http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/1007-advisories/MDVSA-2010-142.txt Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. http://packetstormsecurity.org/1007-exploits/uplusftp-overflow.txt UPlusFTP Server version 1.7.1.01 remote buffer overflow post authentication exploit. http://packetstormsecurity.org/1007-exploits/symantecams-flaw.txt Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) proof of concept command execution exploit. http://packetstormsecurity.org/1007-exploits/jira-xss.txt Jira version 4.0.1 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/1007-advisories/secunia-autonomykvrp.txt Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-advisories/secunia-autonomykvindex.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-exploits/zemana-escalate.txt Zemana AntiLogger with AntiLog32.sys versions 1.5.2.755 and below suffer from a local privilege escalation vulnerability. http://packetstormsecurity.org/1007-exploits/ceteraecommerce-sqlxss.txt Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1007-advisories/secunia-wkssriu.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-advisories/secunia-autonomywosr.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-advisories/secunia-autonomyrtfsigned.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-advisories/secunia-autonomywkssr.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-advisories/secunia-autonomycfp.txt Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/1007-exploits/apachetomcat-traversal.txt UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18. http://packetstormsecurity.org/1007-exploits/joomlaphotomapgallery-sql.txt Joomla PhotoMap Gallery version 1.6.0 suffers from multiple remote blind SQL injection vulnerabilities. http://packetstormsecurity.org/1007-exploits/avarcade-insecure.txt AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities. http://packetstormsecurity.org/1007-exploits/nubuilder-rfi.txt nuBuilder version 10.04.x suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/1007-advisories/dsa-2076-1.txt Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. http://packetstormsecurity.org/1007-advisories/dsa-2075-1.txt Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. http://packetstormsecurity.org/1007-advisories/MDVSA-2010-141.txt Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues. http://packetstormsecurity.org/1007-advisories/MDVSA-2010-140.txt Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. http://packetstormsecurity.org/1007-exploits/punbbpunpm-sql.txt PunBB versions 1.3.x and below with Pun_PM versions 1.2.6 and below remote blind SQL injection exploit. http://packetstormsecurity.org/1007-exploits/joomlattvideo-sql.txt Joomla TTVideo component version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/msvisualstudio-overflow Microsoft Visual Studio version 6.0 VCMUTL.dll unicode Active-X buffer overflow exploit. http://packetstormsecurity.org/UNIX/scanners/AdminLoginFinder.tar.gz AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections. http://packetstormsecurity.org/Crackers/fbruteforcer.py.txt This is a simple Facebook bruteforcing script that makes use of the Python Mechanize module and a wordlist. http://packetstormsecurity.org/1007-exploits/ie67-dos.txt Microsoft Internet Explorer versions 6 and 7 suffers from a denial of service vulnerability. http://packetstormsecurity.org/papers/call_for/NocON2010-CFP.txt Call For Papers for the No cON Name 2010 Congress. This conference will be held in Barcelona, Spain, from October 18th through the 19th. http://packetstormsecurity.org/1007-exploits/socialmedia-lfi.txt Social Media version 2.0.0 suffers from a local file inclusion vulnerability. http://packetstormsecurity.org/shellcode/stackbf.c Stack bruteforcing utility against buffer overflow programs with ASLR. Provides polymorphic shellcode for /bin/sh. http://packetstormsecurity.org/1007-exploits/theetacms-sqlxss.txt Theeta CMS suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1007-exploits/joomlaappointinator-sql.txt The Joomla Appointinator component version 1.0.1 suffers from remote SQL injection vulnerabilities. http://packetstormsecurity.org/1007-exploits/syndeocms-xss.txt SyndeoCMS versions 2.9.0 and below suffer from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/1007-advisories/MDVSA-2010-139.txt Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. http://packetstormsecurity.org/1007-exploits/major_rls79.txt PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/1007-exploits/easyftp_mkd_fixret.rb.txt This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'MKD' commands, which leads to a stack based buffer overflow. NOTE: EasyFTP allows anonymous access by default. However, in order to access the 'MKD' command, you must have access to an account that can create directories. After version 