http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0907-exploits/soulseek157-psexec.txt Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability. http://packetstormsecurity.org/0907-exploits/shopcartdx430-sql.txt Remote SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. This particular vulnerability was priorly discovered but further research has been performed. http://packetstormsecurity.org/0907-exploits/shopcartdx430-blindsql.txt Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. http://packetstormsecurity.org/0907-exploits/cve-2008-3531.c Local root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE. http://packetstormsecurity.org/0907-exploits/axesstel-bypass.txt The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities. http://packetstormsecurity.org/0907-exploits/opialaid-sql.txt Opial version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0907-advisories/glsa-200907-02.txt Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected. http://packetstormsecurity.org/0907-advisories/glsa-200907-01.txt Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected. http://packetstormsecurity.org/0907-exploits/rentventory-sql.txt Rentventory PHP suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/papers/general/petite-sql.txt This paper is a small SQL injection tutorial and is written in French. http://packetstormsecurity.org/0907-advisories/oCERT-2009-009.txt CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. http://packetstormsecurity.org/0907-advisories/USN-795-1.txt Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. http://packetstormsecurity.org/0907-advisories/USN-794-1.txt Ubuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. http://packetstormsecurity.org/0907-exploits/joomla1512-xss.txt Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers. http://packetstormsecurity.org/0907-advisories/HPSBUX02431-SSRT090085.txt HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. http://packetstormsecurity.org/0907-advisories/HPSBUX02440-SSRT090106.txt HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS). http://packetstormsecurity.org/0907-advisories/USN-793-1.txt Ubuntu Security Notice USN-793-1 - Multiple vulnerabilities associated with the Linux 2.6 kernel have been addressed. These issues range from arbitrary code execution to denial of service vulnerabilities. http://packetstormsecurity.org/0907-exploits/opial-sql.txt Opial version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/0907-exploits/sourcefire-escalate.txt Sourcefire 3D Sensor and Defense Center versions 4.8.1 and below suffer from a privilege escalation vulnerability. http://packetstormsecurity.org/0907-exploits/adminlog-bypass.txt AdminLog version 0.5 suffers from an authentication bypass vulnerability. http://packetstormsecurity.org/0907-exploits/almnzm-blindsql.txt Almnzm version 2.0 remote blind SQL injection exploit. http://packetstormsecurity.org/0907-exploits/conpresso-sql.txt conpresso version 3.4.8 suffers from a blind SQL injection vulnerability in detail.php. http://packetstormsecurity.org/0907-exploits/oracle10gsyslt-sql.txt Oracle 10g SYS.LT.COMPRESSWORKSPACETREE remote SQL injection exploit. http://packetstormsecurity.org/0907-exploits/yourtube-disclose.txt YourTube versions 2.0 and below suffer from a remote SQL database disclosure vulnerability. http://packetstormsecurity.org/0907-exploits/safari-crash.txt Apple Safari version 4.x javascript reload denial of service exploit. http://packetstormsecurity.org/sniffers/httpry-0.1.5.tar.gz httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields. http://packetstormsecurity.org/0907-exploits/cmschainuk-lfixssshell.txt CMS Chainuk versions 1.2 and below suffer from local file inclusion, cross site scripting, and remote shell vulnerabilities. http://packetstormsecurity.org/0907-exploits/kervinet-sqlxss.txt KerviNet Forum versions 1.1 and below suffer from SQL injection, cross site scripting, and a couple of other vulnerabilities. http://packetstormsecurity.org/0907-exploits/audiopluspls-overflow.txt AudioPLUS version 2.00.215 local buffer overflow exploit that creates a malicious .pls file. http://packetstormsecurity.org/0907-exploits/ard9808-passwords.txt The ARD-9808 DVR card security camera suffers from a password disclosure vulnerability. http://packetstormsecurity.org/0907-exploits/fipscms-disclose.txt fipsCMS Light version 2.1 arbitrary database disclosure exploit. http://packetstormsecurity.org/0907-exploits/peamp-overflow.txt PEamp version 1.02b local buffer overflow proof of concept exploit that creates a malicious .m3u file. http://packetstormsecurity.org/papers/general/linux-hardening.txt Whitepaper called Linux Hardening and Security. http://packetstormsecurity.org/0907-exploits/mp3nator-overflow.txt MP3-Nator version 2.0 universal buffer overflow exploit that creates a malicious .plf file. http://packetstormsecurity.org/shellcode/winxp-sp3_beep_shellcode.txt Microsoft Windows XP SP3 beep and exitprocess shellcode. http://packetstormsecurity.org/0907-exploits/greendam-time.txt Green Dam remote change system time exploit that leverages the fact that UDP port 1234 listens and accepts time updates unauthenticated. http://packetstormsecurity.org/0907-advisories/radware-disclose.txt The radware AppWall Web Application Firewall suffers from a source code disclosure vulnerability on the management interface. Gateway version 4.6.0.2 and AppWall version 1.0.2.6 are affected. http://packetstormsecurity.org/0907-advisories/phion-dosexec.txt The phion airlock Web Application Firewall version 4.1-10.41 suffers denial of service and arbitrary command execution vulnerabilities. http://packetstormsecurity.org/0907-advisories/artofdefence-dos.txt The Artofdefence Hyperguard Web Application Firewall versions 3.1.1-11637 and below, 3.0.3-11636 and below, and 2.5.5-11635 and below suffer from a remote denial of service vulnerability. http://packetstormsecurity.org/0906-exploits/0906-exploits.tgz This archive contains all of the 246 exploits added to Packet Storm in June, 2009. http://packetstormsecurity.org/0907-advisories/VMSA-2009-0008.txt VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. http://packetstormsecurity.org/0907-exploits/messageslib-database.txt Messages Library version 2.0 suffers from an insecure cookie handling and database download vulnerability. http://packetstormsecurity.org/0907-exploits/messageslib-delete.txt Messages Library version 2.0 suffers from an arbitrary delete message vulnerability. http://packetstormsecurity.org/0907-exploits/audioplus-overflow.txt AudioPLUS version 2.00.215 local buffer overflow exploit that creates a malicious .m3u file. http://packetstormsecurity.org/papers/web/web-security.pdf Whitepaper called Web Vulnerabilities and Security. Written in Romanian. http://packetstormsecurity.org/papers/wireless/cracking-air.pdf Whitepaper called Cracking The Air, The Other Way. http://packetstormsecurity.org/0906-exploits/messageslibrary-admin.txt Messages Library version 2.0 suffers from an arbitrary add administrator vulnerability. http://packetstormsecurity.org/0906-advisories/MDVSA-2009-147.txt Mandriva Linux Security Advisory 2009-147 - Arbitrary code execution, denial of service, and overflows have been addressed in the latest Pidgin update. http://packetstormsecurity.org/0906-exploits/tsep-sqlxssdisclose.txt TSEP versions 0.942.02 and below suffer from cross site scripting, remote SQL injection, and information disclosure vulnerabilities. http://packetstormsecurity.org/0906-exploits/myegy-sql.txt MyEgy Script suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/phpmyblockchecker-insecure.txt phpMyBlockchecker version 1.0.0055 suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0906-exploits/bigacecms-lfi.txt BIGACE CMS version 2.6 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/0906-exploits/xampp-xssphpinfo.txt XAMPP for Windows suffers from phpinfo and cross site scripting vulnerabilities. Versions 1.4.9, 1.5.0, 1.5.1, and 1.6.4 are affected. http://packetstormsecurity.org/UNIX/utilities/hex-head.c This is a simple head utility that outputs in hexadecimal format. Characters that are non-printable are replaced with the . character. http://packetstormsecurity.org/0906-advisories/glsa-200906-05.txt Gentoo Linux Security Advisory GLSA 200906-05 - Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Versions less than 1.0.8 are affected. http://packetstormsecurity.org/0906-exploits/jaxformmailer-rfi.txt Jax FormMailer version 3.0.0 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0906-exploits/smfma-sql.txt Member Awards SMF module version 1.0.2 blind SQL injection exploit. http://packetstormsecurity.org/0906-exploits/wprelatedsites-sql.txt The Related Sites WordPress plugin version 2.1 suffers from a blind SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/dmfilemanager-disclose.txt DM FileManager version 3.9.4 suffers from a remote file disclosure vulnerability. http://packetstormsecurity.org/0906-exploits/wpdmalbums-disclose.txt The DM Album WordPress plugin version 1.9.2 suffers from a remote file disclosure vulnerability. http://packetstormsecurity.org/0906-exploits/tfmmmplayer-overflow.txt TFM MMPlayer version 2.0 universal buffer overflow exploit that creates a malicious .m3u file. http://packetstormsecurity.org/0906-exploits/Neversolved.pl.txt Newsolved version 1.1.6 login grabbing remote SQL injection exploit. http://packetstormsecurity.org/0906-exploits/htmp3player10-overflow.txt HT-MP3Player version 1.0 universal buffer overflow exploit that creates a malicious .ht3 file. http://packetstormsecurity.org/0906-exploits/cpanel-disclose.txt Cpanel suffers from an arbitrary file disclosure vulnerability. http://packetstormsecurity.org/0906-advisories/glsa-200906-04.txt Gentoo Linux Security Advisory GLSA 200906-04 - An error in the Apache Tomcat JK Connector might allow for an information disclosure flaw. The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the Content-Length header while not providing data and (2) clients sending repeated requests very quickly. Versions less than 1.2.27 are affected. http://packetstormsecurity.org/0906-advisories/glsa-200906-03.txt Gentoo Linux Security Advisory GLSA 200906-03 - Multiple errors in phpMyAdmin might allow the remote execution of arbitrary code or a Cross-Site Scripting attack. Versions less than 2.11.9.5 are affected. http://packetstormsecurity.org/0906-exploits/dmalbums-rfi.txt DM Albums version 1.9.2 and WordPress plugin suffer from a remote file inclusion