.:[ packet storm ]:.
                           
honesty is the best policy
honesty is the best policy

 Section:  .. / Last 100 Files /

 ///  File Name:FreeBSD-SA-09-01.lukemftpd.txt
Description:
FreeBSD Security Advisory - lukemftpd suffers from a cross site request forgery vulnerability.
Homepage:http://security.freebsd.org/
File Size:6834
Related CVE(s):CVE-2008-4247
Last Modified:Jan 7 18:29:30 2009
MD5 Checksum:789204aa23caec29ac8ae20f577becc4

 ///  File Name:FreeBSD-SA-09-02.openssl.txt
Description:
FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys.
Homepage:http://security.freebsd.org/
File Size:9519
Related CVE(s):CVE-2008-5077
Last Modified:Jan 7 17:43:21 2009
MD5 Checksum:2328586310ef4612f8f258d3c8e4f921

 ///  File Name:USN-704-1.txt
Description:
Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
Homepage:http://security.ubuntu.com/
File Size:19482
Related CVE(s):CVE-2008-5077
Last Modified:Jan 7 17:42:50 2009
MD5 Checksum:077790a3f249b28578aa11ebed3c7d63

 ///  File Name:CA20090107-01.txt
Description:
CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.
Author:Ken Williams
Homepage:http://www3.ca.com/
File Size:4398
Related CVE(s):CVE-2009-0043
Last Modified:Jan 7 17:39:25 2009
MD5 Checksum:29eac4fb82df696ee49b0366799f009d

 ///  File Name:dsa-1696-1.txt
Description:
Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
Homepage:http://www.debian.org/security
File Size:21741
Related CVE(s):CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512
Last Modified:Jan 7 17:37:26 2009
MD5 Checksum:210d8ff45d55800a263974339b0aa0df

 ///  File Name:quotebook-disclose.txt
Description:
QuoteBook suffers from a remote configuration file disclosure vulnerability.
Author:Moudi
File Size:1632
Last Modified:Jan 7 17:36:13 2009
MD5 Checksum:334416236b2d1646866c721e1217db07

 ///  File Name:cts2009-cfp.txt
Description:
Call For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel.
Homepage:http://cisedu.us/cis/cts/09/main/callForPapers.jsp
File Size:8604
Last Modified:Jan 7 15:26:35 2009
MD5 Checksum:0c4e7f9a7eb7cef5b9bdcebe31b1a2f1

 ///  File Name:cisco-sa-20090107-gss.txt
Description:
Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.
Homepage:http://www.cisco.com/
File Size:13432
Related CVE(s):CVE-2008-3819
Last Modified:Jan 7 15:24:21 2009
MD5 Checksum:111832b44a96a01d091ace59ff081afd

 ///  File Name:secadv_20090107.txt
Description:
Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation.
Homepage:http://www.openssl.org/
Related File:oCERT-2008-016.txt
File Size:7906
Related CVE(s):CVE-2008-5077
Last Modified:Jan 7 15:21:31 2009
MD5 Checksum:5ff1f702db3b6ad0f391aaa8dc65fdbb

 ///  File Name:oCERT-2008-016.txt
Description:
Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.
Author:Will Drewry
Homepage:http://www.ocert.org/
File Size:3545
Related CVE(s):CVE-2008-5077, CVE-2008-0021, CVE-2008-0025
Last Modified:Jan 7 15:17:20 2009
MD5 Checksum:be0e81721da50c8f104a4d26e99d8d02

 ///  File Name:SN-2008-04.txt
Description:
Plunet BusinessManager suffers from stored cross site scripting and information disclosure vulnerabilities.
Author:Gabriele Zanoni,Matteo Ignaccolo
Homepage:http://www.securenetwork.it/advisories/
File Size:5511
Last Modified:Jan 7 15:12:27 2009
MD5 Checksum:ccbebda957603d405fbd09f83635e54b

