exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-02-18

RECON 2017 Call For Papers
Posted Feb 18, 2017
Authored by REC0N Montreal 2017 | Site recon.cx

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada, and as of this year, a new edition of the conference was held in Brussels, Belgium. The Call For Papers closes on April 15th, 2017. The conference takes place June 16th through June 18th, 2017.

tags | paper, conference
SHA-256 | 00136e359cd829b3d2f8d00f1d654c973ab2bd3ef89ba00b7ed01aa40edd88be
Suricata IDPE 3.2.1
Posted Feb 18, 2017
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A handful of features and multiple bug fixes have been added.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994
Stegano 0.6.5
Posted Feb 18, 2017
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Added a command to list all available generators for the lsb-set module. Added a test when the data image is coming via byte stream, for the lsb module.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | 54dbf77411bae2ab7a7845f70eec0c02f4f1e64092fd19d3842200ff8027cb60
Lynis Auditing Tool 2.4.2
Posted Feb 18, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Properly detects SSH daemon version. Various other updates and additions.
tags | tool, scanner
systems | unix
SHA-256 | 1a72be1d4fd599bf47b7ce55aa55ac318232350ee45816c1042b3879fb67f0da
FireHOL 3.1.3
Posted Feb 18, 2017
Authored by Costa Tsaousis | Site github.com

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: More strict when detecting address ranges. Bug fixes.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 23cb0f3598f1ceac14ec4bc238cae5e13071f95e313751785ce8cd5533b5c246
QEMU Host Filesystem Arbitrary Access
Posted Feb 18, 2017
Authored by Jann Horn, Google Security Research

QEMU has an issue where virtfs permits a guest to access the entire host filesystem.

tags | advisory
advisories | CVE-2016-9602
SHA-256 | 8afb47007c79b3a9ac847f6e9b076ad790c162d53fdddf920e2a3d557b2daeb1
Adobe Flash MP4 AMF Parsing Overflow
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing.

tags | exploit, overflow
advisories | CVE-2017-2992
SHA-256 | 975f33074a57e3cfc572b9cf9519a6d3855366d379e71d3cc22b0b38ac580121
Adobe Flash SWF Stack Corruption
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a stack corruption vulnerability using a fuzzed SWF file.

tags | exploit
advisories | CVE-2017-2988
SHA-256 | 861f5baa072230b7939cd1b63451ce6753e5bfa28f6b0c8f8760db23344f9efd
Adobe Flash YUVPlane Decoding Heap Overflow
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability during YUVPLane decoding.

tags | exploit, overflow
advisories | CVE-2017-2986
SHA-256 | 2bf4e6c3b7be108e8fdfd8baf1d8546149c39e64a4f46c8b3fe36fb7fd6bca33
Adobe Flash Bitmapfilter Use-After-Free
Posted Feb 18, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free vulnerability in applying bitmapfilter.

tags | exploit
advisories | CVE-2017-2985
SHA-256 | c3983405af4d8f611ecd50aa0083c83ab68a09eb670364bcd670de0a0063bf60
Google Chrome Download Filetype Blacklist Bypass
Posted Feb 18, 2017
Authored by Jann Horn, Google Security Research

Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.

tags | exploit, bypass
SHA-256 | f412918e9a8a97d1bea8165805a9f03c35f0a54bd19258721264d95feb3b814a
Cisco ASA WebVPN CIFS Handling Buffer Overflows
Posted Feb 18, 2017
Authored by Google Security Research, ochang

Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.

tags | advisory, overflow
systems | cisco
advisories | CVE-2017-3807
SHA-256 | 5f13058e5f06f00a4c9e17b0e2cff240e100c10816e9044cab1647b9e216332f
GDI GDI32!ConvertDxArray Insufficient Bounds Check
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.

tags | exploit
SHA-256 | d103fb33865c638c44eb1d2b9664aed2de06df107938c288a09492550c9a4a38
Microsoft Office Powerpoint 2010 MSO/OART Heap Out-Of-Bounds Access
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.

tags | exploit, x86
systems | windows
SHA-256 | 83ef05a42ff7b08997720ddd16937c7105800b18b0a6bf34e392b72b87e72108
AIEngine 1.7.0
Posted Feb 18, 2017
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Improvements on the DNS to return matched CNAMES records. Now allows big packets of pcap files. Fixed some minor bugs on IMAP, POP and SSL. Various other updates and changes.
tags | tool
systems | unix
SHA-256 | ab4fd8a885f0d2bdd42acd115a8c759c0f1b3e4fce8eda849a7ef7fe84916985
Microsoft Office 2010 MSO!Ordinal5429 Heap Corruption
Posted Feb 18, 2017
Authored by Google Security Research, scvitti

Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.

tags | exploit, x86
systems | windows
SHA-256 | 88da86d02c741d0ff8968f5f0017c278198fca482725e6f5dbb4c524808f6d49
Elefant CMS 1.3.12-RC Code Execution
Posted Feb 18, 2017
Authored by Tim Coen | Site curesec.com

Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | 93ab7cd15114ad9062d18ca8df2fcf662b1919081dc6bdb9660574d8243dfb8a
Plone 5.0.5 Cross Site Scripting
Posted Feb 18, 2017
Authored by Tim Coen | Site curesec.com

Plone version 5.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-7147
SHA-256 | f23f365ad7be4890c9801cbb5c09c3060407d0b8d444fc6d52637f10df958c28
Microsoft SQL Server Clr Stored Procedure Payload Execution
Posted Feb 18, 2017
Authored by OJ Reeves, Lee Christensen, Nathan Kirk | Site metasploit.com

This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This method requires the user to have sufficient privileges to install a custom SQL CRL DLL, and invoke the custom stored procedure that comes with it. This exploit does not leave any binaries on disk. Tested on MS SQL Server versions: 2005, 2012, 2016 (all x64).

tags | exploit, arbitrary
SHA-256 | fe2d879dbdd0c10aa7ac5b9f21f78eea25748d38856209e0eae44eec747be7d8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close