aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
96092a8af7af27cdc1923cd5167dfca4a17e9f5fd866973b7b6eb6d3b479e13bBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
e7159b127e91e0c158245d61c638c50d443ec7b440b6b0161328c47b3aba3960Billion ADSL Router 400G 20151105641 suffers from a cross site scripting vulnerability.
415c685c617ce523b01cf4d0c2437a1dc1cb5b9fafbc69916fe6af6299b6cdffFlippa Marketplace Clone version 1.0 suffers from a remote SQL injection vulnerability.
4743df958f53549f0e6c211f5a61809ea6bd945d75b74d048ba3048c502a3d57Binary MLM Software version 1.0 suffers from a remote SQL injection vulnerability.
9bf8aeb8aa0e6a5f74cf53040725bd5de169a295f71851dafd60a7a5ec55df55Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.
d567cb9240070d11d34b1d4231bc49b0f5c2eba220cc2055f4fde3c19f230e68Education Website version 1.0 suffers from a remote SQL injection vulnerability.
8087ab6f403857da16b8b445818f96a6d988a7f2d4fbbd0214656664dcf877c9Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.
c06063c181b8a275f74850aa6ffe245560b0313d57663160b702f6f98773d7a8H2 Database version 1.4.196 suffers from a remote code execution vulnerability.
19f88acd5386a684f32bd72ab5812fbec9a7738e9175f9dc0f9eb88aae5b4cc6The Debian/Ubuntu AppArmor policy for evince in bypassable.
ff472c98cc21174fede936caa3bc63c6a799eee6f6a780c628bab6a7a80777c1Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
507e3c9cc2d0a60cb3923378de3e647c3ee8b937f4097ddf9a6615c71a46daf9A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
964ae3397201993a0875edfc0ea849d24a6d6bd09383d580016c683c5209f357It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
8258dbf9be109afe0d7a02ca62f333c5c39f3e9e6c52f1ae3f17a46f22ef8ecaIt was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.
d22755c11b4351cbedb8fccbfeb8f10b0a0fd56433daae7099f4a1f97ebe9bcbIt was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.
247ebbfbc6e429e14f49ffdb9bfdcf441bfb4a187e2d9cb26ed36d4cf65e0153MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.
3cd8065dd48d7d82f5cade11787b7892f6cea9251b6c9ac1fc349fe44dde5884Red Hat Security Advisory 2018-2837-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.
e74d8bcfcf3d83f4cc64ded54ba5974e939d23143f7027db028a2743cd8a4a42Red Hat Security Advisory 2018-2838-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.
5d35c1f60c00c2122f1c90ea1e69630df4282cd9ddf9464efeec1a8ea5321850Ubuntu Security Notice 3769-2 - USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled the deny-answer- aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
b94b39b1ba3ac79b894e05fd7aef267282860e81872dcb797c73cd8072c4af1cUbuntu Security Notice 3773-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
fe56b00a1b6eeb61fda7a2a751ea2567d18ae9a34d5f541116f103936b0481e3WUZHICMS version 2.0 suffers from a cross site scripting vulnerability.
8585ecedfca49c937d1f1d111a80fb580399dd1606d4c5e59662886f307d2809In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
5cb7c607b86aefe50fa6e7e6d7039efb7db6f355ea24a548b2a16addbe6abb47WebKitGTK+ and WPE WebKit suffers from code execution and assertion vulnerabilities.
074495996da503e304d7d485682ef3659399f18a284e682b03e480a897dd6754This archive contains all of the 213 exploits added to Packet Storm in September, 2018.
73c43d07576417ec5029b5ea5e41d61746c6b6b46ea3292b68f0012f15a5a28bZahir Enterprise Plus 6 build 10b suffers from a buffer overflow vulnerability.
6cd7f06f5f8babde60b5020ba2bff8010c6891ee9e61e0a2cdee4f0f7f78d0b1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed