Packet Storm's last 100 added files. Last Updated: Mon Oct 6 22:31:24 EDT 2008 [ sacphp.txt ] 8db5ac674c4dd4e2e29dce7d9fe40bbc Yerba SACphp versions 6.3 and below local file inclusion exploit. [ apple-store.txt ] d4bd986357144dbbc77a2f924357767a Apple's Mail.app does not store S/MIME encrypted emails securely in the Drafts directory on server. Version 3.5 is affected. [ cmme-disclose.txt ] c0dd8f01bef55cc5449f3f93bcf549df CMME versions 1.19 and below suffer from multiple information disclosure vulnerabilities. [ dsa-1645-1.txt ] e8d344c305809ff14e11e18fcae68145 Debian Security Advisory 1645-1 - Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. [ dsa-1644-1.txt ] 63d8bdd15952341d8b15445ba1e16b00 Debian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file. [ dsa-1643-1.txt ] 5117ac099afbaf76d8ba3f92087f33f1 Debian Security Advisory 1643-1 - Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks. [ phpfusiontris-sql.txt ] 7179eea011d2ebd20c445bbe54280ce2 The triscoop_race_system module form PHP-Fusion is susceptible to a remote SQL injection vulnerability. [ phpfusionrecept-sql.txt ] 1ca6370bfdea447bdf7ce773c9b41698 The recept module form PHP-Fusion is susceptible to a remote SQL injection vulnerability. [ phpfusionraid-sql.txt ] e2530db8784d7c1a148a9c422f872e26 The raidtracker_panel module form PHP-Fusion is susceptible to a remote SQL injection vulnerability. [ phpfusionmanuals-sql.txt ] 9a38b0c25d95dfdcf7fd9ccd1f8b6967 The manuals module form PHP-Fusion is susceptible to a remote SQL injection vulnerability. [ antenna-sql.txt ] df3913ee28981d01e69556c4195315f8 It seems like some PHP code provided by Leicester Internet Services Antenna Web Services suffers from remote SQL injection vulnerabilities. [ timbuktu-pwn.txt ] cc21e159c048321b9694b8bec0e1dde3 The Motorola/Netopia Timbuktu Remote Control Software suffers from a flaw in the Internet Locator service that allows anyone to find someone by just knowing their email address. [ geccbblite-sql.txt ] 15e104653b65a55669de18efc86cf04f geccBBlite version 2.0 remote SQL injection exploit that uses leggi.php. [ fastpublish-lfisql.txt ] 4c085d1ed3b6598c0560c11e8f53fa0e Fastpublish CMS version 1.9999 suffers from local file inclusion and SQL injection vulnerabilities. [ phpabook-lfi.txt ] be30d14264af177d9ba31fcfcc2068b6 phpAbook versions 0.8.8b suffers from a local file inclusion vulnerability by leveraging the cookie. [ asicms-rfi.txt ] 04ab4e817896f65cb139ba610886aad9 asiCMS alpha version 0.208 suffers from multiple remote file inclusion vulnerabilities. [ fossgp-upload.txt ] 2ec20d3c6b1d886410240d10ae079dad FOSS Gallery Public versions 1.0 and below suffer from an arbitrary file upload vulnerability. [ bluecoat-bypass.txt ] ec3ac699e04fa37600344d8d751904f7 Blue Coat K9 Web Protection version 4.0.230 Beta suffers from multiple administrative bypass vulnerabilities due to controlling access via javascript. [ opennms-xss.txt ] 85d4f502a9d57fbea2d2560efa484e0c OpenNMS version 1.5.93-1 suffers from HTTP response splitting and cross site scripting vulnerabilities. [ targeting-voip.pdf ] 6cf443937c55a3febd2aff3bf63c18ac Whitepaper discussing methodologies and logistics to targeting Voice Over IP (VoIP) networks. [ oracle-assault.pdf ] f9ab79eb4c9cf9a20d44e368ed1ae970 This paper discusses injection into Oracle PL/SQL databases objects. [ ifoto-disclose.txt ] ebc6d785d4aa55f8ce0b8eeaa157b5c5 iFoto Photo Gallery versions 1.0 and below suffer from a remote file disclosure vulnerability. [ phpwebexplorer-lfi.txt ] 94d1426e25f049cc9ded68dfcde253e3 PHPWebExplorer versions 0.09b and below suffer from a local file inclusion vulnerability. [ interdynamic-sql.txt ] 4bb6a6ca0c622dfbeb7c51e237960609 InterDynamic SA web sites suffer from a remote SQL injection vulnerability. [ verisign-xss.txt ] fdf83b16ce4c0daac617a79a916defb8 The VeriSign Kontiki Delivery Management System (DMS) versions 5.0 and below suffer from a cross