what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-04-29

Fwknop Port Knocking Utility 2.6.2
Posted Apr 29, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: A double free bug in the libfko SPA parser discovered with a new Python SPA payload fuzzer was fixed.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 92311a25dae68122806d37929790c2408098f3c43731bd5ab23095b364530af8
Netsniff-NG High Performance Sniffer 0.5.8
Posted Apr 29, 2014
Authored by Tobias Klauser, Daniel Borkmann | Site code.google.com

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: Work has been done in almost all corners of the toolkit, with newly added tools, many new features, performance improvements, bugfixes and cleanups all over the place. The manpages for all tools have been rewritten and the build system was reimplemented from scratch.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
SHA-256 | 80436a306947e6c541d573c897cf64e1f223b867f571fabe74cea2ab512aa13c
BarracudaDrive 6.7.1 Cross Site Scripting
Posted Apr 29, 2014
Authored by Shakeel Bhat | Site secpod.com

BarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0a2ef5f75a8530b4c12f4d929e7c3fa5ef16f61b8b0b3a34dbfee192690742b5
Struts 1 ClassLoader Manipulation
Posted Apr 29, 2014
Authored by Rene Gielen | Site struts.apache.org

Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.

tags | advisory
advisories | CVE-2014-0114
SHA-256 | d753af8cf08ba2c2ef2788acb38ccb3268e20b5f6097e41ffbf640ac694b1f2f
HP Security Bulletin HPSBMU03020 2
Posted Apr 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
SHA-256 | cdda7e39e3bfafc44217b4c9a7e029567a6a2d95a43e7ccac56a7c342920cd16
WAF Bypass Methods
Posted Apr 29, 2014
Authored by Deniz Cevik

This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.

tags | paper, web, bypass
SHA-256 | d04d9dc9ed267c9142d78a1a35f38d8397df4345faa4d26a2221dd442c5ad695
Introduction To Android Malware Analysis
Posted Apr 29, 2014
Authored by Ugur Cihan KOC

This whitepaper provides an overview of the tools used in order to analyze malware on Android.

tags | paper
SHA-256 | 768a61b28e90178964b682b152e60eca11af1e5d5bb90aff633a7c86d60fa152
Lavarel-Security XSS Filter Bypass
Posted Apr 29, 2014
Authored by Rafay Baloch

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | 74a3d9484d7c2708d5444ae78215745101425b380c8a4b50a833eee46fd07a68
Ubuntu Security Notice USN-2185-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
SHA-256 | cac7cbb67ced17c78361165cc7c3b566fff48bd23c5d90687e88e4ae5a84c369
Ubuntu Security Notice USN-2184-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2184-1 - Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 971d9a9d0418fd595042de940e87cc3d2fa03401f9970f243a361ef29a225dae
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows
advisories | CVE-2013-5331
SHA-256 | 2547432fd02f1ba4aff29ae93a0c14c41a56c95f4cec7e25e1165d0846aa03ec
NULL NUKE CMS 2.2 CSRF / XSS / SQL Injection / Shell Upload
Posted Apr 29, 2014
Authored by LiquidWorm | Site zeroscience.mk

NULL NUKE CMS version 2.2 suffers from cross site request forgery, cross site scripting, arbitrary file deletion, remote command execution, arbitrary file access, directory traversal, open redirection, and remote shell upload vulnerabilities.

tags | exploit, remote, arbitrary, shell, vulnerability, xss, csrf
SHA-256 | 885c0aa9f9866fb98106773eb936825f19e7e0540b5ae94b279a5b78a8858214
SAP BusinessObjects InfoView Cross Site Scripting
Posted Apr 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55b
SAP BASIS Missing Authorization Check
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.

tags | advisory
SHA-256 | 256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46
SAP NW Portal WD Information Disclosure
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.

tags | advisory, java
SHA-256 | f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bb
SAP Profile Maintenance Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.

tags | advisory
SHA-256 | b7c303f7bf2fdf075bdc1e6b7520a92fcb05d90222559301ac050e06fa65efc3
SAP Background Processing RFC Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.

tags | advisory, remote
SHA-256 | 59f5fd063cd638475b56911c3f860c68eb3d9222d3f786d79c7538b9fdef6595
Red Hat Security Advisory 2014-0442-01
Posted Apr 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
SHA-256 | 90de0d5d1901866aea6b25380c9b7653ebb6058d87fd37e433c3292b6ef4f1de
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close