1.7.0.12, this package was renamed UplusFtp . This exploit utilizes a small piece of code that I\\'ve referred to as 'fixRet'. This code allows us to inject of payload of ~500 bytes into a 264 byte buffer by 'fixing' the return address post-exploitation. See references for more information. http://packetstormsecurity.org/1007-exploits/easyftp_list_fixret.rb.txt This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan. NOTE: Although, this is likely to exploit the same vulnerability as the 'easyftp_cwd_fixret' exploit, it uses a slightly different vector. http://packetstormsecurity.org/1007-exploits/hyleos_chemviewx_activex.rb.txt This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code. http://packetstormsecurity.org/1007-exploits/easyftp_list.rb.txt This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability. After version 1.7.0.12, this package was renamed UplusFtp . Due to limited space, as well as difficulties using an egghunter, the use of staged, ORD, and/or shell payloads is recommended. http://packetstormsecurity.org/1007-advisories/USN-964-1.txt Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. http://packetstormsecurity.org/1007-advisories/USN-930-6.txt Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. http://packetstormsecurity.org/1007-advisories/USN-957-2.txt Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. http://packetstormsecurity.org/1007-advisories/LWSA-2010-011.txt Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired. http://packetstormsecurity.org/1007-advisories/nessus-xssdisclose.txt The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities. http://packetstormsecurity.org/1007-advisories/macosxwebdav-dos.txt The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation. http://packetstormsecurity.org/1007-advisories/foofus-20100726.txt The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected. http://packetstormsecurity.org/fuzzer/fuzzdiff.py.txt FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively un-fuzz portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash. http://packetstormsecurity.org/papers/general/transparent-medical-devices.pdf Whitepaper called Killed by Code: Software Transparency in Implantable Medical Devices. http://packetstormsecurity.org/1007-exploits/qqplayersmi-overflow.txt QQplayer versions 2.3.696.400p1 and below .smi file processing local buffer overflow exploit. http://packetstormsecurity.org/1007-exploits/oscommercemax-backup.txt Oscommerce Max version 2.0.25 suffers from a backup creation and download vulnerability. http://packetstormsecurity.org/papers/database/my-sql.pdf This whitepaper is a MySQL SQL injection tutorial. http://packetstormsecurity.org/1007-exploits/xaoscms-sql.txt XAOS CMS suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/ballettinforum-sql.txt Ballettin Forum suffers from multiple remote SQL injection vulnerabilities. http://packetstormsecurity.org/forensics/dff-0.7.0-src.tar.gz DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules. http://packetstormsecurity.org/1007-exploits/freewaycms-sql.txt Freeway CMS version 1.4.3.210 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/cmsignition-sql.txt CMS Ignition suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/3dlammtxklrr-sqlxss.txt 3dl.am Script Mtxkl Raidrush suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/web/RewriteProxy.tar.gz RewriteProxy is a small python tool that is based on the twisted library. Its purpose is to serve local files instead of remote files to fool the same-domain policy of modified flash and java-applets. http://packetstormsecurity.org/papers/call_for/H2HC-CFP-2010.txt The Hackers 2 Hackers Conference (H2HC) 7th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from November 27th through the 28th, 2010. http://packetstormsecurity.org/1007-exploits/joomlayoutube-sql.txt The Joomla Youtube component version 1.5 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/snews-sql.txt sNews suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/whiteboard-sql.txt WhiteBoard version 0.1.30 suffers from remote blind SQL injection vulnerabilities. http://packetstormsecurity.org/1007-exploits/mccontentmanager-sqlxss.txt MC Content Manager suffers from cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/1007-advisories/USN-958-1.txt Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output. http://packetstormsecurity.org/1007-exploits/3dlam-traversal.txt 3dl.am script Mtxkl Raidrush suffers from a directory traversal vulnerability. http://packetstormsecurity.org/papers/voip/CVP-HackersPerspective.pdf Whitepaper called Cisco VoIP Phone - A Hackers Perspective. http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt The Joomla Joomdle component versions 0.24 and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/papers/general/buffer_overflow_edisi_ketiga.txt Whitepaper