Packet Storm's last 50 added files. Last Updated: Sat Sep 6 15:37:07 EDT 2008 [ phpauction32-rfi.txt ] e40e15228214cd0b2448655c4de78ff9 PHP Auction version 3.2 suffers from remote file inclusion and information disclosure vulnerabilities. [ silentum-xss.txt ] 7e068f4cc7e36ca6e6365c28cafd5266 Silentum LoginSys version 1.0.0 suffers from a cross site scripting vulnerability. [ iranmc-sql.txt ] adad2c521a3619d9457d7e763649e732 IranMC CMS suffers from a remote SQL injection vulnerability. [ citectodbc-fivews.txt ] 891164271130fb7873ad0b88a90f3fb9 This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7. [ citect_scada_odbc.rb.txt ] ac7981fd900ae85180ef9a569f644f3b This Metasploit module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect versions 5, 6, and 7. [ flockweb-dos.txt ] a9bd276dae0e9bd8afcda7d6ae0fc06d Flock Social Web Browser version 1.2.5 looping denial of service exploit. [ google-chrome-dos4.txt ] 55a6d94d2bcd8b640aa9d6f735c2e829 Google Chrome Browser version 0.2.149.27 Inspect Element denial of service exploit. [ google-download2.txt ] cb9cb9170c00dd282cb524e88829f929 Google Chrome Browser version 0.2.149.27 automatic file download exploit that uses window.setTimeout. [ PLSA-2008-41.txt ] 88d2dd8bd65b48977075d03284318f12 Pardus Linux Security Advisory - Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. [ PLSA-2008-40.txt ] 7ed5de1fd98781b82d94775fb4118b89 Pardus Linux Security Advisory - A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). [ PLSA-2008-39.txt ] 4e13e65bd4014b7e14ea05b22c2ceea0 Pardus Linux Security Advisory - Multiple vulnerabilities have been discovered in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. [ PLSA-2008-38.txt ] 91d0bc451ed2fe45a70026ad0ff30d2d Pardus Linux Security Advisory - Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). [ PLSA-2008-37.txt ] af6c823bb3a63082e54a1fca9c70c8d6 Pardus Linux Security Advisory - A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. [ MDVSA-2008-188.txt ] fa0a6a8003587117a6311ddf437cc6f1 Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues. [ glsa-200809-05.txt ] d98aa0bb9eed96877477f69cf21a83c1 Gentoo Linux Security Advisory GLSA 200809-05 - It has been discovered that some input (e.g. the username) passed to the Courier Authentication library are not properly sanitised before being used in SQL queries. Versions less than 0.60.6 are affected. [ freebsd-revcon.txt ] 5f235f3f42ac49433596de4a8bf427b2 90 byte rev connect, recv, jmp, return results shellcode for freebsd/x86. [ webcmsportal-blindsql.txt ] 3e62f2de829c0bf1b68c94d17c98648c webCMS Portal Edition blind SQL injection exploit that leverages index.php. [ esfaq-sql.txt ] ea53bbcf6654db8ca1a49ac0dfd46905 EsFaq version 2.0 suffers from a remote SQL injection vulnerability. [ vastal-itechcosmetics.txt ] 53f1f2c243e4ca3a7465b7b878af6fb0 Vastal I-Tech Cosmetics Zone suffers from a remote SQL injection vulnerability in view_products_cat.php. [ vastal-itechfreelance.txt ] c3050b70a64f3f3524fe720b1fcb64bb Vastal I-Tech Freelance Zone suffers from a remote SQL injection vulnerability in view_cresume.php. [ vastal-itechmag.txt ] ad03d5c61ab7b1764882d04f31a007f1 Vastal I-Tech Mag Zone suffers from a remote SQL injection vulnerability in view_mags.php. [ vastal-itechmmorpg.txt ] e6fafb94727361eb4327476c1ad5f121 Vastal I-Tech MMORPG Zone suffers from a remote SQL injection vulnerability. [ vastal-itechjobs.txt ] d35dde70aa37844953a819214d29ff30 Vastal I-Tech Jobs Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechdvd.txt ] 73ed791b817b619b2cae65f5f935670c Vastal I-Tech DVD Zone suffers from a remote SQL injection vulnerability in view_mags.php. [ vastal-itechshare.txt ] b07083700994fa807623dffce0aac446 Vastal I-Tech Share Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechtoner.txt ] 6ee1cf0afc26370d06b22ba62dcd7156 Vastal I-Tech Toner Cart suffers from a remote SQL injection vulnerability in show_series_ink.php. [ vastal-itechvisa.txt ] ff1d7f4069afa1ab8a2104311f320e2d Vastal I-Tech Visa Zone suffers from a remote SQL injection vulnerability in view_news.php. [ vastal-itechagent.txt ] 203db934b67f329683f1b32d137acd90 Vastal I-Tech Agent suffers from a remote SQL injection vulnerability in view_ann.php. [ vastal-itechshaadi.txt ] 5c3407bfee59b9dd58df36985f120ff1 Vastal I-Tech Shaadi Zone version 1.0.9 suffers from a remote SQL injection vulnerability. [ google-chrome-dos3.txt ] 62658dd425bb8251d6d3c133c2748eb2 Google Chrome Browser version 0.2.149.27 (1583) silent crash proof of concept exploit. [ samsung-dos.txt ] b9d63562ccf567202d43f490bee3c6cf Proof of concept denial of service exploit for the Samsung DVR SHR-2040. [ insecurityoverview-samsung.pdf ] b885df143355b20ca9ab10e3540514f1 An Insecurity Overview of the Samsung DVR SHR-2040. [ googlechrome-cleartext.txt ] 2fc321543f586f60017f4d03f73ec0ba Google Chrome version 0.2.149.27 stores users credentials in the clear when saving passwords. [ PLSA-2008-36.txt ] 08e25547abae389d971a09a044cf735f Pardus Linux Security Advisory - Multiple memory leaks and buffer overflows have been addressed in ffmpeg. Affected packages are mplayer versions below 0.0_20080825-92-11 and ffmpeg versions below 0.4.9_20080825-46-14. [ wpsimple-xss.txt ] 352dca05a76597134c102fa5f0119f14 WordPress Simple Tagging Widget suffers from a cross site scripting vulnerability. [ googlechrome-pwn.tgz ] 76bc83d0af7a4c1715f162bcddf4c083 Google Chrome Browser version 0.2.149.27 suffers from a SaveAs-related buffer overflow and another denial of service vulnerability. Exploits for both are included in the tarball. PoC-XPSP2.html demonstrates the overflow by launching calc.exe and PoC-Crash.html demonstrates the crash. [ microworld-insecure.txt ] ce8ac3604c3af57abf8400703a98d0e6 Multiple MicroWorld products suffer from insecure directory permissions vulnerabilities that allow for privilege escalation. [ devalcms-xssexec.txt ] db1720fed87cf89e89b28e5e397ee959 devalcms version 1.4a cross site scripting and remote code execution exploit. [ microtik-poc.txt ] 3b065276af46ff576d9a6373c1d277f2 MicroTik RouterOS versions 3.13 and below SNMP write proof of concept exploit. [ xcon2008-cfp.txt ] 6d6d3617daeb94718d64bdef3a52ea12 Call For Papers for XCon 2008. This conference will take place from November 18th through the 19th in Beijing, China. [ awstats-exec2.txt ] c7f6c1a53d73e9b3fc679173c9be5ae7 Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. Version 2 of this exploit. It now works with magic quotes on or off. [ SSRT080119.txt ] 443e1114b506d1add64aab30e5423482 HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information. [ wordpress-xss.txt ] 87d10fd3e01da8218f1cd5f358994acb Wordpress Forum version 1.7.4 suffers from a cross site scripting vulnerability. [ geocar-sql.txt ] db27bf304857538f4c73e77acf9d86db Geocar CMS suffers from a remote SQL injection vulnerability. [ MDVSA-2008-186.txt ] 153c497151ed5d9641a5eceb1e0840f8 Mandriva Linux Security Advisory - Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. The Python packages on Corporate 3 have been updated to the latest version 2.3.7, which corrects this issue. [ aslr-bypass.txt ] 69eac3945ce943b762c014d7d22bb2ba Whitepaper discussing an ASLR bypassing methodology on the Linux 2.6.17/20 kernel. [ glsa-200809-04.txt ] f4f0318f961c4b14524fa5983e5bb781 Gentoo Linux Security Advisory GLSA 200809-04 - Sergei Golubchik reported that MySQL imposes no restrictions on the specification of DATA DIRECTORY or INDEX DIRECTORY in SQL CREATE TABLE statements. Versions less than 5.0.60-r1 are affected. [ glsa-200809-03.txt ] 4f3597870ccab8e2f35aaf7c1ac67523 Gentoo Linux Security Advisory GLSA 200809-03 - Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling. Versions less than 11.0.0.4028-r1 are affected. [ glsa-200809-02.txt ] f200ed750ca69f71f7f2846f6ee4b218 Gentoo Linux Security Advisory GLSA 200809-02 - Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server. Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash. Versions below 2.45 are affected. [ glsa-200809-01.txt ] b962d5bfed1cd8d721820a20c2d41d07 Gentoo Linux Security Advisory GLSA 200809-01 - Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c. Versions less than 2.22.1-r2 are affected.