Twenty Year Anniversary
Showing 1 - 25 of 1,909 RSS Feed

Spoof Files

Ubuntu Security Notice USN-3801-2
Posted Nov 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3801-2 - USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2018-12398, CVE-2018-12403
MD5 | 811a5ef0a3ce8b51d96d4535e884c045
Ubuntu Security Notice USN-3801-1
Posted Oct 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3801-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, protocol
systems | linux, ubuntu
advisories | CVE-2018-12388, CVE-2018-12395, CVE-2018-12398, CVE-2018-12399, CVE-2018-12403
MD5 | 952c961245ddeace11587b0845c529ab
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
Posted Oct 23, 2018
Authored by Sergey Gordeychik, Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky

The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.

tags | advisory, remote, spoof, vulnerability, sql injection, file inclusion
advisories | CVE-2012-2104, CVE-2016-4793, CVE-2018-17444, CVE-2018-17445, CVE-2018-17446, CVE-2018-17447, CVE-2018-17448
MD5 | b27e1af5d9f4b9be4c08566bac90e203
UFONet 1.1
Posted Sep 26, 2018
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: Various updates. New release called Quantum Hydra.
tags | tool, web, denial of service, spoof
MD5 | 04a0b3439384a0d51cce72ba4a2cae82
Debian Security Advisory 4297-1
Posted Sep 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4297-1 - Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue.

tags | advisory, web, spoof, vulnerability
systems | linux, debian
MD5 | 4f8d322b2d6ea29707a0439ed5b41706
Apple Security Advisory 2018-9-17-4
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2018-4195, CVE-2018-4307, CVE-2018-4329
MD5 | a568d7158566c7148b8c1fa79bd1a522
Red Hat Security Advisory 2018-2331-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2331-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security fix: memcached: UDP server support allows spoofed traffic amplification DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, udp, spoof
systems | linux, redhat
advisories | CVE-2018-1000115
MD5 | 238360ec1fbe236ebadd8dc1d45feff9
FireHOL 3.1.6
Posted Aug 13, 2018
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Multiple fixes added to FireHOL. FireQOS had a status fix and has updated sample service definitions to start after network. Various other components were updated as well.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 4a8ce84950cf1303fa4ad1ff8c5f424a
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site metasploit.com

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
MD5 | 5260d2ef5bb8f8bbc5edbc0ec7cb7c67
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
Posted Jun 8, 2018
Authored by Martin Heiland

OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.

tags | exploit, spoof, vulnerability, xss
advisories | CVE-2017-17062, CVE-2018-5751, CVE-2018-5752, CVE-2018-5753, CVE-2018-5754, CVE-2018-5755, CVE-2018-5756
MD5 | 17c9e0a5fb461f27f24ee61b974f87d2
Ubuntu Security Notice USN-3645-2
Posted May 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3645-2 - USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182
MD5 | d79a2b390689ee5da50dd49ae53da56c
Ubuntu Security Notice USN-3645-1
Posted May 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3645-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182
MD5 | ab18b8ec6d4a0b241a776a0d65c936dd
Apple Security Advisory 2018-04-24-2
Posted Apr 26, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-04-24-2 - Security Update 2018-001 is now available and addresses privilege escalation and UI spoofing issues.

tags | advisory, spoof
systems | apple
advisories | CVE-2018-4187, CVE-2018-4206
MD5 | 1ac6d3de987a7a226943df6e9ae087d8
Ubuntu Security Notice USN-3614-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.

tags | advisory, java, remote, spoof
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | 1eb05c541d1ecdd0ca635e9bf8042111
UFONet 1.0
Posted Mar 16, 2018
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: Fixed search engines. Added 'zombies' auto-search, Added SLOW HTTP requests, Added test offline. Added test whole botnet, Various other updates.
tags | tool, web, denial of service, spoof
systems | unix
MD5 | 5b4d8d6740f22329bfe4a44f07a7f7a9
Ubuntu Security Notice USN-3551-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3551-1 - Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code.

tags | advisory, web, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4096
MD5 | 03155ba7333222d7d3aaa92e3651eaee
Ubuntu Security Notice USN-3529-1
Posted Jan 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3529-1 - It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. Various other issues were also addressed.

tags | advisory, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2018-5013, CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
MD5 | d84c99d87e33bb182108e9d20d529f0f
WebKitGTK+ Memory Corruption / Spoofing / Code Execution
Posted Jan 26, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ versions 2.18.x suffer from various memory corruption, user interface spoofing, and code execution vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
advisories | CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4089, CVE-2018-4096
MD5 | 56c7ac8a62544bdad2da9c56c5aff379
Debian Security Advisory 4096-1
Posted Jan 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4096-1 - Several security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

tags | advisory, web, denial of service, overflow, arbitrary, spoof
systems | linux, debian
advisories | CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
MD5 | 0fb0ce092bc36cd7a01a1481351466ef
Evilgrade - The Update Exploitation Framework 2.0.9
Posted Jan 25, 2018
Authored by Francisco Amato | Site infobyte.com.ar

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

Changes: Adding aheader support and a new SoapUI module.
tags | tool, spoof
systems | unix
MD5 | 9d0ef1ad41141f40f9308b28d932887d
Ubuntu Security Notice USN-3544-1
Posted Jan 25, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3544-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP credentials for another origin, spoof the addressbar contents, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118
MD5 | 3512dddb5483e5d2d278b7c8faf4c5d7
CommuniGatePro 6.2 Missing XIMSS Tag Validation
Posted Jan 6, 2018
Authored by Boumediene Kaddour

CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack.

tags | exploit, spoof, protocol
advisories | CVE-2018-3815
MD5 | 84fb8e61eb31978a4e21f108b7056c8a
Ubuntu Security Notice USN-3477-4
Posted Jan 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-4 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 752ba5a2397fdce5c95ee5e6d29bb7de
Microsoft Windows Hello Face Authentication Bypass
Posted Dec 19, 2017
Authored by Matthias Deeg, Philipp Buchegger

Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.

tags | advisory, spoof
systems | windows
MD5 | 27d01277917e11c6b9cd575274f17600
Ubuntu Security Notice USN-3477-3
Posted Dec 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-3 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 998ce8623ace567ce271665c533d0819
Page 1 of 77
Back12345Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close