http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0805-advisories/SSRT071403.txt HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only. http://packetstormsecurity.org/0805-exploits/ibdmicro-sql.txt IBD Micro CMS version 3.5 suffers from a SQL injection vulnerability that allows for login bypass. http://packetstormsecurity.org/0805-advisories/dsa-1574-1.txt Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. georgi , tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. http://packetstormsecurity.org/0805-exploits/rdesktoppdu-overflow.txt rdesktop version 1.5.0 BSS overflow vulnerability proof of concept exploit that makes use of process_redirect_pdu(). http://packetstormsecurity.org/0805-exploits/bigace-rfi.txt BIGACE version 2.4 suffers from multiple remote file inclusion vulnerabilities. http://packetstormsecurity.org/cisco/nipper-0.11.7.tgz nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. http://packetstormsecurity.org/cisco/nipper-0.11.7.zip nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version. http://packetstormsecurity.org/0805-exploits/zeuscart-sql.txt ZeusCart versions 2.0 and below suffers from a remote SQL injection vulnerability in category_list.php. http://packetstormsecurity.org/0805-exploits/ajdating-sql.txt AJ Dating version 1.0 suffers from a remote SQL injection vulnerability in view_profile.php. http://packetstormsecurity.org/0805-exploits/ajclassifieds-sql.txt AJ Classifieds 2008 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0805-exploits/ajauction-sql.txt AJ Auctions versions 6.2.1 and below suffer from a remote SQL injection vulnerability in classifide_ad.php. http://packetstormsecurity.org/0805-exploits/ajarticle-sql.txt AJ Article version 1.0 suffers from a remote SQL injection vulnerability in featured_article.php. http://packetstormsecurity.org/0805-exploits/otherlogic-sql.txt OtherLogic suffers from a SQL injection vulnerability in vocourse.php. http://packetstormsecurity.org/0805-advisories/glsa-200805-10.txt Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected. http://packetstormsecurity.org/0805-advisories/dsa-1573-1.txt Debian Security Advisory 1573-1 - Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. http://packetstormsecurity.org/0805-advisories/dsa-1572-1.txt Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars. http://packetstormsecurity.org/0805-advisories/glsa-200805-09.txt Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-100.txt Mandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. http://packetstormsecurity.org/0805-exploits/clanlite-sqlxss.txt ClanLite version 2.x suffers from SQL injection and cross site scripting vulnerabilities. http://packetstormsecurity.org/0805-exploits/joomlaxsstream-sql.txt Remote SQL injection exploit for the xsstream-dm module version 0.01b for Joomla. http://packetstormsecurity.org/0805-exploits/joomladatso-blindsql.txt Remote blind SQL injection exploit for the com_datsogallery module version 1.6 for Joomla. http://packetstormsecurity.org/0805-exploits/ktools-sql.txt Ktools PhotoStore versions 3.5.2 and below suffer from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/0805-exploits/phpblock85-rfi.txt PHP Block version a8.5 suffers from multiple remote file inclusion vulnerabilities. http://packetstormsecurity.org/0805-exploits/alm-sql.txt Advanced Links Management version 1.52 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0805-exploits/hispah-sql.txt HispaH Model Search suffers from a remote SQL injection vulnerability in cat.php. http://packetstormsecurity.org/0805-exploits/sazcart-sql.txt SazCart versions 1.5.1 and below remote SQL injection exploit. http://packetstormsecurity.org/0805-exploits/admidio-disclose.txt Admidio version 1.4.8 suffers from a remote file disclosure vulnerability. http://packetstormsecurity.org/0805-exploits/wpgallery-sql.txt The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0805-advisories/glsa-200805-08.txt Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-07.txt Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-06.txt Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected. http://packetstormsecurity.org/0805-exploits/oracleasp-bypass.txt The Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided. http://packetstormsecurity.org/web/browserrecon-1.0-php.tar.gz browserrecon is a framework that performs client-side HTTP fingerprinting. Be sure to hit their site to download the latest fingerprints database. http://packetstormsecurity.org/0805-exploits/cyberfolio-rfi.txt Cyberfolio version 7.2 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0805-exploits/sazcart151-rfi.txt SazCart version 1.5.1 suffers from multiple remote file inclusion vulnerabilities. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-099.txt Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick. http://packetstormsecurity.org/0805-exploits/cpanel-xssxsrf.txt cPanel versions below 11.18.4 and 11.22.3 suffer from cross site scripting and cross site request forgery vulnerabilities. http://packetstormsecurity.org/0805-exploits/apache-utf7xss.txt Apache versions 2.2.x and 1.3.x suffer from a cross site scripting vulnerability leveraging UTF-7 encoding on 403 forbidden pages. http://packetstormsecurity.org/0805-exploits/minibloggie-delete.txt miniBloggie version 1.0 suffers from an arbitrary post deletion vulnerability in del.php. http://packetstormsecurity.org/0805-exploits/vshare-sql.txt vShare Youtube Clone version 2.6 suffers from a remote SQL injection vulnerability in group_posts.php. http://packetstormsecurity.org/0805-exploits/shadertv-sql.txt Shader TV Beta suffers from multiple SQL injection vulnerabilities allowing for login bypass and more. http://packetstormsecurity.org/0805-exploits/runcms161-sql.txt RunCMS versions 1.6.1 and below remote SQL injection exploit. http://packetstormsecurity.org/0805-advisories/USN-611-3.txt Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://packetstormsecurity.org/0805-advisories/USN-611-2.txt Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://packetstormsecurity.org/0805-advisories/USN-611-1.txt Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://packetstormsecurity.org/0805-exploits/musicbox-sql.txt Musicbox versions 2.3.7 and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/0805-exploits/cmsfaethon-rfixss.txt CMS Faethon version 2.2 Ultimate suffers from remote file inclusion and cross site scripting vulnerabilities. http://packetstormsecurity.org/0805-exploits/rdesktop-underflow.txt rdesktop version 1.5.0 integer underflow proof of concept exploit that takes advantage of iso_recv_msg(). http://packetstormsecurity.org/0805-exploits/tftpwin-bssoverflow.txt TFTP Server for Windows version 1.4 ST remote .bss overflow exploit that binds a shell to port 4444. http://packetstormsecurity.org/0805-exploits/zyxel-xss.txt The Zyxel ZYWall 100 suffers from a cross site scripting vulnerability via the Referer: header. http://packetstormsecurity.org/0805-exploits/sonicwall-xss.txt SonicWall E-mail Security version 6.1.1 suffers from a cross site scripting vulnerability via the Host: header. http://packetstormsecurity.org/0805-advisories/novell-stackoverflow.txt Novell Client versions 4.91 SP4 and below suffer from a local stack overflow vulnerability. http://packetstormsecurity.org/0805-exploits/SAP-07-010.txt The SAP Internet Transaction Server version 6.20 suffers from cross site scripting vulnerabilities. This is a really old vulnerability which just had its details released. http://packetstormsecurity.org/papers/call_for/Bellua2008-CFP.txt The call for papers and conference registration is now open for Bellua Cyber Security Asia 2008. This is the fourth annual Bellua conference and is being held in Jakarta, Indonesia November 18th through the 19th, 2008. http://packetstormsecurity.org/0805-exploits/ezcontents-sql.txt ezContents CMS version 2.0.0 suffers from SQL injection vulnerabilities. http://packetstormsecurity.org/0805-exploits/onecms25-sql.txt OneCMS version 2.5 remote blind SQL injection exploit that makes use of asd.php. http://packetstormsecurity.org/0805-exploits/galleristic-sql.txt Galleristic version 1.0 remote SQL injection exploit that makes use of index.php. http://packetstormsecurity.org/0805-advisories/05.07.08-3.txt iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. http://packetstormsecurity.org/0805-advisories/05.07.08-2.txt iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. http://packetstormsecurity.org/0805-advisories/05.07.08-1.txt iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. http://packetstormsecurity.org/0805-advisories/google-spam.txt It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam. http://packetstormsecurity.org/0805-advisories/glsa-200805-05.txt Gentoo Linux Security Advisory GLSA 200805-05 - Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Versions less than 1.0.0 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-04.txt Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-03.txt Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected. http://packetstormsecurity.org/0805-exploits/tuxcms-xss.txt Tux CMS version 0.1 suffers from cross site scripting vulnerabilities. http://packetstormsecurity.org/0805-exploits/postcardmentor-sql.txt PostcardMentor suffers from a remote SQL injection vulnerability in step1.asp. http://packetstormsecurity.org/0805-exploits/gamecms-sql.txt gameCMS Lite version 1.0 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0805-exploits/fipscms-sql.txt fips CMS suffers from a blind SQL injection vulnerability in print.asp. http://packetstormsecurity.org/web/dradis-v1.2.tar.gz dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts. http://packetstormsecurity.org/0805-exploits/frs-lfi.txt The PHP-Fusion module Forum Rank System version 6 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/0805-advisories/USN-610-1.txt Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information. http://packetstormsecurity.org/0805-advisories/USN-609-1.txt Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. http://packetstormsecurity.org/0805-advisories/adobe-print-v2.txt A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below. This is an updated advisory. http://packetstormsecurity.org/0805-advisories/aap-bypass.txt Two critical vulnerabilities exist in the javascript API of Adobe Acrobat Professional 7. A remote attacker who successfully exploits these vulnerabilities can execute restricted functions and arbitrary codes on the affected system. Adobe Acrobat Professional version 7.0.9 is affected. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-098.txt Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-097.txt Mandriva Linux Security Advisory - A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code. By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-096.txt Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. http://packetstormsecurity.org/0805-exploits/mvnforum-jsxss.txt mvnForum version 1.1 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/0805-exploits/sphider134-xss.txt The Sphider search engine version 1.3.4 suffers from a cross site scripting vulnerability in search.php. http://packetstormsecurity.org/0805-advisories/USN-605-1.txt Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges. http://packetstormsecurity.org/0805-advisories/USN-608-1.txt Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. http://packetstormsecurity.org/0805-advisories/USN-607-1.txt Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. http://packetstormsecurity.org/0805-advisories/AD20080506EN.txt The Yahoo! Assistant (3721) ActiveX control is susceptible to a remote code execution vulnerability. Versions 3.6 and below are affected. http://packetstormsecurity.org/0805-advisories/SE-2008-03.txt PHP versions 5.2.5 and below and 4.4.8 and below suffer from a multibyte shell command escaping bypass vulnerability. http://packetstormsecurity.org/0805-advisories/SE-2008-02.txt PHP versions 5.2.5 and below and 4.4.8 and below suffer from a weak random number seed vulnerability in GENERATE_SEED(). http://packetstormsecurity.org/0805-advisories/bugzilla-multi.txt Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability. http://packetstormsecurity.org/0805-exploits/phpeasydata-sql.txt PHPEasyData version 1.5.4 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0805-exploits/preshopping-sql.txt Pre Shopping Mall version 1.1 suffers from a SQL injection vulnerability in search.php. http://packetstormsecurity.org/0805-advisories/dsa-1570-1.txt Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. http://packetstormsecurity.org/0805-advisories/SSRT080056.txt HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges. http://packetstormsecurity.org/0805-advisories/SSRT080034.txt HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Netscape Directory Server (NDS). The vulnerability could be used locally to gain extended privileges. http://packetstormsecurity.org/0805-advisories/dsa-1554-2.txt Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser. http://packetstormsecurity.org/0805-advisories/dsa-1569-2.txt Debian Security Advisory 1569-2 - The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. http://packetstormsecurity.org/0805-advisories/glsa-200805-02.txt Gentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-01.txt Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected. http://packetstormsecurity.org/0805-advisories/CORE-2008-0129.txt Core Security Technologies Advisory - A vulnerability was found in Wonderware SuiteLink Service ('slssvc.exe') that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario. http://packetstormsecurity.org/0805-exploits/novelledir-dos.txt Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. Details are provided. http://packetstormsecurity.org/0805-advisories/novelledir-soap.txt Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface. http://packetstormsecurity.org/UNIX/IDS/samhain-2.4.4.tar.gz Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris. http://packetstormsecurity.org/0805-exploits/deluxebb12-multi.txt DeluxeBB versions 1.2 and below exploit that demonstrates blind SQL injection, PHP injection, and more.