The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
0677e985bb4af607dbc77a865532d38f4f3397f6ed5a8d0e1bbd3b8f4cce24a8Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.
9131c295c6f0a87ffeed5ec24203a47294ef439eb9e76d9c596efa1d5fafc764Remote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.
922ee5b10d55ca104fdafbfbabd2f4263e941bd47bdcae7794773725a1ceb3d4Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.
27b0e6e0ca5abeb66f30b28d40b4ac9eb51c5bb7ed4b48985aba9a1fe1586857WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.
4f6ec1ff49f824524c93da0857f1b6f61521cb94809158b755faa6e7a4516efaThis is a brief write-up on how magic values in 32-bit processes on 64-bit OSes work and how to exploit them.
0e22f4f695fe5a82d5a78008e35426ae71abb83926c813e23d3e43569e903c82This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.
c7b50b153ec04efb07018decce1a122711b94da1e8f8210a118da4147778adcfThis Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.
bb14eded63b20bf9f13fdec65b93642599468f8b8d60278a25b93898e6f4fc4bWindows x86 ShellExecuteA(NULL,NULL,"cmd.exe",NULL,NULL,1) shellcode.
7ae62e8f83f505044c299cb151a3efacef3a2f3efe98fb6a631523cae4f8b4dfAutomater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
8063423c9b7219a9188c72b0ab2e7f522795882d4ac17a4cccf2bb72db3836efFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
c54ba1825e52da6ac47386229db2cfbe0234894a9cd44a6024f6e1c1a7eefa5cPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
4f8140a99dec13b47cb82af0807ea715ca9a1a4f596bfa28579dc20e44941558The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
533428eb9f9a45bcd8526e89014102946eac74e8cf0fa05c337de290cbbbd070The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.
bb3db47d4fcab7f0f9eca2bde8886165421542cd01cf50081af2e14438a6d1d2Internet Communication Manager (ICMAN/ICM) in SAP JAVA AS version 7.4 allows remote attackers to cause a denial of service (possible heap corruption IctParseCookies()) via a crafted HTTP request.
44848e8f5d0007ffcced7de64df26b2bc621da243fd08b9ed7a2f134d4043612This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.
526875de4b2f6bc5ec72d1ffc0e835dfcf46ebb40dc25640bde82c28768474fdSSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.
b65f0bcd7a1b909d9cb74e42f7e28b4350fbff790f58e10c2ce3ecbc6b8ec091YetiForce CRM versions prior to 3.1 suffer from a persistent cross site scripting vulnerability.
88f77d119109097e0ff59b4bccf90941faf7911f4ad4ee8ca7d4130767c35bd8Radiant CMS version 1.1.3 suffers from multiple persistent cross site scripting vulnerabilities.
632cfe489664d2879a2526e59d8fd6d08acf732b32e77e62489c5b96fc4c47eaYona CMS version 1.3.x suffers from a cross site request forgery vulnerability.
92dec5774d0ae52f5f489ce2f3acbdb2637cdc8adacd50647918faeca2f19ad6Joomla Publisher component version 3.0.11 suffers from a remote SQL injection vulnerability.
e207bc23de7b81fa6d7bba62a85fb3af31af242aff646877284899d4eda58b47Ionize CMS versions 1.0.8 and below suffer from a cross site request forgery vulnerability.
04a53f78bc0110447c0d663c58372767475534ed26cdb901e7124c35bc4516c4SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.
3227c8ee7e5ffae4107c3102e05d6c483cc347aa6c21ed54de26dc0f839fee13SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer form an information disclosure vulnerability in WD_CHAT.
c86a0c971a9ddf7d0a42320c53175f15d4860f92751a45e80a3910f467711ef4Ubuntu Security Notice 3014-1 - Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. Various other issues were also addressed.
6e05cdcaf2aa1cf993c525ec3863c9f2831bf4e664648184e4bee5b17da517e3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed