5dfb078e0744709d0ead26276a1c88af8a9f0515e786a60c84bd9cd9cfc7
OpenSSL 1.0.1 Buffer Overflow
Posted Jun 1, 2012
Authored by David M. Anthony, Vincent J. Buccigrossi III

OpenSSL version 1.0.1 suffers from a local buffer overflow vulnerability in the command line utility.

tags | advisory, overflow, local
SHA-256 | a5fcc3832f2520c9e1f546ab32a9b27fdfd7926a5b3de285d09980efe0d00fff
Conntrack Tools 1.2.0
Posted May 27, 2012
Authored by Pablo Neira Ayuso | Site conntrack-tools.netfilter.org

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

Changes: This release supports NAT expectations, synchronization of the expectation class, helper names, and expect functions. Filtering by mark is now allowed. Example configurations for Q.931 and H.245 have been added.
systems | linux
SHA-256 | 7332b6fda82460bb4f07e93ce67e676b81a955d5738f3b67ca2f1063ddd4dc67
Red Hat Security Advisory 2012-0677-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0868
SHA-256 | 99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733a
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
SHA-256 | a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close