Packet Storm's last 50 added files.
Last Updated: Wed May  7 20:47:19 EDT 2008


[ onecms25-sql.txt ] 3b42b7d367ec7319462b6184e5d9cdd2 OneCMS version 2.5 remote blind SQL injection exploit that makes use of asd.php.  
[ galleristic-sql.txt ] 3a1b178796f738876c63cb87ecef2fb6 Galleristic version 1.0 remote SQL injection exploit that makes use of index.php.  
[ 05.07.08-3.txt ] c3320ef9f586bf2a8eadea9bdb952524 iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.  
[ 05.07.08-2.txt ] dcb778aa36d5093d53a1522ad73f6ceb iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.  
[ 05.07.08-1.txt ] c018aff3b2b98000cb2a48058984a14d iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.  
[ google-spam.txt ] f7d31e6f454a2e5814a14ca9ac14dcfb It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam.  
[ glsa-200805-05.txt ] f3ef77392f063e96467936e65228cc61 Gentoo Linux Security Advisory GLSA 200805-05 - Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Versions less than 1.0.0 are affected.  
[ glsa-200805-04.txt ] 0ef7dd1b359cd5c05af051363a60b6d3 Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.  
[ glsa-200805-03.txt ] e7bce4b2f319f035e053ff26dbb0497a Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.  
[ tuxcms-xss.txt ] fc2461e9a2dd67d305c1169f2984721b Tux CMS version 0.1 suffers from cross site scripting vulnerabilities.  
[ postcardmentor-sql.txt ] 8f294b168ec448f57fd8c7bf4fdc8bdc PostcardMentor suffers from a remote SQL injection vulnerability in step1.asp.  
[ gamecms-sql.txt ] c9dcaa13d89a2127407929e51f1b4654 gameCMS Lite version 1.0 suffers from a remote SQL injection vulnerability in index.php.  
[ fipscms-sql.txt ] 7826a169d66eba1519c1d6ce5107704f fips CMS suffers from a blind SQL injection vulnerability in print.asp.  
[ dradis-v1.2.tar.gz ] 481beae4f13e322aad1066ba943aafd4 dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.  
[ frs-lfi.txt ] 47acb3a0171f72d2b509fee8ba79403f The PHP-Fusion module Forum Rank System version 6 suffers from a local file inclusion vulnerability.  
[ USN-610-1.txt ] 77ac0e795794d36deede12c886ccdf18 Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.  
[ USN-609-1.txt ] a3deee4ad320e4a22639ce04c53c56e9 Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.  
[ adobe-print-v2.txt ] b5590bc735cc6ed7a4c5c8923db40f71 A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below. This is an updated advisory.  
[ aap-bypass.txt ] d5e4c5adb0d84a55148b570fa73bccdc Two critical vulnerabilities exist in the javascript API of Adobe Acrobat Professional 7. A remote attacker who successfully exploits these vulnerabilities can execute restricted functions and arbitrary codes on the affected system. Adobe Acrobat Professional version 7.0.9 is affected.  
[ MDVSA-2008-098.txt ] c05d37c906d149b687d05a12d3686dbb Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc.  
[ MDVSA-2008-097.txt ] c4ad65a04bf01fc452431de16f2c99c3 Mandriva Linux Security Advisory - A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code. By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue.  
[ MDVSA-2008-096.txt ] 3a0ea4e3b1b58f64a7459c160c351863 Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.  
[ mvnforum-jsxss.txt ] d933e5590c8fd0d7d111ca4018d116fb mvnForum version 1.1 suffers from a cross site scripting vulnerability.  
[ sphider134-xss.txt ] 029cdd2d90f32d53a5be827a0b7ea5fc The Sphider search engine version 1.3.4 suffers from a cross site scripting vulnerability in search.php.  
[ USN-605-1.txt ] 0b243038ac4bfd44eec2a7fae256dc22 Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges.  
[ USN-608-1.txt ] d59d8585bfa28ce139cf8e4ff1045cad Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code.  
