Dragana Damjanovic discovered that an authenticated client could crash
an OpenVPN server by sending a control packet containing less than
four bytes as payload.
Monthly Archives: November 2014
Vuln: Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability
Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability
Vuln: Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
Vuln: PPP 'options.c' CVE-2014-3158 Remote Integer Overflow Vulnerability
PPP ‘options.c’ CVE-2014-3158 Remote Integer Overflow Vulnerability
Vuln: Graphviz 'agerr()' Function Remote Format String Vulnerability
Graphviz ‘agerr()’ Function Remote Format String Vulnerability
Packet Storm New Exploits For November, 2014
This archive contains all of the 158 exploits added to Packet Storm in November, 2014.
Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
This Metasploit module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. Powershell is required on the target machine. On Internet Explorer versions using Protected Mode, the user has to manually allow powershell.exe to execute in order to be compromised.
SSLsplit 0.4.10
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.