 ///  File Name:msienull-dos.txt
Description:
A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta.
Author:SkyLined
File Size:330
Last Modified:Jan 7 15:10:42 2009
MD5 Checksum:f739f49d13fa6d3d74c4fc6650a3ff73

 ///  File Name:winamp-overflow.txt
Description:
WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file.
Author:SkD
File Size:1755
Last Modified:Jan 7 15:07:57 2009
MD5 Checksum:5824fe2861b742b0866cae3c6aee3970

 ///  File Name:secunia-sapgui.txt
Description:
Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:4916
Related CVE(s):CVE-2008-4827
Last Modified:Jan 7 15:02:45 2009
MD5 Checksum:f6d854e9387019c1663440299fd11826

 ///  File Name:secunia-tsc2.txt
Description:
Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:4185
Related CVE(s):CVE-2008-4827
Last Modified:Jan 7 15:01:12 2009
MD5 Checksum:8e5f09145f01b0c4f776688b090702fa

 ///  File Name:secunia-componentone.txt
Description:
Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:5118
Related CVE(s):CVE-2008-4827
Last Modified:Jan 7 14:59:14 2009
MD5 Checksum:8ad3f227012766eb7fe25b07b3b6a9ec

 ///  File Name:phpfusionecart-sql.txt
Description:
The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability.
Author:IRCRASH
Homepage:http://ircrash.com/
File Size:2149
Last Modified:Jan 7 14:57:15 2009
MD5 Checksum:10b75350d8ccf4d47ec487d656641dff

 ///  File Name:audacity162-crash.txt
Description:
Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file.
Author:Stack
Homepage:http://v4-team.com/
File Size:2284
Last Modified:Jan 7 14:54:39 2009
MD5 Checksum:e4e644f47dbb544d96d84f420806f0c2

 ///  File Name:perceptionliteserve-overflow.txt
Description:
Perception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit.
Author:H-T Team
Homepage:http://no-hack.fr/
File Size:995
Last Modified:Jan 7 14:39:51 2009
MD5 Checksum:e7c676fe749e9e01fdca731255cba651

 ///  File Name:phpfusionmembers-sql.txt
Description:
The PHP-Fusion module Members Bewerb suffers from a remote SQL injection vulnerability.
Author:IRCRASH
Homepage:http://ircrash.com/
File Size:2140
Last Modified:Jan 7 14:38:10 2009
MD5 Checksum:dd24bca015dab33e17bdf41a15c4de28

 ///  File Name:secunia-hpopenview.txt
Description:
Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected.
Author:JJ Reyes
Homepage:http://secunia.com/
File Size:6405
Related CVE(s):CVE-2008-0067
Last Modified:Jan 7 14:23:56 2009
MD5 Checksum:9c680d6e547825ea20cdc34d517ebe8b

 ///  File Name:vuplayer249-overflow.txt
Description:
VUPlayer versions 2.49 .PLS file universal buffer overflow exploit that spawns calc.exe.
Author:SkD
File Size:3137
Last Modified:Jan 7 14:20:29 2009
MD5 Checksum:5d1718187c57260695e6c64f36af49f1

 ///  File Name:joomla-traversal.txt
Description:
Joomla versions 1.5.8 and below local directory traversal exploit.
Author:irk4z
File Size:1977
Last Modified:Jan 7 03:54:53 2009
MD5 Checksum:e16d90f9e4705bee3f949a6d68642dd5

 ///  File Name:cainabel4925-overflow.txt
Description:
Cain and Abel version 4.9.25 that outputs a file that must be imported as a configuration file under Cracker -> Cisco IOS-MD5 Hashes. Spawns calc.exe.
Author:send9
File Size:2286
Last Modified:Jan 7 03:49:37 2009
MD5 Checksum:383b9f74c5e7aa6b75be200bbc5f5232

 ///  File Name:pollhelper-disclose.txt
Description:
PollHelper suffers from a remote configuration file disclosure vulnerability.
Author:ahmadbady
File Size:722
Last Modified:Jan 7 03:48:04 2009
MD5 Checksum:f798eda099d92c6ac35b3265525b87a6