site scripting vulnerability. [ jmweb-lfi.txt ] 557b7075fe29e066530bf30867bd487f JMweb MP3 suffers from multiple local file inclusion vulnerabilities. [ galerie-blindsql.txt ] 6bb25649afeae3053f5f01dacb5e6a2b Galerie version 3.2 WBB Lite add-on blind SQL injection exploit. [ foss10-upload.txt ] 6ebe2e70a4c2c1ed6cec4d3b138f46df FOSS Gallery Admin versions 1.0 and below remote arbitrary upload exploit. [ foss-upload.txt ] f7519898cd134f8e682f0472387fd85f FOSS Gallery Public versions 1.0 and below arbitrary upload / information c99 exploit. [ ppim-lfi.txt ] 2fa88e21871a87656df0cfca9ebc4ee9 pPIM version 1.01 suffers from a local file inclusion vulnerability in notes.php. [ kwalbum-upload.txt ] f1ee2eff2f7c14874f79fb53b7ec552a Kwalbum versions 2.0.2 and below suffer from an arbitrary file upload vulnerability. [ ccms-lfi.txt ] a4ee55f68d1cc3e1edfd1c6f1fe5ab20 CCMS version 3.1 suffers from multiple local file inclusion vulnerabilities. [ vmware-emulation.txt ] 9d308b99f74f10aaccfde19943b9cbc4 By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux. [ VMSA-2008-0016.txt ] 6d2cadbdc3aa8d8b14781c8f7a10e20e VMware Security Advisory - VMware addresses an in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages. [ MDVSA-2008-210.txt ] 68b4e4fdd62c729cba03aa357003d366 Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. [ MDVSA-2008-209.txt ] 6c8c02e04058c8e9e9b7b397c121754e Mandriva Linux Security Advisory - Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache. The updated packages have been patched to prevent this issue. [ ayeview220-dos.txt ] 22ec90cad8f01e0710dcaae91b295b27 AyeView version 2.20 malformed GIF image denial of service exploit. [ faststone-dos.txt ] adac5794f150c02f3b3dd8896007bd91 FastStone Image Viewer version 3.6 malformed BMP image denial of service exploit. [ ayeview-dos.txt ] 8e14eff221ce5dc0da7b21679822fea7 AyeView version 2.20 invalid bitmap header parsing denial of service exploit. [ vista-access.txt ] 68e64c685219c6145071f4a9faebb354 Microsoft Windows Vista access violation from limited account denial of service blue screen of death exploit. [ hammer-traversal.txt ] e7eacd600ee59a1dce5ab3cccd014630 Hammer Software MetaGauge version 1.0.0.17 suffers from a directory traversal vulnerability. [ mirc634-overflow.txt ] 4e0f112638c474ea9793b70bea109bed MIRC version 6.34 remote buffer overflow exploit that spawns calc.exe. [ ampjuke-sql.txt ] c3cf01381849c364e5d91e4b45ee345d AmpJuke version 0.7.5 suffers from a remote SQL injection vulnerability in index.php. [ ShellCodeForBeginners.pdf ] 07361f6aebc463b21728882f5c3c50d4 ShellCode For Beginners - A short whitepaper discussing what defines shellcode and simple fundamentals surrounding its use. [ secunia-trendtraverse.txt ] cd3bd7717ea3e9d76584427b2039083a Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused by an input validation error in TmListen.exe when a client is configured to be an update agent. This can be exploited to retrieve arbitrary files from the system via directory traversal attacks. Affected is Trend Micro OfficeScan 7.3 patch 4 build 1367. [ vba32-poc.tgz ] d59ccdb754ec13657e227efe39bb89a1 VBA32 Personal Antivirus version 3.12.8.x suffers from a malformed archive denial of service vulnerability. Proof of concept exploit enclosed. [ Gdi.tgz ] 05232665cf0225ea433977e7c5d0744e This archive contains two EMR_COLORMATCHTOTARGETW related stack buffer overflow exploits. calc.zip executes calc.exe and IE.zip and localhost.zip connect back to port 230. [ opennhrp-0.8.tar.bz2 ] 5e671a243981b41f47838e7be02690de OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible. [ servu72-upload.txt ] 9d56ebbb5d60ff809c562ed83d970868 Serv-U version 7.2.0.1 suffers from a remote FTP file replacement vulnerability. [ servu72-dos.txt ] 3a4a7dc94a88ddaf8bc332a3c8dbc1f2 Serv-U version 7.2.0.1 suffers from a remote denial of service vulnerability. [ mirc-overflow.txt ] 7bce579af5ef91ecbb3234f66574f375 