http://packetstormsecurity.org/ 100 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/papers/general/browser_insecurity_iceberg_2008.pdf Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the insecurity iceberg . http://packetstormsecurity.org/0807-advisories/SSRT080039.txt HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). http://packetstormsecurity.org/papers/call_for/25C3-CFP.txt The Call For Papers for the 25th Chaos Communication Congress (25C3) has been announced. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-003.txt Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-002.txt Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability. http://packetstormsecurity.org/0807-advisories/SCANIT-2008-001.txt QNX RTOS phgrafx version 6.3.2 and 6.3.0 suffer from a privilege escalation vulnerability. http://packetstormsecurity.org/0807-exploits/usurdat.zip Proof of concept denial of service exploit for SOLDNER - Secret Wars versions 33724 and below which suffer from an endless loop vulnerability. http://packetstormsecurity.org/0807-advisories/usurdat.txt SOLDNER - Secret Wars versions 33724 and below suffer from an endless loop vulnerability. http://packetstormsecurity.org/0807-advisories/glsa-200807-02.txt Gentoo Linux Security Advisory GLSA 200807-02 - Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Versions less than 3.2.10.1 are affected. http://packetstormsecurity.org/0807-advisories/glsa-200807-01.txt Gentoo Linux Security Advisory GLSA 200807-01 - Multiple integer overflows may allow for Denial of Service. Versions less than 2.4.4-r13 are affected. http://packetstormsecurity.org/0807-exploits/blogparticle-traverse.txt Blog Particle version 8.0 suffers from directory traversal and database credential disclosure vulnerabilities. http://packetstormsecurity.org/0807-exploits/hbr-rfi.txt HIOX Banner Rotator (HBR) version 1.3 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-exploits/0806-exploits.tgz Packet Storm new exploits for June, 2008. http://packetstormsecurity.org/0807-exploits/mambongal-sql.txt The Mambo n-gallery component suffers from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/0807-exploits/psys070-sql.txt pSys version 0.7.0 suffers from a remote SQL injection vulnerability in chatbox.php. http://packetstormsecurity.org/0807-exploits/pivot-disclosure.txt Pivot version 1.40.5 Dreamwind load_template() credential disclosure exploit. http://packetstormsecurity.org/0807-advisories/USN-617-2.txt Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. http://packetstormsecurity.org/0807-exploits/rcm-sql.txt RCM Revision Web Development suffers from a remote SQL injection vulnerability in products.php. http://packetstormsecurity.org/0807-exploits/barenuked-admin.txt BareNuked CMS version 1.1.0 arbitrary add administrator exploit. http://packetstormsecurity.org/0807-exploits/faname10-xss.txt Fa Name version 1.0 suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/0807-exploits/faname10-sql.txt Fa Name version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0807-exploits/rssagg-sql.txt RSS-aggregator version 1.0 suffers from direct administrative access and SQL injection vulnerabilities. http://packetstormsecurity.org/0807-exploits/lul-busybox.c BusyBox local format string exploit. http://packetstormsecurity.org/0807-exploits/openbsdanim-local.txt Local root animated,.. yes animated, exploit for OpenBSD 4.0 that takes advantage of an old vga vulnerability. http://packetstormsecurity.org/0807-exploits/ashop-sql.txt AShop Deluxe version 4.x remote SQL injection exploit that takes advantage of catalogue.php. http://packetstormsecurity.org/0807-exploits/mybloggie-sql.txt myBloggie version 2.1.6 suffers from multiple remote SQL injection vulnerability. http://packetstormsecurity.org/0807-exploits/catviz-sql.txt Catviz version 0.4.0 beta1 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/surgemail-dos.txt Surgemail version 39e-1 post authentication IMAP remote buffer overflow denial of service exploit. http://packetstormsecurity.org/0806-exploits/eshop100-sql.txt eSHOP100 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/dirlist-traverse.txt dirLIST suffers from an arbitrary file download vulnerability. http://packetstormsecurity.org/0806-exploits/singapore-database.txt Singapore version 0.10.1 suffers from directory traversal and database credential exposure vulnerabilities. http://packetstormsecurity.org/UNIX/scanners/pktanon-1.2.0-dev.tar.gz PKtAnon performs network trace anonymization. It is highly configurable and uses anonymization profiles. Anonymization profiles allow for mapping of arbitrary anonymization primitives to protocol attributes, thus providing high flexibility and easy usability. A huge number of anonymization primitives and network protocols are supported and ready to use for online and offline anonymization. http://packetstormsecurity.org/0806-exploits/acmlmboard-sql.txt AcmlmBoard version 1.A2 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/haloloop2.zip Proof of concept exploit for Halo: Combat Evolved versions 1.07 and below which suffer from an endless loop vulnerability. http://packetstormsecurity.org/0806-advisories/haloloop2.txt Halo: Combat Evolved versions 1.07 and below suffer from an endless loop vulnerability. http://packetstormsecurity.org/0806-exploits/stalker39x.zip Proof of concept exploit for S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and below which suffer from multiple buffer overflow vulnerabilities. http://packetstormsecurity.org/0806-advisories/stalker39x.txt S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and below suffer from multiple buffer overflow vulnerabilities. http://packetstormsecurity.org/0806-exploits/seportal-sql.txt SePortal version 2.4 suffers from a remote SQL injection vulnerability in poll.php. http://packetstormsecurity.org/0806-exploits/phpfusionclass-sql.txt The PHP-Fusion classifieds module suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/sebraccms-sql.txt SebracCMS versions 0.4 and below suffer from multiple SQL injection vulnerabilities. http://packetstormsecurity.org/0806-exploits/joomlawebtv-sql.txt Joomla Xe webtv component blind SQL injection exploit. http://packetstormsecurity.org/0806-exploits/joomlabea-sql.txt The Joomla beamospetition component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/obm-sql.txt Online Booking Manager version 2.2 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/joomlajabode-sql.txt The Joomla jabode component suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/0806-advisories/SSRT080063-2.txt HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache with PHP. This vulnerability could be exploited remotely to execute arbitrary code. http://packetstormsecurity.org/0806-advisories/SSRT080075.txt HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code. http://packetstormsecurity.org/0806-exploits/otmanager-cookie.txt OTManager CMS version 2.4 suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0806-exploits/aplus-cookie.txt A+ PHP scripts News Management System suffers from an insecure cookie handling vulnerability. http://packetstormsecurity.org/0806-exploits/poweraward-lfi.txt PowerAward version 1.1.0 RC1 suffers from local file inclusion and cross site scripting vulnerabilities. http://packetstormsecurity.org/papers/call_for/bacom2008-cfp.txt Call for the papers for the first annual BA-Con applied technical security conference has been announced. It will be held in Buenos Aires on September 30th and October 1st, 2008. http://packetstormsecurity.org/0806-exploits/WebUI-dos.rar uTorrent / BitTorrent WebUI HTTP 1.7.7/6.0.1 denial of service exploit. http://packetstormsecurity.org/UNIX/audit/unhide20080519.tgz Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques. http://packetstormsecurity.org/0806-exploits/w1l3d4-sqlxss.txt W1L3D4 Philboard version 1.2 suffers from blind SQL injection and cross site scripting vulnerabilities. http://packetstormsecurity.org/0806-exploits/otmanager-lfixss.txt OTManager CMS version 24a suffers from local file inclusion and cross site scripting vulnerabilities. http://packetstormsecurity.org/0806-exploits/orca-rfi.txt Orca version 2.0 suffers from a remote file inclusion vulnerability in params.php. http://packetstormsecurity.org/0806-exploits/cheatswebsite-sql.txt Cheats Complete Website version 1.1.1 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/drinkswebsite-sql.txt Drinks Complete Website version 2.1.0 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/jokeswebsite-sql.txt Jokes Complete Website version 2.1.3 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/riddle-sql.txt Riddle Complete Website version 1.2.1 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/seagull-upload.txt Seagull PHP Framework version 0.6.4 and below arbitrary file upload exploit. http://packetstormsecurity.org/0806-exploits/phpblaster-lfi.txt phpBlaster CMS version 1.0 RC1 suffers from multiple local file inclusion vulnerabilities. http://packetstormsecurity.org/0806-advisories/MDVSA-2008-124.txt Mandriva Linux Security Advisory - A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library. Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. http://packetstormsecurity.org/0806-advisories/USN-621-1.txt Ubuntu Security Notice 621-1 - Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. http://packetstormsecurity.org/0806-advisories/dsa-1599-1.txt Debian Security Advisory 1599-1 - Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. http://packetstormsecurity.org/0806-exploits/wellyblog-xss.txt WellyBlog Open Source Blog Portal suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/UNIX/IDS/prelude-manager-0.9.13.tar.gz Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. http://packetstormsecurity.org/crypt/misc/strongswan-4.2.4.tar.gz strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. http://packetstormsecurity.org/papers/general/Reverse.Engineering.AntiCracking.Techniques.pdf This paper was written to give a better understanding of the various