http://packetstormsecurity.org/ 50 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/1002-advisories/HPSBUX02503-SSRT100019.txt HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS). http://packetstormsecurity.org/1002-advisories/MDVSA-2010-034.txt Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45. http://packetstormsecurity.org/papers/call_for/nightdahack2010-cfp.txt Night Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France. http://packetstormsecurity.org/1002-exploits/CORELAN-10-010.txt GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability. http://packetstormsecurity.org/1002-exploits/wsnguestdb-disclose.txt WSN Guest Database appears to suffer from a database disclosure vulnerability. http://packetstormsecurity.org/1002-exploits/bluedove-sql.txt Blue Dove suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/UNIX/mail/synspam_0.4.0-1.tar.gz Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default. http://packetstormsecurity.org/1002-exploits/as3flexdb-sqldisclose.txt AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities. http://packetstormsecurity.org/1002-advisories/HPSBMA02487-SSRT100024.txt HP Security Bulletin - A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access. http://packetstormsecurity.org/1002-exploits/jdownloader-exec.txt JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included. http://packetstormsecurity.org/1002-exploits/DSECRG-09-065.txt TVUPlayer version 2.4.9beta build 1797 suffers from an Active-X insecure method vulnerability. http://packetstormsecurity.org/1002-exploits/sapone_fc.tar.bz2 Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin. http://packetstormsecurity.org/sip/sipwitch-0.7.0.tar.gz GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. http://packetstormsecurity.org/1002-exploits/uigabp-sqlxss.txt Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/cve-2010-0453.c This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris. http://packetstormsecurity.org/1002-exploits/exponentcms-sql.txt Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005. http://packetstormsecurity.org/1002-exploits/mongoose28-disclose.txt Mongoose version 2.8 seems to suffer from yet another source disclosure vulnerability. http://packetstormsecurity.org/1002-exploits/belkatalog-sql.txt Belkatalog CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/zentracking-sql.txt Zen Tracking versions 2.2 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txt Baal Systems version 3.8 suffers from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/damailinglist-sqldisclose.txt DA Mailing List version 2 suffers from remote SQL injection and database disclosure vulnerabilities. http://packetstormsecurity.org/1002-exploits/videodb-xss.txt VideoDB version 3.0.3 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1002-exploits/safari404mc-dos.txt Safari version 4.0.4 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/seamonkey201-dos.txt SeaMonkey version 2.0.1 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/firefox356-dos.txt Firefox version 3.5.6 remote denial of service with possible memory corruption exploit. http://packetstormsecurity.org/1002-exploits/encapscms-rfi.txt EncapsCMS versions 0.3.6 and below suffer from a remote file inclusion vulnerability. http://packetstormsecurity.org/1002-exploits/rostermain-sql.txt Rostermain versions 1.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/killmonster-sql.txt Killmonster versions 2.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass. http://packetstormsecurity.org/1002-exploits/tinymce-sqlxss.txt TinyMCE suffers from cross site scripting and SQL injection vulnerabilities. http://packetstormsecurity.org/1002-exploits/joomlaproductbook-sql.txt The Joomla Productbook component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/jaxcms-lfi.txt JaxCMS version 1.0 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/1002-exploits/major_rls65.txt A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone. Proof of concept code included. http://packetstormsecurity.org/1002-exploits/ldfdf-sql.txt LDF suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/httpdx152-dos.txt httpdx version 1.5.2 suffers from a remote pre-authentication denial of service vulnerability. http://packetstormsecurity.org/1002-exploits/croogo-xsrf.txt Croogo version 1.2.1 suffers from a cross site request forgery vulnerability. http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt The Joomla Photoblog component suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/xlite-wav.py.txt X-Lite SIP version 3 memory corruption heap overflow exploit that creates a malicious .wav file. http://packetstormsecurity.org/1002-exploits/opera3.pl.txt Opera version 10.10 remote denial of service exploit. http://packetstormsecurity.org/1002-exploits/obb-sql.txt Open Bulletin Board suffers from a remote blind SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/joomlagirls-sql.txt The Joomla Girls component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/joomlacommodel-sql.txt The Joomla Model component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/web/dradis-v2.5.0.tar.gz dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts. http://packetstormsecurity.org/sniffers/netsniff-ng-0.5.4.1.tar.gz netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls. http://packetstormsecurity.org/1002-exploits/CORE-2010-0121.txt Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided. http://packetstormsecurity.org/1002-exploits/flexmysql-sql.txt Flex MySQL Connector suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1002-exploits/CORE-2010-0104.txt Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS. http://packetstormsecurity.org/1002-advisories/wippien-negotiation.txt Wippien suffers from a flawed key negotiation vulnerability. http://packetstormsecurity.org/1002-exploits/mysql_yassl_getname.rb.txt This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL. http://packetstormsecurity.org/1002-exploits/novelliprint_datetime.rb.txt This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing a specially crafted date/time string via certain parameters to ienipp.ocx an attacker can execute arbitrary code. NOTE: The operation variable must be set to a valid command in order to reach this vulnerability. http://packetstormsecurity.org/1002-exploits/novelliprint_target-frame.rb.txt This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing an overly long string via the target-frame parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The operation variable must be set to a valid command in order to reach this vulnerability.