Packet Storm's last 100 added files.
Last Updated: Fri Aug 29 12:08:02 EDT 2008


[ phpemlak-sql.txt ] 0d78a18e819716d1f441a5ad3024be3e Full PHP Emlak Script suffers from a remote SQL injection vulnerability in landsee.php.  
[ scip-dreambox.txt ] 249afecfcb2122f8d5df9de75eb67421 An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition.  
[ logmein-activex.txt ] e12c30e8f96bf5c07afba2181139dc26 LogMeIn remote access utility Active-X memory consumption denial of service exploit.  
[ najdisi-overflow.txt ] 4a245592d331db41db8244311ef61d31 Najdi.si Toolbar Active-X remote buffer overflow proof of concept exploit.  
[ ipb235-multi.txt ] a4f25aaae79e8aa14fd8d1ea7af1c1d9 Invision Power Board versions 2.3.5 and below remote exploit that brute forces, attempts IDS evasion, and more.  
[ hoagie_snoop.c ] 808193e9a074d86648b31609b4886635 Sun Solaris 8/9/10 and OpenSolaris versions below snv_96 snoop utility remote exploit.  
[ ZDI-08-054.txt ] d76ab9bcd5ffc3e70e7f81027f487560 A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.  
[ MDVSA-2008-181.txt ] 2d7f6108eed9a9dc420bf8b8ca56cdb7 Mandriva Linux Security Advisory - Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory. The updated packages have been patched to prevent these issues.  
[ kisgearth-0.01f.tar.bz2 ] b90a6b1724452a768c81af392dcff196 Kisgearth is a small perl script that gives you the ability to convert your Kismet xml logfiles to GoogleEarth kml files. You can apply a lot of filters and use sorting/ordering functions in order to get the best results.  
[ firefox301-exec.txt ] e5305be99ab1f77ca6497f785fd1274e Firefox version 3.0.1 (final release) suffers from an unspecified remote code execution vulnerability.  
[ OpenSSH-4.4p1-backdoored.tar.gz ] 192f15fe0fcea062231c3f66884c8f81 OpenSSH version 4.4p1 backdoor that logs all incoming and outgoing logins and password via the client and the daemon, adds a magic password for sshd, store passwords to an encrypted logfile, and disables logging if the magic password is used. Based on the Aion 3.8p1 patch.  
[ dotproject-sqlxss.txt ] 1b9c35808b2257054fb9d7ccb5a78d0c dotProject version 2.1.2 suffers from cross site scripting and SQL injection vulnerabilities.  
[ lynis-1.2.0.tar.gz ] 7b66c5c9f4febd9441c0cc63ded8c345 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. 
[ SSRT080118.txt ] 50243815f59ecafcedf99163c1ad9ff7 HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS).  
[ mercadolibre-xssrfi.txt ] 26ab2008a67c3c1880359d16155ec80f Mercadolibre.com suffers from cross site scripting and remote javascript insertion vulnerabilities.  
[ strongswan-4.2.6.tar.gz ] 918fa35839013b14bd4b972853aeedb4 strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. 
[ friendly-exec.txt ] 4ca334d8cb11512389b2598b255c2e16 Friendly Technologies Active-X related remote command execution exploit that leverages fwRemoteCfg.dll.  
[ friendly-fwremotecfg.txt ] 89e10b34b9b9cc0ea532944e20fc1f6f Friendly Technologies Active-X remote buffer overflow exploit that leverages fwRemoteCfg.dll.  
[ acoustica-overflow.txt ] 88d4635a1cb1ff5e03e8fe080c837dd4 Acoustica Mixcraft versions 4.2 Build 98 and below mx4 file local buffer overflow exploit.  
[ USN-638-1.txt ] c3002bba563957c93b2edfad569c7c01 Ubuntu Security Notice 638-1 - Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.  
[ kyocera-traversal.txt ] b1469751eb65919a9b8435ad1055dc09 Kyocera Command Center suffers from a directory traversal vulnerability.  
[ searchengine-sql.txt ] 63fc260d89bd02c73d5d2647cb1356d3 Search Engine suffers from a remote SQL injection vulnerability in viewcat.php.  
[ igshopdisp-sql.txt ] e73b22fbec473ddd5750c3cbf0d66b60 iG Shop suffers from a remote SQL injection vulnerability in display_review.php.  
[ SSRT080106.txt ] a84ae83f38e250d72f3b90696e44be96 HP Security Bulletin - A potential security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges.  