 ///  File Name:bloghelper-disclose.txt
Description:
BlogHelper suffers from a remote configuration file disclosure vulnerability.
Author:ahmadbady
File Size:736
Last Modified:Jan 7 03:45:46 2009
MD5 Checksum:763c6088d5e5177d9ff9318009738828

 ///  File Name:dsa-1694-2.txt
Description:
Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences.
Homepage:http://www.debian.org/security
File Size:4950
Related CVE(s):CVE-2008-2383
Last Modified:Jan 6 20:59:43 2009
MD5 Checksum:63fc5c0e5f6a119a647f787b6a6b68e9

 ///  File Name:debianxterm-weakness.txt
Description:
Debian GNU/Linux suffers from a XTERM DECRQSS weakness that allows for remote code execution as the user id viewing the content.
Author:Rembrandt
File Size:710
Last Modified:Jan 6 20:45:29 2009
MD5 Checksum:18b82dbdc3db815481360e1c0dc9cc30

 ///  File Name:USN-701-2.txt
Description:
Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine.
Homepage:http://security.ubuntu.com/
File Size:6686
Related CVE(s):CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512
Last Modified:Jan 6 20:54:59 2009
MD5 Checksum:8ee27bf646d62f2d7d36ea846501908d

 ///  File Name:USN-701-1.txt
Description:
Ubuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine.
Homepage:http://security.ubuntu.com/
File Size:14473
Related CVE(s):CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512
Last Modified:Jan 6 20:51:28 2009
MD5 Checksum:b633c149416e4d009e56252ffe61c45f

 ///  File Name:ip-array_0.05.74c.tar.gz
Description:
IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
Author:AllKind
Homepage:http://sourceforge.net/projects/ip-array/
Changes:Three important bug fixes and one minor bug fix.
File Size:92933
Last Modified:Jan 6 20:47:26 2009
MD5 Checksum:ee4fc91d7d50983fa0a1a6c5a3d6e1bb

 ///  File Name:mandos_1.0.3.orig.tar.gz
Description:
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
Author:Teddy
Homepage:http://www.fukt.bsnet.se/mandos
Changes:Now tries to change to user and group "_mandos" before falling back to trying the old values "mandos", "nobody:nogroup", and "65534". Does not abort on startup even if no clients are defined in clients.conf. Other improvements and changes.
File Size:93549
Last Modified:Jan 6 20:42:36 2009
MD5 Checksum:4f0d7b541e6908ca87944a612866cdec

 ///  File Name:playsms093-rfilfi.txt
Description:
playSMS version 0.9.3 suffers from multiple remote and local file inclusion vulnerabilities.
Author:ahmadbady
File Size:1691
Last Modified:Jan 6 20:39:46 2009
MD5 Checksum:d4f70a8f8b1f3d127d45ee803c4a2f08

 ///  File Name:oraclecompress-sql.txt
Description:
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL injection exploit that grants DBA access and creates a new user.
Author:Sh2kerr
Homepage:http://www.dsec.ru/
Related File:shatter-workspace.txt
File Size:4100
Last Modified:Jan 6 20:18:03 2009
MD5 Checksum:d7ca754a730ae0e2096873b3c3a9b961

 ///  File Name:oraclemergework-sql.txt
Description:
Oracle 10g SYS.LT.MERGEWORKSPACE SQL injection exploit that grants DBA access and creates a new user.
Author:Sh2kerr
Homepage:http://www.dsec.ru/
Related File:shatter-workspace.txt
File Size:2536
Last Modified:Jan 6 20:16:36 2009
MD5 Checksum:319993ba756c551ba5ca1e2028880630

 ///  File Name:oracleworkspace-sql.txt
Description:
Oracle 10g SYS.LT.REMOVEWORKSPACE SQL injection exploit that grants DBA access and creates a new user using the advanced extproc method.
Author:Sh2kerr
Homepage:http://www.dsec.ru/
Related File:shatter-workspace.txt
File Size:2741
Last Modified:Jan 6 20:10:25 2009
MD5 Checksum:c44444b2a06cfdea1e6d397b435521df

 ///  File Name:seamonkey1114-dos.txt
Description:
SeaMonkey versions 1.1.14 and below denial of service exploit that leverages a vulnerability found in September of 2008 for version 1.1.11.
Author:StAkeR
Related Exploit:seamonkey-dos.txt
File Size:986
Last Modified:Jan 6 20:03:50 2009
MD5 Checksum:f10574d061f23f00fb0f136468fd549c

 ///  File Name:itcms-sql.txt
Description:
IT!CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Author:certaindeath
File Size:824
Last Modified:Jan 6 20:01:57 2009
MD5 Checksum:b17e9705f8f9d405a7ad46aafc311456

 ///  File Name:ezpack-sqlxss.txt
Description:
ezPack version 4.2b2 suffers from cross site scripting and SQL injection vulnerabilities.
Author:!-BUGJACK-!
Homepage:http://www.it-dark.com/
File Size:1265
Last Modified:Jan 6 20:00:34 2009
MD5 Checksum:c48b8add89a1d951beb8d6f8e31074d4

 ///  File Name:goople-sql.txt
Description:
Goople versions 1.8.2 and below blind SQL injection exploit that makes use of frontpage.php.
Author:darkjoker
Homepage:http://darkjokerside.altervista.org/
File Size:2019
Last Modified:Jan 6 19:59:18 2009
MD5 Checksum:9014c0811d591ba2e332e1ee4e208f53

 ///  File Name:vuplayer-dos.txt
Description:
VUPlayer version 2.49 local denial of service proof of concept exploit that creates a malicious file.
Author:AlpHaNiX
File Size:734
Last Modified:Jan 6 19:56:52 2009
MD5 Checksum:e5b35ddc35541c682132bd87cadf7055

 ///  File Name:coolplayer_bof.txt
Description:
CoolPlayer Build 219 PlaylistSkin buffer overflow exploit that binds a shell to tcp port 4444.
Author:Jeremy Brown
Homepage:http://jbrownsec.blogspot.com/
File Size:4702
Last Modified:Jan 6 19:54:21 2009
MD5 Checksum:05fddae4d28c5d0faa6f35d57712960f

 ///  File Name:rosoft421-overflow.txt
Description:
Rosoft Media Player version 4.2.1 local buffer overflow exploit that spawns calc.exe.
Author:Encrypt3d.M!nd
Related Exploit:rosoft-overflow.txt
File Size:1589
Last Modified:Jan 6 19:51:50 2009
MD5 Checksum:a3adb2a184d1c44a31025a39efc92957

 ///  File Name:riotpix-bypass.txt
Description:
RiotPix versions 0.61 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
Author:ZoRLu
File Size:840
Last Modified:Jan 6 19:50:34 2009
MD5 Checksum:feed4166fb24c9c7b766c16637584d10

 ///  File Name:riotpix-sql.txt
Description:
RiotPix versions 0.61 and below blind remote SQL injection exploit.
Author:cOndemned
Homepage:http://condemned.r00t.la/
File Size:1548
Last Modified:Jan 6 19:49:10 2009
MD5 Checksum:ff407c3eb919afd2d222f7c3e42e9043

 ///  File Name:phpauctionsystem-rfi.txt
Description:
PHP Auction System suffers from multiple remote file inclusion vulnerabilities.
Author:darkmasking
Homepage:http://www.idsafeshield.com/
File Size:6617
Last Modified:Jan 6 19:46:52 2009
MD5 Checksum:fabe1f02a6e93405c5909c7cda6cb7ed

