Packet Storm's last 100 added files. Last Updated: Tue Jul 1 12:37:50 EDT 2008 [ browser_insecurity_iceberg_2008.pdf ] af684f84277d52eb31988b9ac44515b2 Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg". [ SSRT080039.txt ] eb33bd08e909cb2c55021114df246deb HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). [ 25C3-CFP.txt ] e411b12f5ef8506c1f3aacdb3d43878b The Call For Papers for the 25th Chaos Communication Congress (25C3) has been announced. [ SCANIT-2008-003.txt ] 2dbe63c7f433939569f3b2bbd9396d7d Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. [ SCANIT-2008-002.txt ] ce70fc05a90c81614cd3c86db797feda Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. [ SCANIT-2008-001.txt ] 30766d2dfe2702bf77bc2e784af435fd QNX RTOS phgrafx version 6.3.2 and 6.3.0 suffer from a privilege escalation vulnerability. [ usurdat.zip ] 3b8adc5e317fff936cc5da1ecdf951c0 Proof of concept denial of service exploit for SOLDNER - Secret Wars versions 33724 and below which suffer from an endless loop vulnerability. [ usurdat.txt ] f3e825059f7ccedff30e8299e56ab72c SOLDNER - Secret Wars versions 33724 and below suffer from an endless loop vulnerability. [ glsa-200807-02.txt ] 45919da25460de8eeaa81d8449ca136f Gentoo Linux Security Advisory GLSA 200807-02 - Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Versions less than 3.2.10.1 are affected. [ glsa-200807-01.txt ] 9754f003ee383327a4cf504dfc48d95e Gentoo Linux Security Advisory GLSA 200807-01 - Multiple integer overflows may allow for Denial of Service. Versions less than 2.4.4-r13 are affected. [ blogparticle-traverse.txt ] b2b27405d6772b357b942e854231542e Blog Particle version 8.0 suffers from directory traversal and database credential disclosure vulnerabilities. [ hbr-rfi.txt ] 059950a053c937cf608ba8fa88fb87c7 HIOX Banner Rotator (HBR) version 1.3 suffers from a remote file inclusion vulnerability. [ 0806-exploits.tgz ] b8541128010b04328070aff54cf865f4 Packet Storm new exploits for June, 2008. [ mambongal-sql.txt ] 518ab12f168cd87e8d1f56f8f07ae494 The Mambo n-gallery component suffers from multiple SQL injection vulnerabilities. [ psys070-sql.txt ] 7753d7d24d70b5cdbe4ff97bd90822cf pSys version 0.7.0 suffers from a remote SQL injection vulnerability in chatbox.php. [ pivot-disclosure.txt ] 3aa95a0656fbb05e1de96366a7bc772d Pivot version 1.40.5 Dreamwind load_template() credential disclosure exploit. [ USN-617-2.txt ] 1a96557d0ecb7fc857c3b1519608d098 Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. [ rcm-sql.txt ] 4d8731d224689d8375fccf12d82edd5a RCM Revision Web Development suffers from a remote SQL injection vulnerability in products.php. [ barenuked-admin.txt ] 5ec47feac834cbac9413af2b028e7cd6 BareNuked CMS version 1.1.0 arbitrary add administrator exploit. [ faname10-xss.txt ] a91182cee88d64312eaa70e37f746fd7 Fa Name version 1.0 suffers from multiple cross site scripting vulnerabilities. [ faname10-sql.txt ] 479d647a0d9376efad4a924222e49f69 Fa Name version 1.0 suffers from a remote SQL injection vulnerability. [ rssagg-sql.txt ] 85402114964722c1beb4c841d641efa8 RSS-aggregator version 1.0 suffers from direct administrative access and SQL injection vulnerabilities. [ lul-busybox.c ] 0779070e48e6cb3aeab5c96d2bacde47 BusyBox local format string exploit. [ openbsdanim-local.txt ] 0aaa57871ef67c2fdf9114a9133eb7c6 Local root animated,.. yes animated, exploit for OpenBSD 4.0 that takes advantage of an old vga vulnerability. [ ashop-sql.txt ] 0b77fa10fe8a2227dc7f73298d9ed400 AShop Deluxe version 4.x remote SQL injection exploit that takes advantage of catalogue.php. [ mybloggie-sql.txt ] e9b34428bf379bf84fc15a1fc314f32b myBloggie version 2.1.6 suffers from multiple remote SQL injection vulnerability. [ catviz-sql.txt ] cf439a30e0259c6d86deff2bc919a096 Catviz version 0.4.0 beta1 suffers from a SQL injection vulnerability. [ surgemail-dos.txt ] be876b1cc941d302f35ee5da0c30d612 Surgemail version 39e-1 post authentication IMAP remote buffer overflow denial of service exploit. [ eshop100-sql.txt ] 642f81b474b9474928e769d5d24150de eSHOP100 suffers from a remote SQL injection vulnerability. [ dirlist-traverse.txt ] 50c3cc3bca2d5bef810b1ef90d522956 dirLIST suffers from an arbitrary file download vulnerability. [ singapore-database.txt ] 00eceb6b1d9f12b280554992b7d92927 Singapore version 0.10.1 suffers from directory traversal and database credential exposure vulnerabilities. [ pktanon-1.2.0-dev.tar.gz ] 6e62d3f5495216ac5d24dd82b3025314 PKtAnon performs network trace anonymization. It is highly configurable and uses anonymization profiles. Anonymization profiles allow for mapping of arbitrary anonymization primitives to protocol attributes, thus providing high flexibility and easy usability. A huge number of anonymization primitives and network protocols are supported and ready to use for online and offline anonymization. [ acmlmboard-sql.txt ] 773787955947be4c56fe35fa0cdf29e0 AcmlmBoard version 1.A2 suffers from a remote SQL injection vulnerability. [ haloloop2.zip ] fadea90eced43aed0c6e0f6a481c9d5a Proof of concept exploit for Halo: Combat Evolved versions 1.07 and below which suffer from an endless loop vulnerability. [ haloloop2.txt ] 2342eabb31216ae3717a8fae1e0fd88c Halo: Combat Evolved versions 1.07 and below suffer from an endless loop vulnerability. [ stalker39x.zip ] aa19aaaee16e78fe36cffc1da46c2748 Proof of concept exploit for S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and below which suffer from multiple buffer overflow vulnerabilities. [ stalker39x.txt ] 8748175c36816983ed9b88629e1d66cd S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and below suffer from multiple buffer overflow vulnerabilities. [ seportal-sql.txt ] 717c3293a35186d12df542367e48c32b SePortal version 2.4 suffers from a remote SQL injection vulnerability in poll.php. [ phpfusionclass-sql.txt ] a3f38413ec0cbbe7ed2d38c0a7d6a99e The PHP-Fusion classifieds module suffers from a remote SQL injection vulnerability. [ sebraccms-sql.txt ] 10f686df5300fbcfd99f9233d456f357 SebracCMS versions 0.4 and below suffer from multiple SQL injection vulnerabilities. [ joomlawebtv-sql.txt ] 08932ce3fcc95e0686763e4acd36f91b Joomla Xe webtv component blind SQL injection exploit. [ joomlabea-sql.txt ] 986f117c65f7fbdcb0f50a0fb11da920 The Joomla beamospetition component suffers from a remote SQL injection vulnerability. [ obm-sql.txt ] 0d97b72637844ae1ecff587d078a4f7c Online Booking Manager version 2.2 suffers from a remote SQL injection vulnerability. [ joomlajabode-sql.txt ] f07a14bb82cd1a7e7872d4a04018d057 The Joomla jabode component suffers from a remote SQL injection vulnerability. [ SSRT080063-2.txt ] cb574cc01a166d5cb95cca70387a9dad HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache with PHP. This vulnerability could be exploited remotely to execute arbitrary code. [ SSRT080075.txt ] 6062acd3e10bdd7f313d85a01264ff04 HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code. [ otmanager-cookie.txt ] 8be7ba9a4d9cd7a3cf2bd8881eef13fd OTManager CMS version 2.4 suffers from an insecure cookie handling vulnerability. [ aplus-cookie.txt ] bb54ef13386580558883b1131de856b6 A+ PHP scripts News Management System suffers from an insecure cookie handling vulnerability. [ poweraward-lfi.txt ] 9305f5fb108154490012aba4cc57fc8f PowerAward version 1.1.0 RC1 suffers from local file inclusion and cross site scripting vulnerabilities. [ bacom2008-cfp.txt ] 152571f585e0207c5f31e4dd35351f9e Call for the papers for the first annual BA-Con applied technical security conference has been announced. It will be held in Buenos Aires on