OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
a1f7fd5fc5df214eebe263233bae750596b8aeee4c8a424ed3623269115551b2Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
741358b3f1638ed7d9b2f59b4e344aa46f4966b15958b5434c0ac1580df0c0c1Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.
6cc96d681acbe2353993f9686bff12b65ff3403d9d2f2e1174221ff43dfd1572Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.
4675105280cdacd6d7b10a3432235de93f0ad03438e55b1af205dc5e314ff026Red Hat Security Advisory 2020-4379-01 - This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an XML injection vulnerability.
03c60bfa2d8c1046248c0cfa4c939826b7f73b98d517ee74c3b85197ca0a4fa7OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.
dffcde032a8dd793d393ba02105fd87ad9d62221dd74ab9bedb8f1a24fa594ecUbuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.
e287d7bfec7d1627d24b4a33840a84ed3a697aec6183036087562752af19d573Red Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.
deebcf308d8a3de54dc210fbf3db14f230871afb42a63007af3dafd96c98b77dApple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
889d96ec67ade4c0f0e43bbc7a94ed00053f0176caab85fb2c16a5e690fb9736This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network. This would also mark an introduction to Active directory along with its components. Topics covered include an introduction to Active Directory, Active Directory Structure, Multiple Attack Phases, Domain Persistence Techniques, Golden Ticket Attack, DCSync Attack, Silver Ticket Attack, and DSRM Attack techniques.
44a6dc0147aec02f155b590f92ed64b64954750c17a82f9750df4a42169a6b70Joplin version 1.2.6 suffers from a cross site scripting vulnerability.
1e5266da70c885257df4581e74084856e3a8b953afbb0e848ea1237c019d8d16Privacy Drive version 3.17.0 suffers from an unquoted service path vulnerability.
f47b8cbdfbd5b27393ebaa4f942d9eaaf7a93c57369ea668c1ec26d595b43e7fDeep Instinct Windows Agent version 1.2.24.0 suffers from an unquoted service path vulnerability.
26f3d7111df7d87345bf3c620d2e351edb3de34b7db7bed9f311cd98b4862a59Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.
675396e3ea7d73dd4643ee38770d0f67dd5481623894231205f4ce450b2ad058NtFileSins.py is a Windows file enumeration intel gathering tool.
cd7f7668a2bd1ab454e0856174991064837bd101596c5b6b4aca04e244ce7d70Ubuntu Security Notice 4622-1 - It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.
66af5b77a52767ac11cda7c006ca24caad68688a0868e7348115df74bdcf0a86A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.
4efe811f974352dcef13923a4c23660cd48238ef8eed2fdf0c41f3fb02116a22Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
fb4dc85c6b2fc86ad05ff418ad9bb7d6d481312f42277636e0adcb847b752c78Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.
0ebd104ee5752417b051275761495faa1b31369bba13528d715df3e968c5743dDiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.
668093fabfc3bd146317eb5f486572bf378ed7a87018e137863aa4098b2a2222RealTimes Desktop Service version 18.1.4 suffers from an unquoted service path vulnerability.
5df6aee9ebcb86970111fd0401411fb1f208b854a7770fd50c60b23d915e60faEtherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.
82e95f87ba18d3a0b893afabe8935525740f4835431b92b56c6e04bbd2ad9309Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.
c80061d82cef24bc64baedab79d23ad9348f87acde79021ab4ead04124299c64iDeskService version 3.0.2.1 suffers from an unquoted service path vulnerability.
b53196313ab74e4143c6416cc5279bd15dc25ea2de138f20913db7cdf3093accApple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
b4ba2b646a2c1090fd8c8b6e0af7db8899f53238e08bc6a937eb264ef6a6a8e2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed