the original cloud security
Showing 26 - 50 of 1,880 RSS Feed

Spoof Files

FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
Posted Apr 12, 2017
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service.

tags | advisory, remote, denial of service, spoof
systems | freebsd, bsd
advisories | CVE-2016-9042, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
MD5 | c169a99d362c1ddf8d4e9d7e28573bae
Ubuntu Security Notice USN-3216-2
Posted Mar 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3216-2 - USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427
MD5 | f2ea3e9e2adacc4804c46ca42d86a0bc
Ubuntu Security Notice USN-3236-1
Posted Mar 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3236-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033, CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046
MD5 | 2d12005fa61a17afc2f37976a14bf296
Ubuntu Security Notice USN-3216-1
Posted Mar 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3216-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2016-5412, CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427
MD5 | 88b5fbe4cb2c03de199e079e1bf8f1e8
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
MD5 | c403c0d00272c2fb94d0906435878b17
FireHOL 3.1.3
Posted Feb 18, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: More strict when detecting address ranges. Bug fixes.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 4625f41fc615fd0243b7060535852e2c
FireHOL 3.1.2
Posted Feb 8, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Included user policies in chains before handling orphans. Saved firewall contents made reproducible by always zeroing counters and removing the dates from comments. Various other updates.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | f6d1f099872da8b6af258b67e4e51189
Ubuntu Security Notice USN-3180-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3180-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5014, CVE-2017-5017, CVE-2017-5019, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
MD5 | 060b6cc148a661d4b0067b78d465e12a
Hacking Printers Advisory 2
Posted Jan 31, 2017
Authored by Jens Mueller

This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages. The attack can be performed by anyone who can print, for example through USB or network. It can even be carried out by a malicious website, using advanced cross site printing techniques in combination with a novel technique we call CORS spoofing.

tags | exploit, spoof
MD5 | 4cd24c1f328a44025060bf70ef6e1c9c
Apple Security Advisory 2017-01-23-5
Posted Jan 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-01-23-5 - Safari 10.0.3 is now available and addresses spoofing, data exfiltration, and various other security vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2359, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2373
MD5 | 58964cb15d232b6dae7d125e1ec15f40
FireHOL 3.1.1
Posted Jan 10, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: VNetBuild dropped ksh support. Added urandom.us.to list. Added dataplane.org SIP Invitation and SIP Registration feeds. Various other updates.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 353093b52df5bc1c5432816293400373
Brave Browser Address Bar Spoofing
Posted Jan 9, 2017
Authored by Aaditya Purani

Brave Browser suffers from an address bar spoofing vulnerability. iOS version 1.2.16 (16.09.30.10) and Android version 1.9.56 is affected.

tags | exploit, spoof
systems | ios
MD5 | a01dac0f548efdf97547cbc27c308d2d
Ubuntu Security Notice USN-3153-1
Posted Dec 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3153-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5213, CVE-2016-5215, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652
MD5 | abd7d32abfb030935a9b69bacdd4ee2c
FireHOL 3.1.0
Posted Nov 29, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Rework installation to make full use of autoconf results in all programs. Option to disable wizard added. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 57beb36c4bd81f20966928a4fb627d11
Evilgrade - The Update Exploitation Framework 2.0.8
Posted Nov 29, 2016
Authored by Francisco Amato | Site infobyte.com.ar

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

Changes: ASUS OEM LiveUpdate module added. OpenBazaar module added. Various updates and bug fixes.
tags | tool, spoof
systems | unix
MD5 | 49882afcf281d2336135649f9f846930
HP Security Bulletin HPSBHF03673 1
Posted Nov 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, spoof, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
MD5 | 274750d1408fd79a1bcf6394e3ad6046
FireHOL 3.0.2
Posted Nov 23, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fixed transparent_proxy IPV6 output. Added manual page for cthelper. Added connlimit to blacklist and iptrap. Added stateful option to blacklist. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 1f24ed2af728ba73cdf9e51337f2d43b
Red Hat Security Advisory 2016-2603-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2603-02 - Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. Security Fix: A traffic amplification flaw was found in the Internet Key Exchange version 1 protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server.

tags | advisory, remote, denial of service, udp, spoof, protocol
systems | linux, redhat
advisories | CVE-2016-5361
MD5 | 68ce71a26bfde2d8d8b7ff810427fb1e
LDAP Amplication Denial Of Service
Posted Nov 4, 2016
Authored by ShadowHatesYou

This proof of concept is an LDAP Distributed Reflective Denial of Service/Bandwidth Amplification Attack, similar to DNS and NTP amplification attacks where the target of the DoS is spoofed as the source IP in a request to the reflectors(In this case, LDAP servers). The reflectors then respond to the spoofed target IP with a bigger answer than the original question, resulting in the target experiencing what appears to be a distributed denial of service attack, even though there may only be one true source. suffers from a denial of service vulnerability.

tags | exploit, denial of service, spoof, proof of concept
MD5 | 3c0c963c42fa117bd2ae19bab9220098
Ubuntu Security Notice USN-3113-1
Posted Nov 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3113-1 - It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-1586, CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5192, CVE-2016-5194
MD5 | 87537c10b8d7489a0b8a1bdd430d4dfb
UFONet 0.8
Posted Oct 23, 2016
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: Various updates.
tags | tool, web, denial of service, spoof
systems | unix
MD5 | 43c282660fde63a0c287e2c3a3260f76
Targus Multimedia Presentation Remote AMP09-EU Mouse Spoofing
Posted Oct 12, 2016
Authored by Matthias Deeg

Targus Multimedia Presentation Remote model AMP09-EU suffers from insufficient verification of data authenticity and mouse spoofing attack vulnerabilities.

tags | advisory, remote, spoof, vulnerability
MD5 | 6ddd04dc3e625005fec6be102a675258
Perixx PERIDUO-710W KG-1027 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 786794983fa22e6d262be85e6012d757
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 6c60fa01fe36c0ed55e8b489eff1ab20
Logitech M520 Y-R0012 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 24cbc381780c56dd465a278120f568d4
Page 2 of 76
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close