September 30th and October 1st, 2008. [ WebUI-dos.rar ] bafe44d911e3b9f6c574191ee3a968cb uTorrent / BitTorrent WebUI HTTP 1.7.7/6.0.1 denial of service exploit. [ unhide20080519.tgz ] 1194ec0f89c6f28e8eb64fb66836f70f Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques. [ w1l3d4-sqlxss.txt ] 861e1f8aa925cd21c10102b4cbd1f982 W1L3D4 Philboard version 1.2 suffers from blind SQL injection and cross site scripting vulnerabilities. [ otmanager-lfixss.txt ] b6f273a73bab86e6758e97b212fb73a1 OTManager CMS version 24a suffers from local file inclusion and cross site scripting vulnerabilities. [ orca-rfi.txt ] e97c9cdefc1dafb1f723740af4bf9895 Orca version 2.0 suffers from a remote file inclusion vulnerability in params.php. [ cheatswebsite-sql.txt ] 40221464d5ae35a73a0e3ff520accf9b Cheats Complete Website version 1.1.1 suffers from a SQL injection vulnerability. [ drinkswebsite-sql.txt ] 3e3064e99c6573f29cb3b519d0ff0a84 Drinks Complete Website version 2.1.0 suffers from a SQL injection vulnerability. [ jokeswebsite-sql.txt ] 853c4c2f2c5efc3a94561d0b26b1674d Jokes Complete Website version 2.1.3 suffers from a SQL injection vulnerability. [ riddle-sql.txt ] 2eef4cd8a745281b006adf5026361a15 Riddle Complete Website version 1.2.1 suffers from a SQL injection vulnerability. [ seagull-upload.txt ] c5e5b49ebd5b91fc298f8cb7daad347b Seagull PHP Framework version 0.6.4 and below arbitrary file upload exploit. [ phpblaster-lfi.txt ] 6c0b2dfd4356de27e58436234b204d07 phpBlaster CMS version 1.0 RC1 suffers from multiple local file inclusion vulnerabilities. [ MDVSA-2008-124.txt ] dd7ca66a9032bad00eb87dc64def01d7 Mandriva Linux Security Advisory - A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library. Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. [ USN-621-1.txt ] 3f9b36d1f7954def85af5e64b364ce99 Ubuntu Security Notice 621-1 - Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. [ dsa-1599-1.txt ] 5dca316831d6a1cd5fdaf050dfb288a7 Debian Security Advisory 1599-1 - Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. [ wellyblog-xss.txt ] 2f0660f20ffa6fdd5e51d9c536d72cd7 WellyBlog Open Source Blog Portal suffers from a cross site scripting vulnerability. [ prelude-manager-0.9.13.tar.gz ] b83b6bf8ce7ca3976446c830c0602ce2 Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. [ strongswan-4.2.4.tar.gz ] 92ddfaedd6698bc6640927def271d476 strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. [ Reverse.Engineering.AntiCracking.Techniques.pdf ] b40d518a0f6862e155625d7d982d2836 This paper was written to give a better understanding of the various approaches taken in reverse engineering. It also provides insight into proper software design to protect sensitive data, etc. [ joomlayanc-sql.txt ] f62aa90a646788ecc8edabb7aec317a0 The Joomla YaNC component suffers from a SQL injection vulnerability. [ joomlanetinvoice-sql.txt ] 3ffdf6f0efa9e98d85c96f57fe3ab474 The Joomla netinvoice component version 1.2.0 SP1 suffers from a SQL injection vulnerability. [ phpmotion-upload.txt ] ba3966b0a3c0f852dd34a1f47c658557 PHPmotion versions 2.0 and below remote shell upload exploit that makes use of update_profile.php. [ firefox3.tar.gz ] 573f33fd4744e3424def6c4eaee7412f This is a specially crafted JPEG that causes a denial of service resulting in a crash in Firefox 3. [ kroax-sql.txt ] 8abe0b0a0d0805a22a8d08ae70c2b956 The PHP-Fusion module Kroax versions 4.42 and below suffer form a SQL injection vulnerability. [ polypager-sqlxss.txt ] 29777b31ed9c0220e7384045c324b257 PolyPager versions 1.0rc2 and below suffer from SQL injection and cross site scripting vulnerabilities. [ kellerwebadmin-lfi.txt ] 8f6ec5dacfd27b81ae6a570f415d29f5 Keller Web Admin CMS version 0.94 Pro suffers form a local file inclusion vulnerability. [ galmetapost-lfi.txt ] 