 ///  File Name:USN-703-1.txt
Description:
Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges.
Homepage:http://security.ubuntu.com/
File Size:6861
Related CVE(s):CVE-2006-7236, CVE-2008-2383
Last Modified:Jan 5 21:02:54 2009
MD5 Checksum:9352865d1436dc3218db4a78e9ce1d04

 ///  File Name:USN-702-1.txt
Description:
Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.
Homepage:http://security.ubuntu.com/
File Size:10900
Related CVE(s):CVE-2009-0022
Last Modified:Jan 5 21:00:41 2009
MD5 Checksum:16c06750eef20e3808874ed0c796b230

 ///  File Name:phpauctionsystem-insecure.txt
Description:
PHP Auction System suffers from an insecure cookie handling vulnerability.
Author:ZoRLu
File Size:1265
Last Modified:Jan 5 20:59:51 2009
MD5 Checksum:40f2f0c3660aee65abfa178d0a395854

 ///  File Name:phpauctionsystem-sqlxss.txt
Description:
PHP Auction System suffers from cross site scripting and remote SQL injection vulnerabilities.
Author:X0r
File Size:1924
Last Modified:Jan 5 20:58:16 2009
MD5 Checksum:dff3935d238a050c0de9d81375c92e77

 ///  File Name:joomlaphoca-sql.txt
Description:
Joomla Phoca Documentation remote SQL injection exploit that makes use of index.php.
Author:EcHoLL
Homepage:http://www.warezturk.org/
File Size:1560
Last Modified:Jan 5 20:55:31 2009
MD5 Checksum:a42915d816e3b2ea44e5e52cf5d103fc

 ///  File Name:lfi-rfi2.txt
Description:
Local / Remote file inclusion scanner that attempts to make use of a c99 shell on a vulnerable host.
Author:baltazar
Homepage:http://www.darkc0de.com/
File Size:6218
Last Modified:Jan 5 20:52:19 2009
MD5 Checksum:a1530ae1679861ae4a4d3387842eac0e

 ///  File Name:theratcms-sql.txt
Description:
The Rat CMS Alpha 2 remote blind SQL injection exploit that leverages viewarticle.php.
Author:darkjoker
Homepage:http://darkjokerside.altervista.org/
Related Exploit:theratcms-sqlxss.txt
File Size:1533
Last Modified:Jan 5 20:43:42 2009
MD5 Checksum:8b4f50f57fc9bd70a0764d5fed2e673c

 ///  File Name:walusoft-traversal.txt
Description:
Walusoft TFTPServer2000 version 3.6.1 suffers from a directory traversal vulnerability.
Author:princeofnigeria
File Size:2845
Last Modified:Jan 5 20:46:20 2009
MD5 Checksum:64146b5fc1a21ec677636cddac2a0ac7

 ///  File Name:dmp161lst4-overflow.txt
Description:
Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe.
Author:Stack
Homepage:http://v4-team.com/
File Size:1537
Last Modified:Jan 5 20:42:34 2009
MD5 Checksum:950e82dd52b76be3b441537b1c8946d6

 ///  File Name:seacureit-cfp2009.txt
Description:
SEaCURE.IT is the first international technical conference ever held in Italy on security related topics, aimed at bringing together the leading experts from all over the world, to create a unique setting for networking and discussion among the speakers and the attendees. The 2009 edition will be held from May 19th to the 22nd in Villasimius, Sardinia.
Homepage:http://www.seacure.it/
File Size:5347
Last Modified:Jan 5 20:30:16 2009
MD5 Checksum:28e55afb975a46ebd64652a868002743

 ///  File Name:plxautoreminder-sql.txt
Description:
plxAutoReminder version 3.7 suffers from a remote SQL injection vulnerability.
Author:ZoRLu
File Size:1188
Last Modified:Jan 5 20:28:23 2009
MD5 Checksum:0da4a3c15c3933f0b1db0d73d765c906

