fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
92311a25dae68122806d37929790c2408098f3c43731bd5ab23095b364530af8netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
80436a306947e6c541d573c897cf64e1f223b867f571fabe74cea2ab512aa13cBarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities.
0a2ef5f75a8530b4c12f4d929e7c3fa5ef16f61b8b0b3a34dbfee192690742b5Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.
d753af8cf08ba2c2ef2788acb38ccb3268e20b5f6097e41ffbf640ac694b1f2fHP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
cdda7e39e3bfafc44217b4c9a7e029567a6a2d95a43e7ccac56a7c342920cd16This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.
d04d9dc9ed267c9142d78a1a35f38d8397df4345faa4d26a2221dd442c5ad695This whitepaper provides an overview of the tools used in order to analyze malware on Android.
768a61b28e90178964b682b152e60eca11af1e5d5bb90aff633a7c86d60fa152Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.
74a3d9484d7c2708d5444ae78215745101425b380c8a4b50a833eee46fd07a68Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
cac7cbb67ced17c78361165cc7c3b566fff48bd23c5d90687e88e4ae5a84c369Ubuntu Security Notice 2184-1 - Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.
971d9a9d0418fd595042de940e87cc3d2fa03401f9970f243a361ef29a225daeThis Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.
2547432fd02f1ba4aff29ae93a0c14c41a56c95f4cec7e25e1165d0846aa03ecNULL NUKE CMS version 2.2 suffers from cross site request forgery, cross site scripting, arbitrary file deletion, remote command execution, arbitrary file access, directory traversal, open redirection, and remote shell upload vulnerabilities.
885c0aa9f9866fb98106773eb936825f19e7e0540b5ae94b279a5b78a8858214Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.
4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55bOnapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.
256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.
f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bbOnapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.
b7c303f7bf2fdf075bdc1e6b7520a92fcb05d90222559301ac050e06fa65efc3Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.
59f5fd063cd638475b56911c3f860c68eb3d9222d3f786d79c7538b9fdef6595Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.
90de0d5d1901866aea6b25380c9b7653ebb6058d87fd37e433c3292b6ef4f1de
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed