Packet Storm's last 50 added files.
Last Updated: Wed Dec  3 21:51:00 EST 2008


[ USN-686-1.txt ] 75c145ec64f4430ab0be1e1967985fce Ubuntu Security Notice USN-686-1 - Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted.  
[ USN-685-1.txt ] 160150a1aec9ec4fbae385d4790925ed Ubuntu Security Notice USN-685-1 - Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. John Kortink discovered that the Net-SNMP Perl module did not correctly check the size of returned values. If a user or automated system were tricked into querying a malicious SNMP server, the application using the Perl module could be made to crash, leading to a denial of service. This did not affect Ubuntu 8.10. It was discovered that the SNMP service did not correctly handle large GETBULK requests. If an unauthenticated remote attacker sent a specially crafted request, the SNMP service could be made to crash, leading to a denial of service.  
[ clamav0941-overflow.txt ] 59918e80ac659a0e378d6b403e18912a Stack overflow proof of concept exploit for ClamAV versions below 0.94.2 that relates to JPG file handling.  
[ SSRT080141.txt ] afacac6c6871fe4d9d07e866a0958539 HP Security Bulletin - A potential security vulnerability has been identified in HP-UX. The vulnerability could be exploited locally to create a denial of service (DoS).  
[ cainabel-overflow.txt ] e43b6f151b55255022c69b51d53e3cec Cain and Abel version 4.9.23 RDP file buffer overflow exploit that adds an administrator user.  
[ SVRT-06-08.txt ] 6cabe3f47c31245ee257594b7872eca0 mvnForum versions 1.2 GA and below suffer from a cross site scripting vulnerability and multiple cross site request forgery vulnerabilities.  
[ radasm-hijack.txt ] a04887449d1781da46fdc4e3e3bcf59c RadAsm versions 2.2.1.4 and below WindowCallProcA pointer hijack exploit with calc.exe shellcode.  
[ joomlajmovies-sql.txt ] 7e5beb358a1b6d65f2f8bb4027efb9f0 Joomla Jmovies component version 1.1 remote SQL injection exploit.  
[ yappang-xss.txt ] 754681a11ad41177cdc7028cd3a16e26 yappa-ng suffers from a cross site scripting vulnerability.  
[ buzzywall-xss.txt ] aedefea7ba8abaa1001fa168c40640ca BuzzyWall suffers from a cross site scripting vulnerability.  
[ freekot-sql.txt ] 42a1a9482e05b861b8661c18b28e5890 FREEKOT suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ revsense-sqlxss.txt ] 397f01564b9170d347621c98c58e56e7 RevSense version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ sailplanner-sqlxsslfi.txt ] 5a3c34a58dbd41ea2548606aabc73eef SailPlanner suffers from cross site scripting, remote SQL injection, and local file inclusion vulnerabilities.  
[ securedownload-xsscm.txt ] 5438684e5be9427cb5d7574c897de4b3 Secure Download version Alpha 0.2.1 suffers from cross site scripting and cookie manipulation vulnerabilities.  
[ raemedia-sql.txt ] 7fbde75effdee616bbadd2f2d5b053a4 Rae Media Contact MS suffers from a SQL injection vulnerability that allows for authentication bypass.  
[ proclan-fixation.txt ] 5fe0e3950f6e545a7b6746edd8f8beca Pro Clan Manager CMS version 0.4.2 suffers from a session fixation vulnerability.  
[ checknew-sql.txt ] 35cd4306e6258d120a2723282399c07e Check New version 4.52 remote SQL injection exploit that makes use of findoffice.php.  
[ dsa-1679-1.txt ] 754fa172693331bf0ec70b06ef5713de Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714).  
[ dsa-1678-1.txt ] 30869675c4b089500534b927d04f58c0 Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.  
[ aspuserengine-disclose.txt ] beb86616d262ac0c344fb4f1266a5ec4 ASP User Engine .NET suffers from a remote database disclosure vulnerability.  
[ codefixer-disclose.txt ] fbb85965facf9767a059403bd6edd8a0 Codefixer MailingListPro suffers from a remote database disclosure vulnerability.  
[ VMSA-2008-0019.txt ] bf8b9cd53f0f974f1f3e6b17c7c1826b VMware Security Advisory - VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2.  
[ calendarmx-sql.txt ] e1afb383436b4b8ea200660c49ae5dfc Calendar MX Professional version 2.0.0 suffers from a blind SQL injection vulnerability in calendar_Eventupdate.asp.  
[ gallerymx-sql.txt ] 74654e3e4613481dc6c82a3f17ae38ad Gallery MX version 2.0.0 suffers from a blind SQL injection vulnerability in pics_pre.asp.  
[ USN-684-1.txt ] a5f773b5f80db981aa46e006a4efa56c Ubuntu Security Notice USN-684-1 - Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service.  
[ binsh-shellcode.txt ] 5b5c34ec04999bdaed22fee8ccfd02ab 39 bytes of Solaris/x86 shellcode that performs setuid(0), execve(/bin/sh); exit(0). NULL free.  
[ catshadow-shellcode.txt ] 43ac829213d2724175265c403f658d2e 59 bytes of Solaris/x86 shellcode that performs setuid(0), execve(/bin/cat, /etc/shadow), exit(0).  
[ fsharp-reverse.pdf ] 646434fe251aefffc57d98fa5e28037a Whitepaper entitled Reverse Engineering Microsoft F#.  
[ dsa-1677-1.txt ] 628566c9879081d980d24250a10d5438 Debian Security Advisory DSA 1677-1 - An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code.  
[ z1exchange-sqlxss.txt ] 5b390745afcfa0684522b79dcc8767c7 z1exchange suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ cmsmaxsite-exec.txt ] 857d5bb777915d414f761d3dc233247a CMS MAXSITE Guestbook component remote command execution exploit.  
[ ocean12ml-sqlxssdisclose.txt ] d9c88cc756b97b1101d9d10bdb9f2419 Ocean12 Mailing List Manager Gold suffers from a direct database download, remote SQL injection, and cross site scripting vulnerabilities.  
[ orkut-sqlxss.txt ] 23280afa08297ab8d28e3faaeea9a26a The Orkut Clone by i-netsolution suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ rapid-disclose.txt ] 650e59945cc139e5465a4c3450c4fc9c Rapid Classified version 3.1 suffers from a remote database disclosure vulnerability.  
[ jbook-disclosesql.txt ] 513a95c3d30b6df14011a17c3db0a2b5 JBook suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from a direct database download.  
[ PLSA-2008-77.txt ] d508983edcad9ea6b153a3aa8b1a2d83 Pardus Linux Security Advisory 2008-77 - Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service).Versions below 0.4.9_20080909-48-16 are affected.  
[ sunbyte-sql.txt ] 3675361f3ee42f0ef8fc812564aa04fc SunByte e-Flower suffers from a remote SQL injection vulnerability.  
[ cpanel-bypass.txt ] d533ac6575da815696f196eded00e977 CPanel version 11.x privilege escalation exploit that bypasses mod_security and a php restriction.  
[ glsa-200812-07.txt ] d9317149ec967b95a726d07039d000bd Gentoo Linux Security Advisory GLSA 200812-07 - Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Versions less than 1.1.4-r1 are affected.  
[ glsa-200812-06.txt ] bdeaa23fcd3973885c874f66adb24c75 Gentoo Linux Security Advisory GLSA 200812-06 - Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Versions less than 2.7.2-r1 are affected.  
[ glsa-200812-05.txt ] 00b44c420510e7048d105180e9487573 Gentoo Linux Security Advisory GLSA 200812-05 - A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Versions less than 0.1.4 are affected.  
[ glsa-200812-04.txt ] 6d61a182a5ccda6a91f6ad35af1d56b6 Gentoo Linux Security Advisory GLSA 200812-04 - Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Versions less than 1.4.20 are affected.  
[ glsa-200812-03.txt ] c7fd15138337ac691f218c2ec559e538 Gentoo Linux Security Advisory GLSA 200812-03 - IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Versions less than 0.7.1 are affected.  
[ glsa-200812-02.txt ] 7798691cbc8349b986a232c8549f5553 Gentoo Linux Security Advisory GLSA 200812-02 - Two buffer overflows in enscript might lead to the execution of arbitrary code. Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Versions less than 1.6.4-r4 are affected.  
[ glsa-200812-01.txt ] 8e4c29a8a9646253000c04ae38a94b2e Gentoo Linux Security Advisory GLSA 200812-01 - A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. A buffer overflow in the BMP reader in OptiPNG has been reported. Versions less than 0.6.2 are affected.  
[ USN-683-1.txt ] 8d312ff3d894835bdc57219ce4ff40b7 Ubuntu Security Notice USN-683-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.  
[ dsa-1676-1.txt ] 912bd5e15a194ab77ca1edf498845d79 Debian Security Advisory 1676-1 - Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack.  
[ pacpoll-disclose.txt ] d99a14ceeaa24e01d9ce9805c3832314 PacPoll version 4.0 suffers from a remote database disclosure vulnerability.  
[ USN-682-1.txt ] 1560ab2afeeb34aeff6acc170b7a1d4a Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.  
[ USN-681-1.txt ] ab83603b48fb33d8beb11a1c24b415c3 Ubuntu Security Notice USN-681-1 - It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.