 ///  File Name:safari-heap.txt
Description:
Safari array integer overflow proof of concept exploit.
Author:SkyLined
File Size:26629
Last Modified:Jan 5 20:27:13 2009
MD5 Checksum:dd9f8f395b56e7be0ccfd2abb77be20d

 ///  File Name:dmp161lst3-overflow.txt
Description:
Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe.
Author:H-T Team
Homepage:http://no-hack.fr/
File Size:1557
Last Modified:Jan 5 20:26:06 2009
MD5 Checksum:895b67587da6e19c6b19ca60e24184aa

 ///  File Name:tor.uclibc.i686.20090105.iso
Description:
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
Author:Anthony G. Basile
Homepage:http://opensource.dyc.edu/tor-ramdisk
Changes:Tor updated to 0.2.0.32. Kernel updated to Linux-2.6.25.17 plus Gentoo\'s hardened-patches-2.6.25-12.extras.
File Size:4145152
Last Modified:Jan 5 20:23:11 2009
MD5 Checksum:62155716de0033efdbbbfcd30e7a289e

 ///  File Name:solucion-sql.txt
Description:
SolucionWeb suffers from a remote SQL injection vulnerability in main.php.
Author:Ehsan_Hp200
File Size:1406
Last Modified:Jan 5 20:08:35 2009
MD5 Checksum:76a412aa82f1d4dfa57dac80a5a5d664

 ///  File Name:joomlanewsdesc-sql.txt
Description:
Joomla NA News Description component remote SQL injection exploit.
Author:EcHoLL
Homepage:http://www.warezturk.org/
File Size:1679
Last Modified:Jan 5 20:07:15 2009
MD5 Checksum:dbc07a77c38c8ac03698a09fc8e6ffc4

 ///  File Name:pollpro-xsrf.txt
Description:
PollPro version 3.0 appears to suffer from a cross site request forgery vulnerability.
Author:The_0nur-n0x
File Size:1851
Last Modified:Jan 5 20:04:43 2009
MD5 Checksum:c2ab74358b5bd4e0c25d3f8c9080eed2

 ///  File Name:webspell-edit.txt
Description:
webSPELL versions 4.01.02 and below suffer from a remote edit topics vulnerability.
Author:StAkeR
File Size:953
Last Modified:Jan 5 20:03:51 2009
MD5 Checksum:aea9f27babb831af8e900adb5c17f3f4

 ///  File Name:pnphpbb212i-lfi.txt
Description:
PNphpBB2 versions 1.2i and below suffer from multiple local file inclusion vulnerabilities.
Author:StAkeR
File Size:1157
Last Modified:Jan 5 20:00:00 2009
MD5 Checksum:0021ce7144c2aef7db09e77c28f743ea

 ///  File Name:msfxdc-contest.txt
Description:
MSFXDC (MetaSploit Framework eXploits Development Contest) is a challenge where the main goal is to code the largest number of new Metasploit Framework exploits modules. MSFXDC is organized by JA-PSI.
Homepage:http://www.ja-psi.com/
File Size:1776
Last Modified:Jan 5 19:55:31 2009
MD5 Checksum:32fe7daf5d86671fd2920b2e4eec0af3

 ///  File Name:wsnguest123-sql.txt
Description:
WSN Guest version 1.23 suffers from a remote SQL injection vulnerability in search.php.
Author:DaiMon
Homepage:http://www.cwdaimon.com/
File Size:1327
Last Modified:Jan 5 19:52:57 2009
MD5 Checksum:618ac54e798ece3629eafa095ec9a018

 ///  File Name:phpmesfilms-sql.txt
Description:
PhpMesFilms version 1.0 suffers from a remote SQL injection vulnerability in index.php.
Author:SuB-ZeRo
Homepage:http://www.dz-security.com/
File Size:1176
Last Modified:Jan 5 19:51:46 2009
MD5 Checksum:9f2ba3d7b84754a10983c7c779233e38

