Setuid Nmap Exploit

Nmap's man page mentions that "Nmap should never be installed with special privileges e.g. suid root for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This module abuse...

Snack Attack: Analyzing Flame's Replication Pattern

The Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modul...

Wireshark Code Execution and Denial of Service Vulnerabilities (Mac OS X)

This host is installed with Wireshark and is prone to code execution and denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkcodeexecndosvulnmacosx.nasl 5988 2017-04-20 09:02:29Z teissa $ Wireshark Code Execution and Denial of Service Vulnerabilities Mac OS X Authors:...

Wireshark Code Execution and Denial of Service Vulnerabilities - Mac OS X

Wireshark is prone to code execution and denial of service vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

Sandcat Browser - Penetration Testing Oriented Browser

Penetration Testing Oriented Browser - Sandcat Browser The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team,...

Fedora 15 : glibc-2.14.1-5 (2012-0018)

Revert change from -6 which filtered out GLIBCPRIVATE symbols. Not appropriate for an update release. Check values from TZ file header 767696 Convert tzdata-update to lua 743034 Mark clone as .cantunwind 749556 Update to 2.24.1 release Correctly reparse group line after enlarging the buffer 73936...

SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281)

This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. CVE-2011-3266 - Wireshark Lua script execution vulnerability. CVE-2011-3360 - Wireshark buffer exception handling vulnerability. CVE-2011-3483 - Lucent/Ascend file parser susceptible to infinit...

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

Wireshark 1.6 console.lua Pre-Load / Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Wireshark...

Wireshark console.lua Pre-Loading Script Execution

This module exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8 This...

Wireshark console.lua pre-loading vulnerability

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Debian DSA-2324-1 : wireshark - programming error

The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 2324-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2324-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 20, 2011 http://www.debian.org/security/faq -...

Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows)

This host is installed with Wireshark and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbwiresharkluascriptcodeexecvulnwin.nasl 7052 2017-09-04 11:50:51Z teissa $ Wireshark Lua Script File Arbitrary Code Execution Vulnerability Windows Authors: Sooraj KS Copyright:...

Wireshark Lua Script File Arbitrary Code Execution Vulnerability - Windows

Wireshark is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark";...

CVE-2011-3360

Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory...