Packet Storm's last 50 added files.
Last Updated: Wed Aug 27 18:03:16 EDT 2008


[ USN-638-1.txt ] c3002bba563957c93b2edfad569c7c01 Ubuntu Security Notice 638-1 - Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.  
[ kyocera-traversal.txt ] b1469751eb65919a9b8435ad1055dc09 Kyocera Command Center suffers from a directory traversal vulnerability.  
[ searchengine-sql.txt ] 63fc260d89bd02c73d5d2647cb1356d3 Search Engine suffers from a remote SQL injection vulnerability in viewcat.php.  
[ igshopdisp-sql.txt ] e73b22fbec473ddd5750c3cbf0d66b60 iG Shop suffers from a remote SQL injection vulnerability in display_review.php.  
[ SSRT080106.txt ] a84ae83f38e250d72f3b90696e44be96 HP Security Bulletin - A potential security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges.  
[ advchk-2.10.tar.gz ] 03bd5578fd6b1795710a9c67225040c3 Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.  
[ yourownbux-sql.txt ] 7e146c229cd2cc0ccbe6f6b868c695f2 YourOwnBux versions 3.1 and 3.2 Beta suffer from a remote SQL injection vulnerability.  
[ PLSA-2008-31.txt ] 89fde6963eee81805e587266f74bbffa Pardus Linux Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.   
[ phpmyrealty109-sql.txt ] c5c0581e59881b0c55bafb406bc61e32 phpMyRealty versions 1.0.9 and below suffer from a remote SQL injection vulnerability in pages.php.  
[ ultra-overflow.txt ] 8efda1569b663b030992e1d6768813f9 Ultra Office Active-X Control remote buffer overflow exploit.  
[ ultra-corrupt.txt ] 3c538957caf9590d5e856cd27bf0f824 Ultra Office Active-X Control remote arbitrary file corruption exploit.  
[ MDVSA-2008-180-1.txt ] cee89e63538737ae53aedf3ab3fd7410 Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.  
[ fileutility.txt ] b9cc2a9b04bb9971365bc2eb05b812f3 This Metasploit exploit attacks multiple file manipulation vulnerabilities in the Kyocera Mita Scanner File Utility version 3.3.0.1.  
[ kyocera-upload.txt ] c188a08ce39e9da8719c911ff27e4178 The Kyocera Mita Scanner File Utility version 3.3.0.1 suffers from multiple file manipulation vulnerabilities.  
[ EMORY-2008-01.txt ] 46742f7d6234df7fa0b6c185fb2e534a Telartis's AWStats Totals versions 1.0 through 1.14 suffer from a remote code execution vulnerability.  
[ mybb1211-sql.txt ] 2b8c0145ecb2c5255a32519df1daeffe MyBulletinBoard (MyBB) versions 1.2.11 and below SQL injection exploit that leverages private.php.  
[ ifdate-sql.txt ] ea21be161b9c61655d9d93c6bb733611 iFdate versions 2.0.3 and below suffer from a SQL injection vulnerability.  
[ dsa-1631-2.txt ] f024501160502cc01f3a8a6951c7c361 Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.  
[ dsa-1632-1.txt ] 0e6569a1ce6eb08995b0101c1d463469 Debian Security Advisory 1632-1 - Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.  
[ thickboxgallery-disclose.txt ] 742dcf93f43279e1ee08f057327abcee Thickbox Gallery version 2 suffers from an administrative data disclosure vulnerability in admins.php.  
[ cmme-lfixsscsrf.txt ] a46f6ae035b9cb1477736efe43b4ed9a CMME version 1.12 suffers from local file inclusion, cross site scripting, cross site request forgery, and other vulnerabilities.  
[ simpgal-sql.txt ] c402f3afaca614ffeb393f9b84477b59 Simple Gallery ASP Script suffers from a remote SQL injection vulnerability.  
[ zoneminder-multi.txt ] d8bb2d877419e579e9d76b0f207b8425 ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.  
[ mvs-activex.txt ] 181f169f345f46154d1d9000c16aed1e Microsoft Visual Studio Active-X remote buffer overflow exploit that leverages Msmask32.ocx.  
[ hpsnh-xss.txt ] 10441eb7ff70f0b1f1b38bdfe4afb273 Further analysis regarding the HP System Management Homepage (SMH) cross site scripting vulnerability.  
[ zbreaknews-sql.txt ] a7eb6a2643b88223f58f0185eb07384d z-breaknews version 2.0 suffers from a remote SQL injection vulnerability in single.php.  
