Packet Storm's last 20 added files.
Last Updated: Fri May  9 20:06:41 EDT 2008


[ hispah-sql.txt ] 56372410603357c087d00006cb931d71 HispaH Model Search suffers from a remote SQL injection vulnerability in cat.php.  
[ sazcart-sql.txt ] 4bd3e69d3bf9bc4006706b639fdfa953 SazCart versions 1.5.1 and below remote SQL injection exploit.  
[ admidio-disclose.txt ] fb96b4a0cd332e49bb1509f593db6916 Admidio version 1.4.8 suffers from a remote file disclosure vulnerability.  
[ wpgallery-sql.txt ] 6ad18afafb09a0396e624aa6cdc26680 The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability.  
[ glsa-200805-08.txt ] cdb2393100a4faec5400559fd35ff0f8 Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.  
[ glsa-200805-07.txt ] b99107d7cc4efe620d3b52050bad0f8f Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.  
[ glsa-200805-06.txt ] 85f645f65baa0b3fe9c141d775831681 Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.  
[ oracleasp-bypass.txt ] 949ba1c17d5c6ccbaf300ec9175e3dd4 The Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided.  
[ browserrecon-1.0-php.tar.gz ] 8dc3b53449d21666803e0b051280d3af browserrecon is a framework that performs client-side HTTP fingerprinting. Be sure to hit their site to download the latest fingerprints database.  
[ cyberfolio-rfi.txt ] b1f29ba626cf616a3523dd8a19714c8f Cyberfolio version 7.2 suffers from a remote file inclusion vulnerability.  
[ sazcart151-rfi.txt ] f6972dda22f21e2d1b7c152ccfebae41 SazCart version 1.5.1 suffers from multiple remote file inclusion vulnerabilities.  
[ MDVSA-2008-099.txt ] 80671fb91b231ddf51ff6f60aef286c4 Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick.  
[ cpanel-xssxsrf.txt ] 93fe9c2917908f3542033fd1c3bee6b3 cPanel versions below 11.18.4 and 11.22.3 suffer from cross site scripting and cross site request forgery vulnerabilities.  
[ apache-utf7xss.txt ] 776e48651cff4b6c45bf15019e486f5c Apache versions 2.2.x and 1.3.x suffer from a cross site scripting vulnerability leveraging UTF-7 encoding on 403 forbidden pages.  
[ minibloggie-delete.txt ] 48a0ab7a653384c0a40f7474400937f7 miniBloggie version 1.0 suffers from an arbitrary post deletion vulnerability in del.php.  
[ vshare-sql.txt ] f6ed0f3a4f6d2bf9adf61c3530025f07 vShare Youtube Clone version 2.6 suffers from a remote SQL injection vulnerability in group_posts.php.  
[ shadertv-sql.txt ] 9f14c2db07c26bca40e8b991829c03ee Shader TV Beta suffers from multiple SQL injection vulnerabilities allowing for login bypass and more.  
[ runcms161-sql.txt ] 507caf1b34d7af378169f6ce71ed6a6d RunCMS versions 1.6.1 and below remote SQL injection exploit.  
[ USN-611-3.txt ] 26dd30b7333f05b291b099650b8a9e89 Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.  
[ USN-611-2.txt ] a2c8b46ce1f3301d099c7eb67973f3b0 Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.