 ///  File Name:vuplayer-overflow.txt
Description:
VUPlayer version 2.49 .wax file local buffer overflow exploit that spawns calc.exe.
Author:H-T Team
Homepage:http://no-hack.fr/
File Size:1752
Last Modified:Jan 5 19:49:41 2009
MD5 Checksum:e3276064b96817aef53fca9c4948490b

 ///  File Name:dmp161lst2-overflow.txt
Description:
Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe.
Author:suN8Hclf
Homepage:http://www.dark-coders.pl/
File Size:1571
Last Modified:Jan 5 19:48:13 2009
MD5 Checksum:d658c66d0826a718399e917d4d3c9603

 ///  File Name:dmp161lst1-overflow.txt
Description:
Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit that spawns calc.exe.
Author:sCORPINo
Homepage:http://www.snoop-security.com/
File Size:2152
Last Modified:Jan 5 11:05:33 2009
MD5 Checksum:eb86011c4aa4e7d92c538d034a1faf12

 ///  File Name:ayemsisemlak-disclose.txt
Description:
Ayemsis Emlak Pro suffers from a remote database disclosure vulnerability.
Author:ByALBAYX
Homepage:http://www.c4team.org/
File Size:1614
Last Modified:Jan 5 10:59:39 2009
MD5 Checksum:f4e9f6c995ace6cd5ed8c280596ad870

 ///  File Name:ayemsisemlak-sql.txt
Description:
Ayemsis Emlak Pro suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Author:ByALBAYX
Homepage:http://www.c4team.org/
File Size:378
Last Modified:Jan 5 10:57:41 2009
MD5 Checksum:57085fb9abf4f9c03e9e985ac9bfe337

 ///  File Name:cybershadecms-rfi.txt
Description:
Cybershade CMS version 0.2b remote file inclusion exploit that uses index.php.
Author:JosS
Homepage:http://www.spanish-hackers.com/
File Size:2421
Last Modified:Jan 5 10:56:33 2009
MD5 Checksum:0d89b7c56448d695c0868124e9bdd777

 ///  File Name:joomlasimplereview-sql.txt
Description:
The Joomla Simple Review component version 1.x suffers from a remote SQL injection vulnerability.
Author:EcHoLL
Homepage:http://www.warezturk.org/
File Size:880
Last Modified:Jan 5 10:55:12 2009
MD5 Checksum:edf3ffde2162a729d7b842f7147eb467

 ///  File Name:RFIDIOt-0.1v.tgz
Description:
RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version.
Author:Adam Laurie
Homepage:http://rfidiot.org/
Changes:Fixed ATS position and length in RFIDIOT.py. Multiple additions and a couple of other tweaks.
File Size:392620
Last Modified:Jan 5 10:52:50 2009
MD5 Checksum:066edfb1a202fe2abd20e9c53e7f9c25

 ///  File Name:valsmith_colin_blog_spam.pdf
Description:
Whitepaper called Inside the Malicious World of Blog Comment Spam.
Author:Colin Ames,Val Smith
Homepage:http://www.offensivecomputing.net/
File Size:670987
Last Modified:Jan 4 15:55:14 2009
MD5 Checksum:fc161f5a3419d8c452af4f66a9287410

 ///  File Name:dquist_valsmith_further_down_the_vm_spiral.pdf
Description:
Presentation called Further Down the VM Spiral.
Author:Danny Quist,Val Smith
Homepage:http://www.offensivecomputing.net/
File Size:42917
Last Modified:Jan 4 15:55:22 2009
MD5 Checksum:35bb70e808912b43b632474926f4e244

 ///  File Name:valsmith_dquist_hacking_malware.pdf
Description:
Presentation called Hacking Malware - Offense is the new Defense.
Author:Danny Quist,Val Smith
File Size:4844265
Last Modified:Jan 4 15:55:09 2009
MD5 Checksum:67b6f26f02ad8b78621a356a312cb4e5