approaches taken in reverse engineering. It also provides insight into proper software design to protect sensitive data, etc. http://packetstormsecurity.org/0806-exploits/joomlayanc-sql.txt The Joomla YaNC component suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/joomlanetinvoice-sql.txt The Joomla netinvoice component version 1.2.0 SP1 suffers from a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/phpmotion-upload.txt PHPmotion versions 2.0 and below remote shell upload exploit that makes use of update_profile.php. http://packetstormsecurity.org/0806-exploits/firefox3.tar.gz This is a specially crafted JPEG that causes a denial of service resulting in a crash in Firefox 3. http://packetstormsecurity.org/0806-exploits/kroax-sql.txt The PHP-Fusion module Kroax versions 4.42 and below suffer form a SQL injection vulnerability. http://packetstormsecurity.org/0806-exploits/polypager-sqlxss.txt PolyPager versions 1.0rc2 and below suffer from SQL injection and cross site scripting vulnerabilities. http://packetstormsecurity.org/0806-exploits/kellerwebadmin-lfi.txt Keller Web Admin CMS version 0.94 Pro suffers form a local file inclusion vulnerability. http://packetstormsecurity.org/0806-exploits/galmetapost-lfi.txt Galmeta Post CMS version 0.2 suffers from multiple local file inclusion vulnerabilities. http://packetstormsecurity.org/0806-advisories/evolution-dos.txt Evolution version 2.22.2 suffers from a denial of service vulnerability. http://packetstormsecurity.org/0806-advisories/pidgin-dos.txt The Pidgin instant message program version 2.4.1 suffers from a denial of service vulnerability. http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt Rhythmbox MP3 player version 0.11.5 suffers from a denial of service vulnerability. http://packetstormsecurity.org/0806-exploits/theratcms-sqlxss.txt The Rat CMS version Pre-Alpha 2 suffers from SQL injection and cross site scripting vulnerabilities. http://packetstormsecurity.org/0806-exploits/commtouch-xss.txt The Commtouch Anti-Spam Enterprise Gateway solution suffers from a reflected cross site scripting vulnerability. http://packetstormsecurity.org/0806-advisories/USN-620-1.txt Ubuntu Security Notice 620-1 - It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. http://packetstormsecurity.org/0806-exploits/linkara-xss.txt Linkara.com appears to suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/0806-advisories/MDVSA-2008-123.txt Mandriva Linux Security Advisory - Stefan Cornelius discovered two buffer overflows in Imlib's image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code. http://packetstormsecurity.org/0806-exploits/gtalk-inject.txt It appears that Gtalk version 1.0.0.105 suffers from cross site scripting vulnerabilities. http://packetstormsecurity.org/0806-advisories/cisco-sa-20080625-cucm.txt Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Computer Telephony Integration (CTI) Manager service that may cause an interruption in voice services and an authentication bypass vulnerability in the Real-Time Information Server (RIS) Data Collector that may expose information that is useful for reconnaissance. http://packetstormsecurity.org/0806-exploits/munky-lfi.txt mUnky version 0.0.1 suffers from a local file inclusion vulnerability in index.php. http://packetstormsecurity.org/0806-exploits/myphpcms-sql.txt MyPHP CMS version 0.3.1 suffers from a remote SQL injection vulnerability in page.php. http://packetstormsecurity.org/0806-exploits/pagemanagercms-upload.txt Page Manager CMS version 2006-02-04 suffers from a remote arbitrary file vulnerability. http://packetstormsecurity.org/0806-exploits/webdevindo-sql.txt Webdevindo-CMS version 0.1 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0806-exploits/mcguestbook-rfi.txt mcGuestbook version 1.2 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-exploits/idebox-rfi.txt IdeBox suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-advisories/glsa-200806-11.txt Gentoo Linux Security Advisory GLSA 200806-11 - Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.7 are affected. http://packetstormsecurity.org/0806-exploits/evacms-rfi.txt EVA CMS version 2.3.1 suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-advisories/bluemoon-advisory-2008-07.txt A format string vulnerability exists in 5th street and derived clients. http://packetstormsecurity.org/0806-exploits/tokokita-sql.txt Exploit for TOKOKITA which suffers from multiple SQL injection vulnerabilities in barang.php. http://packetstormsecurity.org/0806-exploits/mosxml-lfi.txt MosXML Alpha version 1.x suffers from a remote file inclusion vulnerability. http://packetstormsecurity.org/0806-exploits/jonascms-lfi.txt Jonas CMS version 1.2 suffers from multiple local file inclusion vulnerabilities. http://packetstormsecurity.org/0806-exploits/mamboarticles-sql.txt Mambo Articles component blind SQL injection exploit. http://packetstormsecurity.org/0806-exploits/jokesfunny-sql.txt Jokes and Funny Pics scripts suffers from a remote SQL injection vulnerability.