[ advchk-2.10.tar.gz ] 03bd5578fd6b1795710a9c67225040c3 Advchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.  
[ yourownbux-sql.txt ] 7e146c229cd2cc0ccbe6f6b868c695f2 YourOwnBux versions 3.1 and 3.2 Beta suffer from a remote SQL injection vulnerability.  
[ PLSA-2008-31.txt ] 89fde6963eee81805e587266f74bbffa Pardus Linux Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.   
[ phpmyrealty109-sql.txt ] c5c0581e59881b0c55bafb406bc61e32 phpMyRealty versions 1.0.9 and below suffer from a remote SQL injection vulnerability in pages.php.  
[ ultra-overflow.txt ] 8efda1569b663b030992e1d6768813f9 Ultra Office Active-X Control remote buffer overflow exploit.  
[ ultra-corrupt.txt ] 3c538957caf9590d5e856cd27bf0f824 Ultra Office Active-X Control remote arbitrary file corruption exploit.  
[ MDVSA-2008-180-1.txt ] cee89e63538737ae53aedf3ab3fd7410 Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.  
[ fileutility.txt ] b9cc2a9b04bb9971365bc2eb05b812f3 This Metasploit exploit attacks multiple file manipulation vulnerabilities in the Kyocera Mita Scanner File Utility version 3.3.0.1.  
[ kyocera-upload.txt ] c188a08ce39e9da8719c911ff27e4178 The Kyocera Mita Scanner File Utility version 3.3.0.1 suffers from multiple file manipulation vulnerabilities.  
[ EMORY-2008-01.txt ] 46742f7d6234df7fa0b6c185fb2e534a Telartis's AWStats Totals versions 1.0 through 1.14 suffer from a remote code execution vulnerability.  
[ mybb1211-sql.txt ] 2b8c0145ecb2c5255a32519df1daeffe MyBulletinBoard (MyBB) versions 1.2.11 and below SQL injection exploit that leverages private.php.  
[ ifdate-sql.txt ] ea21be161b9c61655d9d93c6bb733611 iFdate versions 2.0.3 and below suffer from a SQL injection vulnerability.  
[ dsa-1631-2.txt ] f024501160502cc01f3a8a6951c7c361 Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.  
[ dsa-1632-1.txt ] 0e6569a1ce6eb08995b0101c1d463469 Debian Security Advisory 1632-1 - Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.  
[ thickboxgallery-disclose.txt ] 742dcf93f43279e1ee08f057327abcee Thickbox Gallery version 2 suffers from an administrative data disclosure vulnerability in admins.php.  
[ cmme-lfixsscsrf.txt ] a46f6ae035b9cb1477736efe43b4ed9a CMME version 1.12 suffers from local file inclusion, cross site scripting, cross site request forgery, and other vulnerabilities.  
[ simpgal-sql.txt ] c402f3afaca614ffeb393f9b84477b59 Simple Gallery ASP Script suffers from a remote SQL injection vulnerability.  
[ zoneminder-multi.txt ] d8bb2d877419e579e9d76b0f207b8425 ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.  
[ mvs-activex.txt ] 181f169f345f46154d1d9000c16aed1e Microsoft Visual Studio Active-X remote buffer overflow exploit that leverages Msmask32.ocx.  
[ hpsnh-xss.txt ] 10441eb7ff70f0b1f1b38bdfe4afb273 Further analysis regarding the HP System Management Homepage (SMH) cross site scripting vulnerability.  
[ zbreaknews-sql.txt ] a7eb6a2643b88223f58f0185eb07384d z-breaknews version 2.0 suffers from a remote SQL injection vulnerability in single.php.  
[ mininuke23-sql.txt ] 8e01430892a688f963f403b76a239c9a MiniNuke version 2.3 Freehost suffers from multiple remote SQL injection vulnerabilities.  
[ USN-637-1.txt ] 4ff77f698b3af8e2303260d5110f0d63 Ubuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.  
[ krate-sqlxss.txt ] d26ac1ccd455e8908f757fa505552e5d K-Rate suffers from SQL injection and cross site scripting vulnerabilities.  
[ sphpblog-exec.txt ] f98e850f53affbab3ddff8216779f279 Simple PHP Blog (SPHPBlog) versions 0.5.1 and below code execution exploit.  
[ kolifadownload-sql.txt ] ef095920edf3cf084b22795e4d5e48f6 Kolifa.Net Download Script version 1.2 suffers from a remote SQL injection vulnerability.  
[ popnupblog-xss.txt ] b82aae9cdaf7f648a0399aae7d72008e PopnupBlog version 3.30 suffers from multiple cross site scripting vulnerabilities in index.php.  