49cb0fd2993129eb67f06202f4fa1d72 Galmeta Post CMS version 0.2 suffers from multiple local file inclusion vulnerabilities. [ evolution-dos.txt ] 8b50a4dabc00806b64b2caf21de573b6 Evolution version 2.22.2 suffers from a denial of service vulnerability. [ pidgin-dos.txt ] f67d21bd405bacbae2868e38acc290b2 The Pidgin instant message program version 2.4.1 suffers from a denial of service vulnerability. [ rhythmbox-dos.txt ] 51f4e29e6d4dc8f1e23dffb33498c900 Rhythmbox MP3 player version 0.11.5 suffers from a denial of service vulnerability. [ theratcms-sqlxss.txt ] 9ca131ed0e3dd1d61d8dd5b538022335 The Rat CMS version Pre-Alpha 2 suffers from SQL injection and cross site scripting vulnerabilities. [ commtouch-xss.txt ] 64502b630861699fbe53059371bb552a The Commtouch Anti-Spam Enterprise Gateway solution suffers from a reflected cross site scripting vulnerability. [ USN-620-1.txt ] e3d8ad2ad350589c4ffb1f35b0d2da37 Ubuntu Security Notice 620-1 - It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. [ linkara-xss.txt ] d068fcb3d6dc7280db0ef7e4e4cb276b Linkara.com appears to suffer from a cross site scripting vulnerability. [ MDVSA-2008-123.txt ] aae7f17996dbc7e231fda84d7b782f09 Mandriva Linux Security Advisory - Stefan Cornelius discovered two buffer overflows in Imlib's image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code. [ gtalk-inject.txt ] 9a3e1e91d5e935ab4996f7b5baa2bce2 It appears that Gtalk version 1.0.0.105 suffers from cross site scripting vulnerabilities. [ cisco-sa-20080625-cucm.txt ] bbf0e1d565388241508962bd68574324 Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Computer Telephony Integration (CTI) Manager service that may cause an interruption in voice services and an authentication bypass vulnerability in the Real-Time Information Server (RIS) Data Collector that may expose information that is useful for reconnaissance. [ munky-lfi.txt ] 906d54127b213b40bd5ba8e5af036386 mUnky version 0.0.1 suffers from a local file inclusion vulnerability in index.php. [ myphpcms-sql.txt ] 65c68b3a011bbda4674fb8ee79d7125a MyPHP CMS version 0.3.1 suffers from a remote SQL injection vulnerability in page.php. [ pagemanagercms-upload.txt ] ac1c68ab5fdab602843d15c888a3ae72 Page Manager CMS version 2006-02-04 suffers from a remote arbitrary file vulnerability. [ webdevindo-sql.txt ] f0051f3d547cf5b031f6ebb1450f7473 Webdevindo-CMS version 0.1 suffers from a remote SQL injection vulnerability in index.php. [ mcguestbook-rfi.txt ] 2c50ef1b3beec2bf04d9b41c681c2ffb mcGuestbook version 1.2 suffers from a remote file inclusion vulnerability. [ idebox-rfi.txt ] 6c84b179600421b41dafaea74df08d9b IdeBox suffers from a remote file inclusion vulnerability. [ glsa-200806-11.txt ] 626b6ce57172984c878b0193d2f8c3d3 Gentoo Linux Security Advisory GLSA 200806-11 - Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.7 are affected. [ evacms-rfi.txt ] 2eaee51aa67789bd3b98bb3577bd345a EVA CMS version 2.3.1 suffers from a remote file inclusion vulnerability. [ bluemoon-advisory-2008-07.txt ] 36111b2e515023c4c863822ba14a6108 A format string vulnerability exists in 5th street and derived clients. [ tokokita-sql.txt ] b3bb197e7c47eb73a5aba06fb9dfdccd Exploit for TOKOKITA which suffers from multiple SQL injection vulnerabilities in barang.php. [ mosxml-lfi.txt ] 51e2cbd2dba39c80ec8c8bd9ca0bc48c MosXML Alpha version 1.x suffers from a remote file inclusion vulnerability. [ jonascms-lfi.txt ] cc706d48f223410804b67f9cfde39056 Jonas CMS version 1.2 suffers from multiple local file inclusion vulnerabilities. [ mamboarticles-sql.txt ] ae4966a583bc47fc94b92c4ed4130306 Mambo Articles component blind SQL injection exploit. [ jokesfunny-sql.txt ] d2ab2508c634f1913be520f169087d8b Jokes and Funny Pics scripts suffers from a remote SQL injection vulnerability.