[ USN-607-1.txt ] a268f077c248e418988b3225432e51aa Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.  
[ AD20080506EN.txt ] 93a8a3701807b7809398c4ed10235e20 The Yahoo! Assistant (3721) ActiveX control is susceptible to a remote code execution vulnerability. Versions 3.6 and below are affected.  
[ SE-2008-03.txt ] 75f252427e7c381d010f1b575b551982 PHP versions 5.2.5 and below and 4.4.8 and below suffer from a multibyte shell command escaping bypass vulnerability.  
[ SE-2008-02.txt ] 4b0cca74264389c41d1fdf9224233459 PHP versions 5.2.5 and below and 4.4.8 and below suffer from a weak random number seed vulnerability in GENERATE_SEED().  
[ bugzilla-multi.txt ] 13db085e595afc0bfe20386178dd1ece Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.  
[ phpeasydata-sql.txt ] db0f31cf6606867f7d28653cfbd057d0 PHPEasyData version 1.5.4 suffers from a remote SQL injection vulnerability.  
[ preshopping-sql.txt ] 7e1ab738e24ae0bafb84b2c592643376 Pre Shopping Mall version 1.1 suffers from a SQL injection vulnerability in search.php.  
[ dsa-1570-1.txt ] 7c06871d3debf143c6fa695b70d15b23 Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.  
[ SSRT080056.txt ] 4e4fa75307ce6bdbfef3c384d368693e HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.  
[ SSRT080034.txt ] d484200e5c25c9765700282b3a715e10 HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Netscape Directory Server (NDS). The vulnerability could be used locally to gain extended privileges.  
[ dsa-1554-2.txt ] 23546650cebe54b7719fbd4c9d712eed Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.  
[ dsa-1569-2.txt ] 14da4de45a7965759e35ce4984df344d Debian Security Advisory 1569-2 - The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.  
[ glsa-200805-02.txt ] f5057ea23bcd61d5a2859e06b80048e8 Gentoo Linux Security Advisory GLSA 200805-02 - Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Versions less than 2.11.5.2 are affected.  
[ glsa-200805-01.txt ] fbc502d5bf403437b5eb5c915a78fca3 Gentoo Linux Security Advisory GLSA 200805-01 - Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Versions less than 3.1.7 are affected.  
[ CORE-2008-0129.txt ] cbba5446dc9d1e16b74a4f9c8d3500c9 Core Security Technologies Advisory - A vulnerability was found in Wonderware SuiteLink Service ('slssvc.exe') that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.  
[ novelledir-dos.txt ] f4b9138ab33bcc0fa005c5716816dd0f Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. Details are provided.   
[ novelledir-soap.txt ] bfc87cfd78dc50b27221742df7b7e90f Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface.   
[ samhain-2.4.4.tar.gz ] 6777eb51fb868b543ba846a6fa5f41fd Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris. 
[ deluxebb12-multi.txt ] d4ebf690b0c303e80b85143a1d5028e0 DeluxeBB versions 1.2 and below exploit that demonstrates blind SQL injection, PHP injection, and more.  
[ plash_1.19.orig.tar.gz ] c44d14f2ed27e248cbfd5d148c844c23 Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel. 
[ powereditor-disclose.txt ] 9e67c9ab395de010106ae9def92b0c83 Power Editor version 2.0 suffers from remote file disclosure and edit vulnerabilities.  
[ miniweb-sql.txt ] 7a8625138872d6a89dbcdf25987cc428 Miniweb version 2.0 suffers from a SQL injection vulnerability in index.php.  
[ sitexs-upload.txt ] fe1b69ec3196f1e84a09aa93b95ccde5 SiteXS CMS version 0.1.1 suffers from a shell upload vulnerability.  
[ CORE-2008-0326.txt ] e7ba30ef761ce1c7ccb9bff13ce3e94f Core Security Technologies Advisory - NASA's Common Data Format library suffers from a buffer overflow vulnerability. CDF versions 3.2 and earlier are vulnerable.