[ crafty-sql.txt ] e6945d67ffc3bf702f8bca9d13e35ddf Crafty Syntax Live Help versions 2.14.6 and below suffer from a remote SQL injection vulnerability.  
[ DSECRG-08-038.txt ] 8fe839a4a7d6a995587c81d9a5a0dffe ezContents CMS version 2.0.3 suffers from multiple local file inclusion vulnerabilities.  
[ DSECRG-08-037.txt ] 569ec165bf63e88aa064daa5c376d909 Pluck CMS version 4.5.2 suffers from multiple local file inclusion vulnerabilities.  
[ goranicms-blindsql.txt ] 5db9f49dbda6cc73f1613eedb0a8ab7a Gorani CMS suffers from a blind SQL injection vulnerability.  
[ neotericuk-sql.txt ] 31707c0c1c7da57f97e002dd3b4bae27 Neoteric UK websites suffers from a remote SQL injection vulnerabilities.  
[ millionpixel-sql.txt ] 8caf8d3ea10e6555e8319da4e3caa3df Million Pixel Ad Script suffers from a remote SQL injection vulnerability.  
[ geeklog-upload.txt ] 70f91a82ad8e316160b0c228f0f01631 GeekLog versions 1.5.0 and below remote arbitrary file upload exploit.  
[ webboard-sql.txt ] dd0f573ccd7d4c7427aafafd4d4f0ad6 WebBoard versions 2.0 and below suffers from an arbitrary SQL question/answer deletion vulnerability.  
[ wds-sql.txt ] 2d7d3c3ae39631f6786aad84cca8f978 Web Directory Script versions 2.0 and below suffer form a remote SQL injection vulnerability.  
[ freebsd-master.txt ] cf47939bcd912af3c724afa97bbd291f 65 byte NULL free /bin/cat /etc/master.passwd shellcode for freebsd/x86.  
[ secunia-calendarix.txt ] 25805f56ddb5ea080e60cc240a6e595d Secunia Research has discovered two vulnerabilities in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "catsearch" parameter in cal_search.php and "catview" in cal_cat.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Calendarix Basic 0.8.20071118 is affected.  
[ secunia-iprintget.txt ] fdd4e1fe471d8f8909683736fc941234 Secunia Research has discovered a security issue in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Novell iPrint Client 4.36 and Novell iPrint Client for Windows Vista 5.04 are affected. The insecurity lies in GetFileList().  
[ secunia-iprint.txt ] 40a0bbe6cee53536da934ab4a38a4cb8 Secunia Research has discovered multiple vulnerabilities in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. These include boundary errors and buffer overflow issues. Novell iPrint Client 4.36 is affected.  
[ danairc-overflow.txt ] ce78e866e21035b1d75c8e6ed56a451f Dana IRC version 1.4a remote buffer overflow exploit.  
[ nufw-2.2.16.tar.gz ] 7a4f72298783b877a050863888d643df NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server. 
[ fwknop-1.9.7.tar.gz ] 955a2a920aeeab655d16da212f70b5e8 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. 
[ belkin-bypass.txt ] 9119bf2575e2d603c0dd43fdac82247a Belkin wireless G router and ADSL2 modem authentication bypass exploit.  
[ PLSA-2008-30.txt ] bba89f851911b3ef0f74460ddb4d69a5 Pardus Linux Security Advisory - Insufficient sanitization can lead to Vim executing arbitrary commands when performing keyword or tag lookup.  
[ PLSA-2008-29.txt ] 353baefe1e7409fab29c0abd9c5f7291 Pardus Linux Security Advisory - Multiple vulnerabilities have discovered by g_ which potentially can be exploited by malicious people to compromise a user's system.   
[ PLSA-2008-28.txt ] b5d695d395d852aa764c49dbd945acc7 Pardus Linux Security Advisory - A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service).   
[ linux-cbexec.txt ] 2335f65f3587e1adb068e62f47af91ad 149 byte connect back, download a file, and execute shellcode for linux/x86.  
[ matterdaddy-sql.txt ] acec2b73d736ec39af3ba591c3480075 Matterdaddy Market version 1.1 suffers from multiple SQL injection vulnerabilities.  
[ btitrackerxbtit-sql.txt ] efb414d445b3a47428a394d923d766a1 BtiTracker versions 1.4.7 and xbtit versions 2.0.542 suffers from a remote SQL injection vulnerability.  
