http://packetstormsecurity.org/ 20 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0805-exploits/mxsystem-sql.txt MX-System version 2.7.3 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0805-advisories/CORE-2008-0415.txt Core Security Technologies Advisory - The Borland Interbase 2007 database server is vulnerable to an integer overflow when a malformed packet is sent to the default TCP port 3050. The integer overflow can cause a stack overflow, which allows arbitrary code execution with system privileges. Service pack 2 (0.1.0.256) on Solaris and Windows are both vulnerable. http://packetstormsecurity.org/0805-advisories/glsa-200805-19.txt Gentoo Linux Security Advisory GLSA 200805-19 - Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. Versions less than 0.93 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-18.txt Gentoo Linux Security Advisory GLSA 200805-18 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.14 are affected. http://packetstormsecurity.org/0805-advisories/glsa-200805-17.txt Gentoo Linux Security Advisory GLSA 200805-17 - Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Versions less than 5.8.8-r5 are affected. http://packetstormsecurity.org/0805-advisories/dsa-1583-1.txt Debian Security Advisory 1583-1 - Several remote vulnerabilities have been discovered in Gnome PeerCast, the Gnome interface to PeerCast, a P2P audio and video streaming server. Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code. http://packetstormsecurity.org/0805-advisories/dsa-1582-1.txt Debian Security Advisory 1582-1 - Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code. http://packetstormsecurity.org/0805-advisories/dsa-1581-1.txt Debian Security Advisory 1581-1 - Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution. Repeated client hellos may result in a pre-authentication denial of service condition due to a null pointer dereference. Decoding cipher padding with an invalid record length may cause GNUTLS to read memory beyond the end of the received record, leading to a pre-authentication denial of service condition. http://packetstormsecurity.org/0805-exploits/comicshout-sql.txt ComicShout version 2.5 suffers from a remote SQL injection vulnerability in index.php. http://packetstormsecurity.org/0805-exploits/mantis-xssxsrf.txt Mantis Bug Tracker version 1.1.1 suffers from remote code execution, cross site scripting, and cross site request forgery vulnerabilities. http://packetstormsecurity.org/0805-advisories/FICORA-130447.txt CERT-FI Vulnerability Advisory on GnuTLS - GnuTLS versions prior to 2.2.4 suffer from denial of service and buffer overflow vulnerabilities. http://packetstormsecurity.org/0805-exploits/ecms-sql.txt eCMS version 0.4.2 suffers from remote SQL injection and bypass vulnerabilities. http://packetstormsecurity.org/0805-exploits/starsgames-xss.txt Stargames Control Panel versions 4.6.2 and below suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/0805-exploits/appservopen-xss.txt AppServ Open Project versions 2.5.10 and below suffer from a cross site scripting vulnerability. http://packetstormsecurity.org/0805-exploits/entertainment-lfi.txt EntertainmentScript version 1.4.0 local file inclusion exploit that takes advantage of page.php. http://packetstormsecurity.org/0805-exploits/entertainment-sql.txt EntertainmentScript suffers from a remote SQL injection vulnerability in play.php. http://packetstormsecurity.org/0805-advisories/SSRT080056-2.txt HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges. http://packetstormsecurity.org/0805-advisories/SSRT071454.txt HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files. http://packetstormsecurity.org/0805-advisories/SSRT080071.txt HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. http://packetstormsecurity.org/0805-advisories/mtr-overflow.txt Mtr suffers from a local and remote stack overflow vulnerability.