MIRC version 6.34 remote buffer overflow proof of concept exploit. [ openx-blindsql.txt ] 03da8ed07bee2d8a69a9e6d1fecae2c1 OpenX version 2.6 remote blind SQL injection exploit that leverages ac.php. [ adaptcms-blindsql.txt ] 29debfcf27d221418143e459ef655aaf AdaptCMS Lite versions 1.3 and below blind SQL injection exploit. [ ipreg-blindsql.txt ] 2026624acb5aa424c443d7042dc802e6 IP Reg versions 0.4 and below blind SQL injection exploit that leverages login.php. [ fpe-sql.txt ] f04c8b723f6016f22ea9ddc00124afd1 Full PHP Emlak Script suffers from a remote SQL injection vulnerability in arsaprint.php. [ USN-650-1.txt ] 327a931e102a05f6cb3e829727a90e1a Ubuntu Security Notice 650-1 - A buffer overflow was discovered in cpio. If a user were tricked into opening a crafted cpio archive, an attacker could cause a denial of service via application crash, or possibly execute code with the privileges of the user invoking the program. [ hostadmin-xss.txt ] 6bc89dbde56cc8af30f327f466285c1d HostAdmin versions 3.1.1 and below suffer form a cross site scripting vulnerability. [ juniper-xss.txt ] 980859c903b74880d278edecfa19fc6c Layered Defense Research Advisory - The Juniper Netscreen firewall NetOS version 5.4.0r9.0 suffers from a cross site scripting vulnerability. [ flash9-dereference.txt ] 0c0bc484451003d874ae888ba3a01584 Flash 9 appears to suffer from a null pointer dereferencing in versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10. [ FreeBSD-SA-08.10.nd6.txt ] 64e0b075d9702e72377ce9003d10ea78 FreeBSD Security Advisory - IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node. [ prs-cookie.txt ] cf84a19ab66324ce7873a92a22e2357f phpscripts Ranking Script suffers from an insecure cookie handling vulnerability. [ vxftpsrv-overflow.txt ] ba153cb88ae9d4407c8222d27e0ff206 vxFtpSrv version 2.0.3 CWD command proof of concept buffer overflow exploit. [ olibwebview-lfi.txt ] a49e2424c5c69a2495cadb0607a68f32 OLIB 7 WebView version 2.5.1.1 suffers from a local file inclusion vulnerability. [ buxto-cookie.txt ] c0fba67e29d87246e068c967d83a953f Bux.to Clone Script suffers from an insecure cookie handling vulnerability. [ orbamic-xss.txt ] 5724f1941a058f5cc910e2c562ce0eca Bam - Student Marketing suffers from cross site scripting vulnerabilities. [ USN-649-1.txt ] 58000d9dd0f2929fcc69919a75c30afe Ubuntu Security Notice 649-1 - It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04. [ linktrader-sql.txt ] 90b5497915eacb7c458513e8b769cd78 Link Trader suffers from a remote SQL injection vulnerability in ratelink.php. [ rportal-rfilfi.txt ] 31c9161796f35732821ab23bfba60a4a RPortal versions 1.1 and below suffer from remote and local file inclusion vulnerabilities. [ zfz20BETA.tar.gz ] b533d8929a93e66708fde27b7b26bc16 ZfZ stands for Zeroday fuZzer. ZfZ is a network fuzzer that supports many protocols and can do generic fuzzing as well. It is trivial to add protocols to fuzz, just copy and modify the protocols already implemented. [ bmforum-sql.txt ] 38210992f929e3cb2d8b1dbceac32846 BMForum version 5.6 suffers from a remote SQL injection vulnerability. [ discforums-sql.txt ] 65da34d2a679a7317dad2a2687f7b183 Discussion Forums 2k version 3.3 suffers from multiple remote SQL injection vulnerabilities. [ nonamecms-sql.txt ] 35fe59adf610e4331d98a0643f7795fe Noname CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities. [ mysqlquick-lfi.txt ] 83d60922e0c258d0a9ce32b89766478c MySQL Quick Admin versions 1.5.5 and below suffer from a local file inclusion vulnerability. [ celoxis-xss.txt ] 7c59f06267f9a6ced9652f57ec723e2a The web based project management tool Celoxis is susceptible to cross site scripting vulnerabilities. [ ecrater-xss.txt ] 6c69b029393e59c8cbc88a99d411062b eCRATER suffers from a cross site scripting vulnerability in cart.php. [ webshell431-xssxsrf.txt ] c89bd0bbed49467e0dd5def46832a511 Web Shell version 4.3.10 suffers from cross site scripting and cross