Tuesday, December 24th, 2013

Time	Event
11:02a	Analysis Of The Rcrypt Packer http://packetstormsecurity.com/files/124578/rcrypt.pdf This is a paper detailing the rcrypt packer. This packer makes use of timelock puzzles and anti-analysis methods to frustrate AV detection via sandboxes and reverse engineering.
1:33p	Fat Free CRM CSRF / SQL Injection / Known Secret http://packetstormsecurity.com/files/124579/fatfreecrm-xsrfsqldisclose.txt Fat Free CRM suffers from cross site request forgery, known session secret, and remote SQL injection vulnerabilities.
4:37p	Gentoo Linux Security Advisory 201312-15 http://packetstormsecurity.com/files/124572/glsa-201312-15.txt Gentoo Linux Security Advisory 201312-15 - A vulnerability has been found in Tinyproxy, allows remote attackers to cause a Denial of Service condition. Versions less than 1.8.3-r3 are affected.
4:38p	Debian Security Advisory 2827-1 http://packetstormsecurity.com/files/124573/dsa-2827-1.txt Debian Linux Security Advisory 2827-1 - It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.
4:49p	Hook Analyser Malware Tool 3.0 http://packetstormsecurity.com/files/124575/HookAnalyser3.0.zip Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
5:01p	WinAppDbg Python Module 1.5 http://packetstormsecurity.com/files/124576/winappdbg-1.5.zip The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
6:02p	EMC Watch4net Information Disclosure http://packetstormsecurity.com/files/124585/ESA-2013-091.txt EMC Watch4Net stores passwords of devices polled during monitoring in clear text in Watch4Net installation repository. This could allow a malicious user with access to Watch4Net installation repository to view those passwords. EMC Watch4Net versions prior to 6.3 are affected.
7:02p	EMC Replication Manager Unquoted File Path Enumeration http://packetstormsecurity.com/files/124584/ESA-2013-092.txt EMC Replication Manager allows a user to create scripts with unquoted element such as whitespace or other separators. This may allow local malicious users to access resources in a parent path and execute them. EMC Replication Manager versions prior to 5.5 are affected.
8:22p	TOR Virtual Network Tunneling Tool 0.2.4.20 http://packetstormsecurity.com/files/124586/tor-0.2.4.20.tar.gz Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

<< Previous Day

2013/12/24 [Calendar]

Next Day >>