vulnerability. http://packetstormsecurity.org/0906-exploits/dmfilemanager-rfi.txt DM FileManager version 3.9.4 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0906-advisories/MDVSA-2009-146.txt Mandriva Linux Security Advisory 2009-146 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit. These include multiple stack-based buffer overflows, a pointer dereference, and an off-by-one error. http://packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt Versions 1.1 and below of the IN module in PunBB suffers from a remote blind SQL injection vulnerability in Affiliations.php. http://packetstormsecurity.org/0906-exploits/punbbvoteforusout-blindsql.txt Versions 1.0.1 and below of the OUT module in PunBB suffer from a remote blind SQL injection vulnerability in VoteForUs.php. http://packetstormsecurity.org/UNIX/utilities/picviz-0.6.tar.gz Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events. This tarball includes the cli, gui, and the library for picviz. http://packetstormsecurity.org/0906-exploits/aad-disclose.txt Audio Article Directory suffers from a remote file disclosure vulnerability. http://packetstormsecurity.org/0906-exploits/joomlabookflip-sql.txt The Joomla Bookflip component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-advisories/MDVSA-2009-145.txt Mandriva Linux Security Advisory 2009-145 - A vulnerability has been found and corrected in PHP. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/0906-exploits/phpfanfictionsploit-sql.txt phpFanfiction remote SQL injection exploit that attempts to pull the admin account. http://packetstormsecurity.org/0906-exploits/phpfanfiction-sql.txt phpFanfiction suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/clicknetcms-disclose.txt Clicknet CMS version 2.1 suffers from a remote file disclosure vulnerability. http://packetstormsecurity.org/0906-exploits/phpsugar-lfi.txt PHP-Sugar version 0.80 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/0906-exploits/punbbvoteforus-blindsql.txt Versions 1.0.1 and below of the IN module in PunBB suffer from a remote blind SQL injection vulnerability in VoteForUs.php. http://packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt Versions 1.1 and below of the OUT module in PunBB suffers from a remote blind SQL injection vulnerability in Affiliations.php. http://packetstormsecurity.org/0906-exploits/punbbapdb-sql.txt PunBB suffers from a remote SQL injection vulnerability when leveraging a cross site request forgery vulnerability in AP_DB_management.php. http://packetstormsecurity.org/0906-exploits/almnzm-sql.txt Almnzm suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/oxygen2php113post-blindsql.txt Oxygen2PHP versions 1.1.3 and below remote blind SQL injection exploit that leverages post.php. http://packetstormsecurity.org/0906-exploits/oxygen2php113-blindsql.txt Oxygen2PHP versions 1.1.3 and below remote blind SQL injection exploit that leverages forumdisplay.php. http://packetstormsecurity.org/0906-exploits/mdprocwguest-sql.txt MDPRO CWGuestBook versions 2.1 and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/htmp3player-overflow.txt HT-MP3Player version 1.0 local buffer overflow exploit that creates a malicious .ht3 file. http://packetstormsecurity.org/0906-exploits/baofengmp-overflow.txt The Baofeng Media Player Storm version 3.9.62 suffers from a playlist related stack overflow vulnerability. http://packetstormsecurity.org/0906-exploits/scmpx-overflow.txt SCMPX version 1.5.1 local heap overflow proof of concept exploit that creates a malicious .m3u file. http://packetstormsecurity.org/peer2peer/tor.uclibc.i686.20090627.iso Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. http://packetstormsecurity.org/0906-exploits/bopup-overflow.txt Remote buffer overflow exploit for the Bopup Communications Server version 3.2.26.54.60. Tested on Microsoft Windows XP SP3. http://packetstormsecurity.org/0906-exploits/ajaxportal-rfi.txt AjaxPortal version 3.0 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0906-advisories/glsa-200906-02.txt Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected. http://packetstormsecurity.org/0906-exploits/NGENUITY-2009-007.txt osTicket version 1.6 RC4 suffers from a blind SQL injection vulnerability. http://packetstormsecurity.org/0906-advisories/glsa-200906-01.txt Gentoo Linux Security Advisory GLSA 200906-01 - A vulnerability has been discovered in libpng that allows for information disclosure. Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. Versions less than 1.2.37 are affected. http://packetstormsecurity.org/0906-advisories/MDVSA-2009-144.txt Mandriva Linux Security Advisory 2009-144 - Multiple security vulnerabilities has been identified and fixed in ghostscript. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. http://packetstormsecurity.org/0906-exploits/empirecms-sql.txt Empire CMS version 5.1 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/joomlak2-sql.txt The Joomla K2 component versions 1.0.1b and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/joomlaphp-sql.txt The Joomla PHP component suffers from a blind SQL injection vulnerability. http://packetstormsecurity.org/0906-exploits/messageslibrary-sql.txt Messages Library version 2.0 suffers from a remote SQL injection vulnerability in cat.php.