called Linux Buffer Overflow Tutorial III. Written in Indonesian. http://packetstormsecurity.org/1007-exploits/joomlaitarmory-sql.txt The Joomla ITArmory component versions 0.1.4 and below suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt Joomla Ozio Gallery suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt AKY Blog suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/openrealty-xss.txt Open Realty versions 2.x and 3.x suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/1007-exploits/snews17cat-sql.txt sNews version 1.7 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/dmfilemanager-shell.txt DM Filemanager version 3.9.11 suffers from a remote shell upload vulnerability. http://packetstormsecurity.org/1007-exploits/vbul386-disclose.txt vBulletin version 3.8.6 suffers from an information disclosure vulnerability in faq.php. http://packetstormsecurity.org/1007-exploits/validformbuilder-exec.txt ValidForm Builder Script suffers from a remote command execution vulnerability. http://packetstormsecurity.org/1007-exploits/mpcheap-overflow.txt Media Player Classic - Home Cinema suffers from a heap overflow that allows for denial of service. http://packetstormsecurity.org/1007-exploits/ms10_045_outlook_ref_only.rb.txt It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options. http://packetstormsecurity.org/1007-exploits/ms10_045_outlook_ref_resolve.rb.txt It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options. http://packetstormsecurity.org/1007-exploits/windows-smb-ms07_029_msdns_zonename.rb.txt This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This Metasploit module exploits the RPC service using the \\\\DNSSERVER pipe available via SMB. This pipe requires a valid user account to access, so the SMBUSER and SMBPASS options must be specified. http://packetstormsecurity.org/1007-exploits/windows-dcerpc-ms07_029_msdns_zonename.rb.txt This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. http://packetstormsecurity.org/1007-exploits/ms03_051_fp30reg_chunked.rb.txt This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue. http://packetstormsecurity.org/1007-exploits/ms03_022_nsiislog_post.rb.txt This exploits a buffer overflow found in the nsiislog.dll ISAPI filter that comes with Windows Media Server. This Metasploit module will also work against the 'patched' MS03-019 version. This vulnerability was addressed by MS03-022. http://packetstormsecurity.org/1007-exploits/lucidlynx-overflow.txt Ubuntu 10.04 LTS - Lucid Lynx FTP Client version 0.17-19build1 suffers from a buffer overflow vulnerability related to the ACCT command. http://packetstormsecurity.org/1007-exploits/photopostphp465-sql.txt PhotoPost PHP version 4.6.5 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-exploits/easyftp-overflow.rb.txt This Metasploit module exploits a stack-based buffer overflow in EasyFTP Server version 1.7.0.11. http://packetstormsecurity.org/1007-exploits/ffsm-clickjack.txt Firefox version 3.6.7 / SeaMonkey version 2.0.6 clickjacking proof of concept exploits. http://packetstormsecurity.org/1007-exploits/joomlagolfcourseguide-sql.txt Joomla GolfCourseGuide component versions 0.9.6.0 Beta and 1 Beta suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/1007-advisories/MDVSA-2010-138.txt Mandriva Linux Security Advisory 2010-138 - Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/UNIX/scanners/watobo_0.9.2rev149.zip WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more. http://packetstormsecurity.org/1007-advisories/USN-930-5.txt Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. http://packetstormsecurity.org/1007-advisories/USN-930-4.txt Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. http://packetstormsecurity.org/1007-advisories/USN-927-8.txt Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. http://packetstormsecurity.org/1007-exploits/photopostphp-sql.txt PhotoPost PHP versions 4.0 through 4.6 suffer from a remote SQL injection vulnerability. http://packetstormsecurity.org/UNIX/utilities/PHPJackal.php.gz PHPJackal is a PHP script that can be used to manage files, perform safemode bypass, has crackers built-in, various network scanners and more. http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/1007-exploits/zeematri-shell.txt ZeeMatri version 3x suffers from a shell upload vulnerability. http://packetstormsecurity.org/1007-exploits/DSECRG-09-040.txt SAP Netweaver versions 6.4 through 7.0 suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/1007-exploits/ibmaix5l-hash.txt AIX 5l with FTP server remote root hash disclosure exploit. Creates a coredump including the root user hash from /etc/security/passwd. This is the second version that was written to be more portable between hosts. http://packetstormsecurity.org/1007-exploits/zeenetworking-shell.txt ZeeNetworking 1x suffers from a shell upload vulnerability.