OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
a1f7fd5fc5df214eebe263233bae750596b8aeee4c8a424ed3623269115551b2
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
741358b3f1638ed7d9b2f59b4e344aa46f4966b15958b5434c0ac1580df0c0c1
Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.
6cc96d681acbe2353993f9686bff12b65ff3403d9d2f2e1174221ff43dfd1572
Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.
4675105280cdacd6d7b10a3432235de93f0ad03438e55b1af205dc5e314ff026
Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.
03c60bfa2d8c1046248c0cfa4c939826b7f73b98d517ee74c3b85197ca0a4fa7
OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.
dffcde032a8dd793d393ba02105fd87ad9d62221dd74ab9bedb8f1a24fa594ec
Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.
e287d7bfec7d1627d24b4a33840a84ed3a697aec6183036087562752af19d573
Red Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.
deebcf308d8a3de54dc210fbf3db14f230871afb42a63007af3dafd96c98b77d
Apple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
889d96ec67ade4c0f0e43bbc7a94ed00053f0176caab85fb2c16a5e690fb9736
This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network. This would also mark an introduction to Active directory along with its components. Topics covered include an introduction to Active Directory, Active Directory Structure, Multiple Attack Phases, Domain Persistence Techniques, Golden Ticket Attack, DCSync Attack, Silver Ticket Attack, and DSRM Attack techniques.
44a6dc0147aec02f155b590f92ed64b64954750c17a82f9750df4a42169a6b70
Joplin version 1.2.6 suffers from a cross site scripting vulnerability.
1e5266da70c885257df4581e74084856e3a8b953afbb0e848ea1237c019d8d16
Privacy Drive version 3.17.0 suffers from an unquoted service path vulnerability.
f47b8cbdfbd5b27393ebaa4f942d9eaaf7a93c57369ea668c1ec26d595b43e7f
Deep Instinct Windows Agent version 1.2.24.0 suffers from an unquoted service path vulnerability.
26f3d7111df7d87345bf3c620d2e351edb3de34b7db7bed9f311cd98b4862a59
Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.
675396e3ea7d73dd4643ee38770d0f67dd5481623894231205f4ce450b2ad058
NtFileSins.py is a Windows file enumeration intel gathering tool.
cd7f7668a2bd1ab454e0856174991064837bd101596c5b6b4aca04e244ce7d70
Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.
66af5b77a52767ac11cda7c006ca24caad68688a0868e7348115df74bdcf0a86
A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.
4efe811f974352dcef13923a4c23660cd48238ef8eed2fdf0c41f3fb02116a22
Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
fb4dc85c6b2fc86ad05ff418ad9bb7d6d481312f42277636e0adcb847b752c78
Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.
0ebd104ee5752417b051275761495faa1b31369bba13528d715df3e968c5743d
DiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.
668093fabfc3bd146317eb5f486572bf378ed7a87018e137863aa4098b2a2222
RealTimes Desktop Service version 18.1.4 suffers from an unquoted service path vulnerability.
5df6aee9ebcb86970111fd0401411fb1f208b854a7770fd50c60b23d915e60fa
Etherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.
82e95f87ba18d3a0b893afabe8935525740f4835431b92b56c6e04bbd2ad9309
Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.
c80061d82cef24bc64baedab79d23ad9348f87acde79021ab4ead04124299c64
iDeskService version 3.0.2.1 suffers from an unquoted service path vulnerability.
b53196313ab74e4143c6416cc5279bd15dc25ea2de138f20913db7cdf3093acc
Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
b4ba2b646a2c1090fd8c8b6e0af7db8899f53238e08bc6a937eb264ef6a6a8e2