what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2016-10-10

Mobius Forensic Toolkit 0.5.26
Posted Oct 10, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of C++ API changes. Various other improvements.
tags | tool, python, forensics
SHA-256 | 67612cefb5ed1c2a8bd34eb1e694adb0deab7abb0041128461794289f0d55190
Tinc Virtual Private Network Daemon 1.0.29
Posted Oct 10, 2016
Authored by Ivo Timmermans | Site tinc.nl.linux.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: Fixed UDP communication with peers with link-local IPv6 addresses. Ensured compatibility with OpenSSL 1.1.0. Ensured autoreconf can be run without requiring autoconf-archive. Now logs warnings about dropped packets only at debug level 5.
tags | tool, encryption
systems | unix
SHA-256 | 0357017c6ffbbe1b2088c28fa684d2b119afa1086f363c503d06e8f6faa72a78
Mandos Encrypted File System Unattended Reboot Utility 1.7.13
Posted Oct 10, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 78c219afc9761e7d6e777b58078ce6c6238705181ab029912305bcea88940a36
GNU Transport Layer Security Library 3.4.16
Posted Oct 10, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
SHA-256 | d99abb1b320771b58c949bab85e4b654dd1e3e9d92e2572204b7dc479d923927
GNU Transport Layer Security Library 3.3.25
Posted Oct 10, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.

Changes: Various updates.
tags | protocol, library
SHA-256 | 189d6c4e43465d2ec84f2cd66f0ef63657225926f56875e182743cfeef9f1f2e
Powershell Payload Execution
Posted Oct 10, 2016
Authored by Matt Andreko, RageLtMan | Site metasploit.com

This Metasploit module generates a dynamic executable on the session host using .NET templates. Code is pulled from C

tags | exploit
systems | windows
SHA-256 | fcf65c7f029885fe4e910e2efc9d90b8c8921d15f952cc9d31ba4da520bdb1f0
Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
Posted Oct 10, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels built in: 3.8.0-19-generic (13.04 default) 3.11.0-12-generic (13.10 default) 3.11.0-15-generic (13.10) This exploit may take up to 13 minutes to run due to a decrementing (1/sec) pointer which starts at 0xff*3 (765 seconds)

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2014-0038
SHA-256 | 82b7ac9274ee1da7aa1283d1f828bf5efb5666ae8d5432aec64d8da96a714f43
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
Posted Oct 10, 2016
Authored by h00die, KotCzarny | Site metasploit.com

This Metasploit module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices.

tags | exploit
SHA-256 | d99d8e8e47f339eb8ec87c59d4b0730de722cf4968e5c5a3fa8af0475db0a59f
Wireless Keyboard Set LX901 GK900 Replay Attack
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.

tags | advisory
SHA-256 | 76381a4aa95212b548a5c57eb1416134f9c09f4ceba809253b945b2d5b315328
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
SHA-256 | a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0
Android Qualcomm GPS/GNSS Man-In-The-Middle
Posted Oct 10, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.

tags | exploit, java, denial of service
advisories | CVE-2016-5348
SHA-256 | a65dfddf168a89391ed0b8297e76ae23566fa1e4d61a4e69446fbad5e0a2b52b
ZendStudio IDE 13.5.1 Privilege Escalation
Posted Oct 10, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ZendStudio IDE version 13.5.1 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | fafbbf3fdd67b857d38dd8efa20e622d1318a63f99c352e626e6995d62e99cbc
Gentoo Linux Security Advisory 201610-04
Posted Oct 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-4 - Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator. Versions less than 1.7.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3591, CVE-2015-0837, CVE-2015-7511, CVE-2016-6313
SHA-256 | 5619b69bf4075be672b52dd153d8f9e314becc2be95833013f21e6768d5f5bc7
Gentoo Linux Security Advisory 201610-03
Posted Oct 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-3 - A buffer overflow in Quagga might allow remote attackers to execute arbitrary code. Versions less than 1.0.20160315 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-2342
SHA-256 | 42e42d41c013e5a025c505dd15304b92240815879c19976a220905225322df10
Red Hat Security Advisory 2016-2043-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2043-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | 337e96ae15f85191c81c98803d157b836300d3fab4219623a3c2804bbcc57696
Red Hat Security Advisory 2016-2041-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2041-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | ffb5140b97ea40e772d1a6a56fbe55a14ba8af0787beef39d089acd27865f5dc
Red Hat Security Advisory 2016-2039-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2039-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | b4575b33a349292ed0dd60e88eb61906c997d4dd6191a15bc1005cc162073d50
Red Hat Security Advisory 2016-2040-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2040-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | dca66e9ae7d686a5e6a3897352c5575c883dc1c90e3f6720e1f44b78850a62e0
Red Hat Security Advisory 2016-2042-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2042-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | 61e08d297ba261d5ec6dbcfd00170c68ac9f66f3dcac221215d8ac187275a295
Red Hat Security Advisory 2016-2038-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2038-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
SHA-256 | 2fdd41bbb3f7aeb60de4d420e4b45cf3a8ff673149e2d9a14d7185b59585dbc3
HP Client Automation 7.9 Command Injection
Posted Oct 10, 2016
Authored by slidingwindow0xff

HP Client Automation remote command injection exploit that adds backdoor accounts and provides a reverse shell. Author tested on version 7.9 but believes it should also work on 8.1, 9.0, and 9.1.

tags | exploit, remote, shell
advisories | CVE-2015-1497
SHA-256 | 21071151f479044290767d7497c10787d8aae743a7b1d0070b60601cbca11962
Apache Tomcat 8 / 7 / 6 Privilege Escalation
Posted Oct 10, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros.

tags | exploit
systems | linux, redhat
advisories | CVE-2016-5425
SHA-256 | 12ec6d054904816f7a7adc452b470c239ac9e45d1cbea47b206cc70413667d52
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close