[ IVIZ-08-009.txt ] 19fafe4333b13d89b153a4c1a3b7a16c The password checking routine of Grub fails to sanitize the BIOS keyboard buffer before AND after reading passwords.  
[ IVIZ-08-008.txt ] b6128bc94dc690994313103896500060 The password checking routine of LILO fails to sanitize the BIOS keyboard buffer before AND after reading passwords.  
[ IVIZ-08-007.txt ] f5e88134d2c118dc27e0b5de40760281 The password checking routine of DriveCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.  
[ IVIZ-08-006.txt ] 28d14d2910f59a1abffea61e693b4bc3 The password checking routine of DiskCryptor fails to sanitize the BIOS keyboard buffer before AND after reading passwords.  
[ IVIZ-08-005.txt ] 9372ec1711b09a008c09f97aaad48fc9 The password checking routine of the IBM Lenovo BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.  
[ IVIZ-08-004.txt ] fb13f9752e6c436b4d7a1e7c99a21fa2 The password checking routine of Intel BIOS firmware fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.  
[ IVIZ-08-003.txt ] 986464ca4ad63ebdd6c33978f68b69c6 The password checking routine of TrueCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.  
[ IVIZ-08-002.txt ] 7ed6e522d2b2d1576d1001319e9ae443 The password checking routine of Hewlett-Packard 68DTT version F.0D (11/22/2005) fails to sanitize the BIOS keyboard buffer after reading user input, resulting in plain text password leakage to local users.  
[ IVIZ-08-001.txt ] 08bf0022caed32290893bce4e558fee6 The password checking routine of Microsoft Bitlocker fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.  
[ deremate-xssrfi.txt ] 3c4c2d54915206f7b7e3358f161dc074 Deremate's Shopping Online application is vulnerable to cross site scripting vulnerabilities.  
[ phpcart-xss.txt ] a667f382b4fac26273cd9ab4565b3a83 PHPCart versions 3.4 through 4.6.4 suffer from cross site scripting and price manipulation vulnerabilities.  
[ selfgen-xss.txt ] 55f4b2870a9be3465220de89f98862c0 The Self Generate CMS suffers from multiple cross site scripting vulnerabilities.  
[ WLB-2008080064.txt ] 618bef6d69afe88da171491f07cd89a3 libc inet_net_pton.c suffers from an integer overflow vulnerability.  
[ tor.uclibc.i686.20080822.iso ] 7886072dae6656c2b61793430177bd3e Tor-ramdisk is an i686 uClibc-based micro Linux distribution (3.1 MB) whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. 
[ onenews-sqlxss.txt ] c30394113a1d4578432263fc920ea170 OneNews Beta 2 suffers from cross site scripting, HTML injection, and SQL injection vulnerabilities.  
[ fivestar-sqlxss.txt ] 76a1fce96cbfd283354ccde02233a975 5 Star Review suffers from cross site scripting and SQL injection vulnerabilities.  
[ miacms-sql.txt ] 80e9f163d00d9ded2c2b83916fd0737a MiaCMS versions 4.6.5 and below suffer from multiple remote SQL injection exploits.  
[ vlcmms-overflow.txt ] 23a2a913c69f52978ccc7930f8671364 VLC version 0.8.6i MMS protocol handling heap overflow proof of concept exploit.  
[ gallery-xss.txt ] 884d325c621639312f1f07d6d3d591d7 Gallery version 1.3 suffers from a cross site scripting vulnerability.  
[ tor-0.2.0.30.tar.gz ] d37b582ee35b4f69564b0635a449b5f6 Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). 
[ netbeware.txt ] f4d83cea9d6dcd226ee4aae32d114574 The remote manager in Novell Netware version 6.5 suffers from an HTML injection vulnerability.  
[ dsa-1631-1.txt ] 4e11a0bf3ea05140834d932f3231418d Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.  
[ oCERT-2008-008.txt ] 030d4b684f35e92aea985834e35cd251 The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. xine-lib versions 1.1.14 and below are affected.  
[ noname-lfi.txt ] e08938492ce16785a939d37592f50395 NoName Script version 1.0 suffers from a local file inclusion vulnerability in index.php.  
[ vim-sanitize.txt ] 743819ed6f6edc557eb5e0a21ba43aec Vim version 3 suffers from multiple arbitrary code execution vulnerabilities.  
[ openvas-contest.txt ] 7e7ad7671b776d96a194bfc749f20e2f The OpenVAS Team (Open Vulnerability Assessment System) has started a contest and calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework and extends Open Source Network Vulnerability Testing.