[ mininuke23-sql.txt ] 8e01430892a688f963f403b76a239c9a MiniNuke version 2.3 Freehost suffers from multiple remote SQL injection vulnerabilities.  
[ USN-637-1.txt ] 4ff77f698b3af8e2303260d5110f0d63 Ubuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.  
[ krate-sqlxss.txt ] d26ac1ccd455e8908f757fa505552e5d K-Rate suffers from SQL injection and cross site scripting vulnerabilities.  
[ sphpblog-exec.txt ] f98e850f53affbab3ddff8216779f279 Simple PHP Blog (SPHPBlog) versions 0.5.1 and below code execution exploit.  
[ kolifadownload-sql.txt ] ef095920edf3cf084b22795e4d5e48f6 Kolifa.Net Download Script version 1.2 suffers from a remote SQL injection vulnerability.  
[ popnupblog-xss.txt ] b82aae9cdaf7f648a0399aae7d72008e PopnupBlog version 3.30 suffers from multiple cross site scripting vulnerabilities in index.php.  
[ crafty-sql.txt ] e6945d67ffc3bf702f8bca9d13e35ddf Crafty Syntax Live Help versions 2.14.6 and below suffer from a remote SQL injection vulnerability.  
[ DSECRG-08-038.txt ] 8fe839a4a7d6a995587c81d9a5a0dffe ezContents CMS version 2.0.3 suffers from multiple local file inclusion vulnerabilities.  
[ DSECRG-08-037.txt ] 569ec165bf63e88aa064daa5c376d909 Pluck CMS version 4.5.2 suffers from multiple local file inclusion vulnerabilities.  
[ goranicms-blindsql.txt ] 5db9f49dbda6cc73f1613eedb0a8ab7a Gorani CMS suffers from a blind SQL injection vulnerability.  
[ neotericuk-sql.txt ] 31707c0c1c7da57f97e002dd3b4bae27 Neoteric UK websites suffers from a remote SQL injection vulnerabilities.  
[ millionpixel-sql.txt ] 8caf8d3ea10e6555e8319da4e3caa3df Million Pixel Ad Script suffers from a remote SQL injection vulnerability.  
[ geeklog-upload.txt ] 70f91a82ad8e316160b0c228f0f01631 GeekLog versions 1.5.0 and below remote arbitrary file upload exploit.  
[ webboard-sql.txt ] dd0f573ccd7d4c7427aafafd4d4f0ad6 WebBoard versions 2.0 and below suffers from an arbitrary SQL question/answer deletion vulnerability.  
[ wds-sql.txt ] 2d7d3c3ae39631f6786aad84cca8f978 Web Directory Script versions 2.0 and below suffer form a remote SQL injection vulnerability.  
[ freebsd-master.txt ] cf47939bcd912af3c724afa97bbd291f 65 byte NULL free /bin/cat /etc/master.passwd shellcode for freebsd/x86.  
[ secunia-calendarix.txt ] 25805f56ddb5ea080e60cc240a6e595d Secunia Research has discovered two vulnerabilities in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "catsearch" parameter in cal_search.php and "catview" in cal_cat.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Calendarix Basic 0.8.20071118 is affected.  
[ secunia-iprintget.txt ] fdd4e1fe471d8f8909683736fc941234 Secunia Research has discovered a security issue in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Novell iPrint Client 4.36 and Novell iPrint Client for Windows Vista 5.04 are affected. The insecurity lies in GetFileList().  
[ secunia-iprint.txt ] 40a0bbe6cee53536da934ab4a38a4cb8 Secunia Research has discovered multiple vulnerabilities in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. These include boundary errors and buffer overflow issues. Novell iPrint Client 4.36 is affected.  
[ danairc-overflow.txt ] ce78e866e21035b1d75c8e6ed56a451f Dana IRC version 1.4a remote buffer overflow exploit.  
[ nufw-2.2.16.tar.gz ] 7a4f72298783b877a050863888d643df NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server. 
[ fwknop-1.9.7.tar.gz ] 955a2a920aeeab655d16da212f70b5e8 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. 
[ belkin-bypass.txt ] 9119bf2575e2d603c0dd43fdac82247a Belkin wireless G router and ADSL2 modem authentication bypass exploit.  
[ PLSA-2008-30.txt ] bba89f851911b3ef0f74460ddb4d69a5 Pardus Linux Security Advisory - Insufficient sanitization can lead to Vim executing arbitrary commands when performing keyword or tag lookup.