 ///  File Name:indianinstitute-sql.txt
Description:
The Indian Institute of Technology in Kharagpur suffers from a remote SQL injection vulnerability.
Author:Rohit Bansal
File Size:1375
Last Modified:Jan 4 15:48:21 2009
MD5 Checksum:1e40523527d08b2c7f671843e4b8f5d2

 ///  File Name:litolite-sqlxss.txt
Description:
Lito Lite CMS blind SQL injection and cross site scripting exploit.
Author:darkjoker
Homepage:http://darkjokerside.altervista.org/
File Size:2119
Last Modified:Jan 4 15:25:02 2009
MD5 Checksum:13d364bc60d0eb32a0aa45450c336f1d

 ///  File Name:destiny161lst-overflow.txt
Description:
Destiny Media Player version 1.61 .lst file local buffer overflow proof of concept exploit.
Author:Encrypt3d.M!nd
File Size:460
Last Modified:Jan 4 15:23:14 2009
MD5 Checksum:860a37459e6487b825536aba40de8534

 ///  File Name:webspell4-sql.txt
Description:
Webspell version 4 suffers from a SQL injection vulnerability that allows for authentication bypass.
Author:h0yt3r
File Size:2253
Last Modified:Jan 4 15:20:12 2009
MD5 Checksum:4b21224db9230cc002e5326a09c3a6dd

 ///  File Name:destiny161-overflow.txt
Description:
Destiny Media Player version 1.61 .m3u file local stack overflow exploit.
Author:His0k4
File Size:1680
Last Modified:Jan 4 15:18:56 2009
MD5 Checksum:94a408c32ef4ff231eed29acb2a8d390

 ///  File Name:dsa-1695-1.txt
Description:
Debian Security Advisory 1695-1 - The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).
Homepage:http://www.debian.org/security
File Size:36870
Related CVE(s):CVE-2008-3443
Last Modified:Jan 2 19:45:45 2009
MD5 Checksum:a8ee321a95a6272a724768a1fe3bed2e

 ///  File Name:dsa-1694-1.txt
Description:
Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).
Homepage:http://www.debian.org/security
File Size:5253
Related CVE(s):CVE-2008-2383
Last Modified:Jan 2 19:45:14 2009
MD5 Checksum:aa67e5228c1b8bb3bcc0a928a6a27de9

 ///  File Name:destiny-dos.txt
Description:
Destiny Media Player version 1.61.0 .m3u file local stack overflow proof of concept exploit.
Author:aBo MoHaMeD
Homepage:http://www.v4-team.net/
File Size:1895
Last Modified:Jan 2 19:42:14 2009
MD5 Checksum:1d7be42d4ea9160a98423ca35f4a47e5

 ///  File Name:phpskelsite-rfilfixss.txt
Description:
phpSkelSite version 1.4 suffers from remote file inclusion, local file inclusion, and cross site scripting vulnerabilities.
Author:ahmadbady
File Size:906
Last Modified:Jan 2 19:40:47 2009
MD5 Checksum:03c68859bd89afcea5fbed52f0ee9782

 ///  File Name:phpratemyphoto-upload.txt
Description:
Built2Go PHP Rate My Photo version 1.46.4 is susceptible to a remote file upload vulnerability.
Author:ZoRLu
File Size:1508
Last Modified:Jan 2 19:39:45 2009
MD5 Checksum:d5bd44ec4e4d65a071a7728f7a9e8d95

 ///  File Name:phplinkportal-upload.txt
Description:
Built2Go PHP Link Portal version 1.95.1 is susceptible to a remote file upload vulnerability.
Author:ZoRLu
File Size:1447
Last Modified:Jan 2 19:38:13 2009
MD5 Checksum:426a5cbbd51cdfdc8dcc53daced487c3

 ///  File Name:vmware251-dos.txt
Description:
VMware versions 2.5.1 and below remote denial of service exploit.
Author:laurent gaffi
File Size:2019
Last Modified:Jan 2 19:37:14 2009
MD5 Checksum:918090c873fe391fb0c2e18d414fdba6