site request forgery vulnerabilities. [ printlog-disclose.txt ] 6c2383ba3d61bfd5893e67d62d64f067 Printlog versions 0.4 and below suffer from a remote file disclosure vulnerability. [ fwknop-1.9.8.tar.gz ] 8dac0e2fc52ab4508563efe3617721f0 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. [ phpscheduleit-exec.txt ] e78036b3e389c71d8e9ad9fcd07ba788 phpScheduleIt versions 1.2.10 and below remote code execution exploit that leverages reserve.php. [ cruxgallery-lfi.txt ] 836d49696bda021e8abb2f1d8ec7db14 Crux Gallery versions 1.32 and below suffer from a local file inclusion vulnerability in index.php. [ adnforum-sql.txt ] 5500a771af45bdd73c886285d803692b ADN Forum versions 1.0b and below blind SQL injection exploit. [ 0809-exploits.tgz ] 54bac55ec40e8fd5a7879702bc5be31b Packet Storm new exploits for September, 2008. [ bookmarksfav-sql.txt ] f84c9e7f0386b683d33c51cff9328044 BookMarks Favourites Script suffers from a remote SQL injection vulnerability in view_group.php. [ rianxosencabos-sql.txt ] f1464e4269a61d2f57c70ca5317a4938 Rianxosencabos CMS version 0.9 suffers from a remote blind SQL injection vulnerability. [ eset-poc.txt ] 07772681a4cb8af7b015a4ec2bc1bb97 ESET SysInpector version 1.1.0 proof of concept exploit that leverages esiadrv.sys version 3.0.65535.0. [ gdpicture-exec.txt ] 516e9a6dd8e038329760078e593eab4a GdPicture Pro ActiveX file overwrite and execution exploit that makes use of gdpicture4s.ocx. [ a4desk-sqldisclose.txt ] b0878c3cf673a2da0c9eab9a6b720949 A4Desk Event Calendar suffers from remote SQL injection and file disclosure vulnerabilities. [ phpmyid-inject.txt ] 5abdc42df08402afe804c833a6b41859 phpMyID can act as a redirector and allows for header injection. Version 0.9 is affected. [ USN-648-1.txt ] 02ceb93e6d6e71fbeecd6efcbed25e43 Ubuntu Security Notice 648-1 - Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. [ msnshadow-0.3_beta.tar.bz2 ] 65fcec2b79b267a38f935780118ec156 MSN Shadow is a forensics tool to analyze the MSN protocol. It has features such as: text sniffing, video sniffing, spoofing messages, hijacking sessions, shutdown users, save text sniffed in HTML format, save video sniffed in AVI format. [ activesync-tcpip.txt ] 89705aa9887b9c43af9b436aa4ba5459 White Wolf Labs #080922-1 - ActiveSync 4.x allows full TCP/IP access via the RNDIS protocol over USB. [ sgrealestate-cookie.txt ] 3dc68d2f801fb24b4ffcc207aeb73eee SG Real Estate Portal version 2.0 suffers from an insecure cookie handling vulnerability. [ sgrealestate-sql.txt ] 6bc583b1e665eeae176eee07cde4cb2d SG Real Estate Portal version 2.0 remote blind SQL injection exploit. [ sgrealestate-sqllfi.txt ] 087e027c32732db3cd30868b944fc33a SG Real Estate Portal version 2.0 suffers from blind SQL injection and local file inclusion vulnerabilities. [ autodesk-exec.txt ] 99bab3b6a9842988632235ad6239a43a Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit. [ geoipgen0.2b.tgz ] 06d980f9429355c1e752310261882c59 geoipgen is an IP network tool written in Ruby for generating geotargeted lists of IP Addresses using MaxMind's Free Open Source GeoLite Country database (www.maxmind.com). Examples: Generate all IPs for New Zealand (./geoipgen -s nz), generate 10,000 random ips for far east asia (geoipgen -n 10000 cn hk mn tw mo jp kr kp), indefinitely generate random ips for japan (geoipgen jp). [ faq-sql.txt ] 63c77f29d458a44544f75e03d28f359a FAQ Management script suffers from a remote SQL injection vulnerability. [ a4deskphp-rfi.txt ] b96b41639284183cd9f224aba5ba0ea5 A4Desk PHP Event Calendar suffers from a remote file inclusion vulnerability. [ major_rls56.txt ] aa39ad4835751870219451376f118696 moziloWiki versions 1.0.1 and below suffer from directory traversal, cross site scripting, and session fixation vulnerabilities. [ wordpressmu-xss.txt ] bcd9422dde4e5978e3ed325d56a1166f WordPress MU versions below 2.6 suffer from a cross site scripting vulnerability in wpmu-blogs.php.